By Rick McElroy
As a former United States Marine I believe veterans can be instrumental in helping to close the growing cybersecurity skills and people gap. My own story reveals how a military background can provide the perfect foundation for a successful career in infosec.
I come from a family of veterans. Every generation of both my mother and my father’s families since WWI served in the armed forces, and I currently have family deployed around the globe. My own military adventure started early: I raised my right hand to enlist in the Marine Corps on my 17th birthday.
Growing up, I always loved technology. I still remember taking apart an Atari to figure out how it worked. During high school I was part of a program called NORSTAR; we worked with robots and computers, and the ultimate honor for a tech guy, we got to partner with NASA! My passion for serving my country and pursuing technology came together in a truly satisfying way shortly after my enlistment: The experiment I worked on with NORSTAR was launched into space aboard the Space Shuttle Discovery at the same time I launched my military career in boot camp.
Once in the Corps I was a grunt. A heavy machine gunner to be exact, but I was also a member of Marine Security Forces. We shot things, we blew things up, and walked and ran a lot. I didn’t have much polish. I was brash, smart, motivated, and hungry. I wanted to see the world and I did.
We didn’t have a whole lot of tech in the grunts back then. Just the basics. Some guys had PCs, and the Corps was using Banyan Vines and WordPerfect. I tried to transfer to a tech MOS (job in Marine Speak), but there were so few available at the time I realized that if I wanted a job in IT, I was going to have to transition to civilian life.
I went to school at Coleman University, a small school catering to preparation for careers in Information Technology. During my time at Coleman I had already begun to rack up experience anyway I could. You needed cables made? I did that. Bare bones server builds? Done. All I cared about was learning and gaining experience (an approach I have continued over the years, gaining new skills and certifications whenever possible).
So I worked hard, graduated from Coleman, and had a job within a month of looking. It was at a small value added reseller in town. The great benefits for me were the number of pieces of technology I was able to get my hands on and the team I got to work with. They had hired an amazingly talented bunch of security experts – names that would make hackers, past and present, shudder in fear. I learned about the tools and techniques used to break into systems, but also the language to explain security vulnerabilities in a way that would motivate businesses to take action in solving their problems.
The word “cybersecurity” wasn’t even in use when I got started. Data Protection, Information Assurance, Internet Security, Network Security, Information Security – those were some of the terms used at the time, but only people in the field would have recognized them since the field was largely unknown to the general public back then. Not so today, of course. I was in the right place at the right time, watching the explosion in IT, and therefore IT security, from an insider’s perspective.
Over the course of my 17 years in the field, I’ve interviewed, hired, fired, promoted, coached, and worked shoulder-to-shoulder with a lot of veterans. Veterans have qualities, earned from their experience in the Armed Services, that make them invaluable to the modern cybersecurity workforce.
We are trainable. In the military you always train. You always seek out new skills to make yourself better at your job. Military culture is founded on education, constantly pushing its members to drive themselves toward greater mastery, regardless of what it is they’re studying.
We take pride in our work. I can’t stress this enough. Taking pride in your brand and work product is something veterans excel at.
We Execute. This is a much-needed skill in a world where things get debated too heavily. After the decision is made, it’s time to move – and veterans like achieving goals and delivering. We understand the bigger picture and the roles we play in accomplishing professional objectives. We are also hungry to take on challenges and leadership roles.
We are mentally resilient and creative. Veterans are placed in challenging situations on a regular basis. We adapt, overcome, and improvise. A career in cybersecurity is full of surprises. Budgets get cut. Resources come and go. Technology changes over time. The adversaries change. A military background equips veterans with the ability to adapt in an IT world that is constantly changing.
We are loyal. Veterans have had some of the deepest relationships they will ever have with other people while in the military, and they are eager to experience that same bonding in their professional work. For a good team, veterans will go above and beyond.
We are used to process, and lots of it. Following protocols and maintaining discipline are how you ensure safety and success in the military. Ask a pilot how many check boxes he has to tick before taking off from a carrier? Ask a grunt how to properly wire a cutting charge? For the cook, how do you prepare a meal for thousands of troops? In Marine boot camp there was even a “process” and proper way to put pants on. The method for all of these is process and practice. We understand that it saves lives in the military. It’s easy to translate that into cyber.
We are grateful. Jobs these days are nothing like the military in the extra perks and comforts they offer. Casual dress day? Free bagel Fridays? These are huge morale boosts for a veteran.
We call it like we see it and have a good sense of humor. This helps put things in perspective for other employees being challenged by tasks at work. It also helps keep leadership informed of the real issues. Almost every veteran has had to supervise, manage and/or lead an effort before getting out of the service. This is helpful in the cybersecurity world, in which it can feel like new things are constantly being demanded of you. If you want a real answer or to know what someone really thinks, go ask a vet. Other employees may hesitate or not share. I promise you, veterans are straight, direct, and to the point.
We don’t whine a whole lot. Even the worst day in cybersecurity pales in comparison to the worst day in the service. We roll with the punches and keep moving. I’ve seen this rub off on other employees. It helps the team focus on the task at hand, and not on all the nonessential drama that goes along with it.
I encourage veterans who have an aptitude for IT work to consider a career in cybersecurity.
It’s certainly been an interesting, wild, and extremely fun career for me. There are more resources than ever to help you transition from the military to InfoSec, including education, internships, and mentoring.
Your background makes you a powerful resource in an industry requiring diversity in its workforce – and the industry is finally catching on that it is to its own great benefit to recruit veterans, as evidenced by programs such as those promoted by DHS and Hire Our Heroes. In the military, your service protected America’s freedom and way of life. Though your duties and personal risk will differ in cybersecurity, your job description will remain the same. We have an immense and critical mission. Cybersecurity is truly a national security issue at all levels, and as I say all the time, our army isn’t big enough. So much like that recruiter you talked to when you went in, I want to enlist you in our cyber army. Your nation needs you more now than even when I started. If you look at the scoreboard, we are losing, and I would like to see that change before I decide to hang up my fedora. Most of you will have a GI BILL to use when you get out, so why not use it to earn a degree in cybersecurity?
And to the movers and shakers of the cybersecurity industry, in honor of Veteran’s Day, consider that a veteran might not hit all the checkboxes on the job description, but the unique traits he or she brings to the table will pay off immensely in the long run.
About Rick McElroy
Rick McElroy, security strategist for Carbon Black, has more than 17 years of information security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. He has performed services for the U.S. Department of Defense, and has held positions in several industries, including: retail, insurance, entertainment, cloud-computing, and higher education.