Most civilians cannot fully identify with American military veterans who have served their country in such a noble...
task of protecting our freedom and way of life. While in service, these laudable men and women learn discipline, deference and resolve. Some, who may not have experienced boots on the ground, are afforded the opportunity to serve in other areas. Veterans with military cybersecurity skills, although perhaps lacking a formalized cybersecurity education and training, are becoming a great source to fill the current shortage of skilled cybersecurity professionals.
According to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics, more than 209,000 cybersecurity jobs in the U.S. are unfilled. This represents a 74% increase in postings over the past five years. This demand is expected to grow another 53% through 2018.
Regardless of the training and education of any individual, there are several factors that also need to be considered. Experience, aptitude and focus far outweigh what conventional recruiting efforts seem to purport. Let's look at what veterans with military cybersecurity skills bring to the table.
Military cybersecurity experience
It's not just about what a job candidate knows, it's also about what she has done. Having interviewed thousands of candidates in my 38-year career, I've learned that experience far outweighs knowledge, education or certifications. That does not mean knowledge and certifications are not important. They are essential to demonstrate that foundational requirements are present and understood. Without these, there is no point in having a discussion. But once it has been determined that the person meets these requirements, the next discussion is about experience.
Veterans may not have the education or certifications required for cybersecurity positions currently in demand, but by virtue of the experience they may have gained combating cybersecurity threats and attacks, including administering cybersecurity, many prospective employers are making allowances. If the veteran has security operations center, security administration, security deployment or monitoring experience, employers are especially interested in interviewing these individuals.
Today, new applicants completing formal higher education in cybersecurity or achieving a cybersecurity certification such as CISSP or CISM, usually lack the experience to perform the job in question. Conversely, veterans may lack the education or certifications but bring military cybersecurity experience earned in doing the work with on-the-job training.
Aptitude for cybersecurity
I started my career in 1978 -- not having a CIS degree or training -- by taking an aptitude test. There was one opening in the EDP audit department and two of us were considered for the job. I received a higher score than my colleague, and since then I have never looked back. What I found was that operating systems, networks, databases, security software, application security, system development lifecycle methodologies and documentation was easy for me to understand. I later received formalized training and achieved certifications. However, there are plenty of individuals that have solid academia and certifications but lack an understanding of real-world cybersecurity threats, attacks and remediation efforts to mitigate them.
Veterans performing cybersecurity work for several years would not have gained that experience if they didn't have an aptitude for it. The military is not subject to the same employee rights or legal constraints as those in a civilian industry to remove someone who is not doing the job as expected. Encountering a veteran with three to five years of experience in cybersecurity would get my attention regardless of what certifications or degrees she might hold.
Aptitude allows an employer to predict the potential for success and assess a candidate's strengths and weaknesses. It also helps to determine the right candidate for the job. A skilled interviewer can read aptitude traits but an aptitude test may be required to provide better insight into the candidate's potential to grow and excel in the position. This may be a consideration for veterans if they do not completely meet all the job requirements.
The military inculcates discipline, deference and resolve. Veterans are told once and they will do everything in their power to accomplish the task. They do not hesitate to ask for help if they need it and their willingness to learn is matched to their ability to understand. Deference is an interesting attribute. In the military, there is no democracy. Decisions are not made by consensus, although a commanding officer might find that advantageous at times, but ultimately what management wants is what is done. The veterans respect for authority is motivating to others, but a wise manager will also solicit input that sometimes experience alone will teach. If you assign a task to a veteran, she is determined to complete it and grow from the experience. The focus on their job responsibilities can be uncanny if the employer is fortunate enough to hire the right veteran with these attributes.
There are some challenges that exist in hiring veterans. If the veteran has seen combat, then possible post-traumatic stress disorder or other mental health issues need to be considered. Identifying these challenges and possibly testing for them are difficult during the interview process. It is also unfair to disqualify a veteran just because she has seen combat. If these become issues, they clearly could have an adverse effect on the three attributes previously mentioned -- experience, aptitude and focus. That said, given their commitment to serve and protect our country, I believe we all agree they deserve an opportunity to prove their military cybersecurity skills.
Learn why cybersecurity defense-in-depth needs to learn from military strategies
Find out how to build a cybersecurity action plan
Discover the pros and cons of untraditional security hiring