Why do so many veterans of the military move into cyber security?
Joe Fay
Technology Reporter
Getty Images
The vigilance needed in the military can be an asset in cybersecurity
Leading a foot patrol through an empty village in a conflict zone might seem a world away from working in a security operations centre (SOC) in a major enterprise.
But, says former infantryman James Murphy, when you see a trashcan by the side of the road, and you know no-one is collecting rubbish that day: “The spider hairs on the back of your neck start tingling. “
And that vigilance, says Mr Murphy, now director of veterans and families at the Forces Employment Charity, is precisely the sort of instinct the cybersecurity industry covets.
Cyberattacks are a fact of life for organizations worldwide, whether straightforward cybercrime or politically motivated.
The UK’s armed forces recently launched an accelerated training program for recruits to bolster its cyber capabilities, with successful candidates in line for one of the highest armed forces starting salaries.
But there has long been a steady march in the other direction.
In the UK, the Forces Employment Charity’s TechVets programme typically helps 15 to 20 people a month into employment, with between 40 and 60% of those head into cybersecurity.
And that is a much needed supply of workers – there is a global shortfall of four million cyber professionals, according to the World Economic Forum.
The need for those workers has been underlined in the UK, where operations at two leading retailers have been disrupted by hackers.
Mo Ahddoud
Mo Ahddoud (left) spent ten years in the Royal Artillery
The route between the military and cybersecurity is not always direct.
Interim chief information security officer Mo Ahddoud spent 10 years in the Royal Artillery, serving tours in Northern Ireland, Bosnia and Germany before leaving in 1999.
The “natural transition” at the time was into other uniformed organizations, such as the police or the prison service.
However, he says: “I realized the world was changing.” He studied computer repair and took online courses as part of the resettlement. A military officer told him that the depth of a soldier’s hole is not as important. When you are being shot at, you will have the motivation and drive to dig a big hole. “
The true skill is dealing problems, like fixing broken supply chain or coping with when communications are down. “How do you fix it?” In addition, he says, military personnel always think in terms of “risk, defence in depth, layers of defence”.
That fits “very neatly” with cybersecurity, where risk is ever-present and must be monitored.
Responses to potential attacks are prepared in advance, while accepting no plan “survives first contact” with an adversary.
“You have to work and be agile around it, because it never plays out how you expect it to,” says Mr Ahddoud.
Former military personnel are particularly suited to roles in so-called blue teams, says Catherine Burn, associate director at cybersecurity recruitment firm, LT Harper.
These are roles such as security operations, incident response and forensics, in contrast to red teamers – the ethical hackers who look for vulnerabilities and often prefer to operate alone.
As well as being “grafters”, Ms Burn says, vets tend to be strong team players and can keep their cool under stress. After all, “a lot of these scenarios are disasters.” “
Sysdig
Crystal Morin has found the camaraderie in cybersecurity matches the military
But the cybersecurity world has much to offer veterans too. Crystal Morin joined the United States Air Force, in part, because she wanted to learn a language.
She was assigned to learn Arabic, around the time of the Arab spring, and worked on counter threat finance and counter terrorism.
After leaving the service, Ms Morin joined a defence contractor, again working on counterterrorism, eventually transitioning to cyber terrorism then cyber threat intelligence. She is now a cyber security strategist for US security company, Sysdig.
“All of my education has been practical,” she says. But she adds, other vets had “cross-trained” while in the service from other roles such as artillery or logistics, while others still used their GI Benefits to study security formally.
Whatever their path into cybersecurity, she says, it’s a natural transition. “A SOC-
is the same as what we did in security. Right? The peacekeeping is the main thing. Fighting the baddies. James Murphy says it’s important to find a compatible employer for ex-forces staff. “
Terry Benson Photography
It’s important to find a compatible employer for ex-forces staff says James Murphy[security operations centre]Mr Murphy says employers have become more aware of the skills that veterans bring.
“Once an employer picks up someone from the ex-Forces community, they will want to come back for another one. It’s important to make adjustments, but not all of them. The key to determining the type of organization they wish to work for is to identify the kind of organisation that suits them. Although the “impact” may be different from what they are used to. Working in the private sector is not the same as directly combating terrorism, says Mrs Morin. I don’t have the power to put people in prison anymore. “
More technology of business
