March 21, 2018
Kay Blough | Security Boulevard
There’s a talent shortage for trained cybersecurity pros, but fertile hunting grounds can be found among veterans preparing to leave military service.
Organizations as diverse as the U.S. Chamber of Commerce, the Department of Homeland Security and the National Initiative for Cybersecurity Careers and Studies promote hiring veterans for jobs in the private sector.
The cybersecurity industry is projecting a staffing shortage of 1.8 million unfilled jobs globally by 2022, according to Forrester Research. And research from Enterprise Strategy Group and the Information Systems Security Association indicates that 45 percent of organizations claim to have a problematic shortage of cybersecurity skills.
Based upon data ESG collected in 2017 from a survey of 343 cybersecurity professionals and ISSA members, the cybersecurity skills crisis is causing a widening business problem.
There’s also a disconnect companies must address: a training gap. ESG found most organizations are not providing the cybersecurity staff with adequate training. While 96 percent of survey respondents agreed that keeping their skill set up to date is a cybersecurity career requirement, only 38 percent of those surveyed believe that their organization is providing an appropriate level of training for them to keep up with business and IT risks. The full survey can be found here.
Proficio, a managed security services provider founded in 2010, moved to the San Diego, California, area, where it’s easier to recruit military talent from Camp Pendleton and Naval Air Station North Island.
About 38 percent of Proficio’s employees are veterans, said Dana Hawkins, Proficio’s director of security services. Hawkins has parlayed skills gained during his eight years of Navy service and three years in the California Air National Guard into a career in cybersecurity.
Hawkins earned an associate’s degree in information security while he was in the Navy, and learned about cybercommunications, radio communications, cryptography and managing secure networks aboard ships. He worked as a contractor after leaving the Navy, learned network engineering and network administration, certified as a Cisco Certified Network Associate and worked for a private company on its network access control product.
The biggest challenge for transitioning veterans will be getting up to speed on newer technologies, Harkins said. “The technology that most soldiers use is three to five years behind their civilian counterparts. But they come from the military with superior management and time-management skills, they’ve learned to deal with difficult people and how to create a team and build a cohesive leadership atmosphere where people want to follow. It’s technical skills versus leadership skills.”
The technology becomes less important when hiring managers consider the life skills, commitment and ability to think on their feet that veterans bring, Hawkins said. “At the end of the day, the person can study and play catch-up and get closer to the technology experience their counterparts on the civilian side will have. But a soldier learns in the first part of their career how to deal with stress and work under pressure.
“It makes them an easy hire,” he continued. “They know the basics, they’re eager to learn and prove their value.” Part of their identity in the military was having a sense of purpose, and working in cybersecurity or anywhere in information technology can offer that chance to protect and serve. “You still get to be the soldier that you were before; now you get to do it in the cyberworld,” Hawkins said.
Information technology jobs in general, such as software developers, project management and program managers, are often a good fit for former military, along with cybersecurity jobs specifically, he said.
There are a number of initiatives to help transitioning veterans decide if a cybersecurity career fits their background and interests, among them the Veterans Cybersecurity Training and Education Guide put out by the National Initiative for Cybersecurity Careers and Studies through the Department of Homeland Security.
The Department of Defense offers training programs to help service members more easily transition to civilian careers starting up to six months prior to their leaving the service if there’s a high chance of employment and the training is offered at little cost. Its SkillBridge programs work with companies and trade unions to place veterans.
A fellowship program of the U.S. Chamber of Commerce that was developed based on SkillBridge criteria and is now run by Hiring Our Heroes, a 501(c) (3) nonprofit, connects former military leaders with management-level corporate positions. The program operates with more than 150 companies nationwide at 12 sites. According to the chamber’s blog, more than 500 fellows have graduated since the program’s inception in 2015 and there’s an 80 percent hire rate.
Another nonprofit, TrainOurTroops, works to train service members and their spouses on in-demand skills so they can get higher quality civilian jobs.
Theresa Payton, president and CEO of Fortalice Solutions, a security, fraud and risk consulting company, supports looking outside the box when hiring. She zeroes in on what she calls “creative problem solvers.” Payton comes from a financial services background and was a former CIO at the White House under President George W. Bush.
“For example, I’ve got some former U.S. military who weren’t cybersecurity people but they had critical-thinking skills, an insatiable desire to learn and some technical skills, so with some training they become really good cyber people,” she said.
A former network administrator told Payton she was puzzled that she was being interviewed for a cybersecurity job. “I can teach you that,” Payton said she told the job candidate. “You already know how to build networks and how to manage networks. I need you to take that knowledge and learn cyber. You’re going to be a great defender of networks and help network engineers think differently because your eyes will be open and you would have built things differently. You’re going to know where the blind spots are.”
Don’t just chase the same resumes, she urged. A lot of skills are transferable, and workers can be retrained and refocused to meet a company’s job needs.
“Not only will you fill these job openings you have perpetually open,” Payton said, “but as CISO you will now have this talented and diverse staff who are creative problem-solvers who you can delegate to, who you can lean on to get things done.”