Organizations are looking to target a wider pool of candidates to fill vacancies in the sector as the cyber skills gap continues to challenge the sector. This includes reskilling workers from other industries, even those unrelated to tech, such as law and finance.
It is being recognized that the technical side of cybersecurity can be taught to those with the right attitude and soft skills, with initiatives like (ISC)2’s Entry-Level Cybersecurity Certification offering career-changers the opportunity to quickly develop the skills to begin a career in the industry.
According to US Department of Labor figures from 2021, military veterans represent 5.6% of the total civilian labor force in the country, representing a sizable group to target for cybersecurity jobs. Moreover, veterans generally have many attributes that make them eminently suitable for this industry, even without experience working with computers. This includes teamwork, discipline, strategy, problem-solving and reacting rapidly to changing threats and circumstances.
Additionally, a career in the modern-day armed forces often provides exposure to a wide range of technical skills. Such skills are similarly crucial in cybersecurity, where fast reactions, problem-solving and adapting to new technologies are often critical in defending against attacks.
As we reach this year’s Veterans Day on November 11, Infosecurity caught up with a military veteran, Chris Weggeman, who has forged a successful career in cybersecurity following retirement from the armed forces. Lieutenant General (Ret.) Weggeman served in the US Air Force, where he led several defense and cyber initiatives, and is now managing director at Deloitte & Touche LLP, where he oversees mission-critical operations within the organization’s Cyber and Strategic Risk portfolio.
Infosecurity Magazine spoke to him about his transition into cybersecurity and how the industry can benefit from ramping up recruitment of the veteran community.
Infosecurity Magazine: How well do the human skills developed from a military career translate into working in cybersecurity?
Chris Weggeman: Very well. The values and professional competencies developed in the military align powerfully with cybersecurity roles and missions in the private sector. Both the military and private sector cyber outfits deliver critical mission outcomes by building and leading high-performing teams, understanding and outmaneuvering adversarys and threats, and constantly managing and mitigating risks – all while living within an ecosystem of perpetual change and rapid innovation.
IM: What value do veterans bring to the cybersecurity industry, both to their organization and to colleagues?
CW: Veterans are imbued with fundamental leadership traits, innate values and demonstrated behaviors which define their quality of character – loyalty, duty, respect, selflessness, honor, integrity and personal courage. One could argue that these traits, and their ability to grow future leaders, are agnostic of industry, be-it cybersecurity or healthcare. At a tactical level for cybersecurity and defense, I believe that veterans bring a seasoned and proven understanding of how to successfully analyze threats and risks to missions and capabilities. They know how to develop and implement highly effective plans for achieving mission success.
IM: What was your own experience of moving into the cyber or industry? Was it more/less difficult than you expected?
CW: I was thrust into cyberspace operations in 2012, as a new Brigadier General. US Air Force Chief of Staff General Mark Welsh informed me that the Air Force needed a proven warfighter to operationalize cyberspace as a warfighting domain across the spectrum of conflict.
I’m not a technologist per se, but I had 25+ years as an F-16 fighter pilot leading and commanding forces and capabilities in conflict across four combat tours. I was tasked with teaching and educating classic air domain warfighters about cyber operations, while simultaneously teaching and educating cyber operators about classic air domain warfighting concepts and doctrine.
Once I realized that the fundamental doctrine and constructs for warfighting and operational maneuver and effects delivery were domain agnostic, my path was clear and readily achievable. I needed to understand cyber capabilities and technology from a military joint functions perspective, not necessarily at the electrical engineering packet level of the technology.
IM: How can veterans be supported in transitioning from a military career to cybersecurity?
CW: In my opinion, transitioning from a military career to cybersecurity is no different than moving from the military to a private sector career in healthcare or maintenance. Veterans need access to opportunities, professional credibility through relevant certifications and/or reciprocity for military-specific training and education. Veterans can also benefit from a network of peers and connectors within each industry and adjacent industries, along with some mentoring and coaching from those who have gone before them about what worked for them, what did not and why.
IM: How can physical defense practices inform stronger cyber defense practices?
CW: The required functions are the same – see, understand, block, maneuver, defend and strike. The existing strategies employed for achieving physical security and defense can be studied for relevance and then translated into cyber-domain-specific missions, functions and tasks. All of these defense constructs, and their intended outcomes, can inform and optimize how we architect, build, secure, operate in and defend cyberspaces.