Why so many military veterans move into cybersecurity

Leading a foot patrol through an empty village in a conflict zone might seem a world away from working in a security operations centre (SOC) in a major enterprise.

But, says former infantryman James Murphy, when you see a trashcan by the side of the road, and you know no-one is collecting rubbish that day: “The spider hairs on the back of your neck start tingling.”

And that vigilance, says Mr Murphy, now director of veterans and families at the Forces Employment Charity, is precisely the sort of instinct the cybersecurity industry covets.

Cyberattacks are a fact of life for organizations worldwide, whether straightforward cybercrime or politically motivated.

The UK’s armed forces recently launched an accelerated training program for recruits to bolster its cyber capabilities, with successful candidates in line for one of the highest armed forces starting salaries.

But there has long been a steady march in the other direction.

In the UK, the Forces Employment Charity’s TechVets programme typically helps 15 to 20 people a month into employment, with between 40 and 60% of those head into cybersecurity.

And that is a much needed supply of workers – there is a global shortfall of four million cyber professionals, according to the World Economic Forum.

The need for those workers has been underlined in the UK, where operations at two leading retailers have been disrupted by hackers.

The route between the military and cybersecurity is not always direct.

Interim chief information security officer Mo Ahddoud spent 10 years in the Royal Artillery, serving tours in Northern Ireland, Bosnia and Germany before leaving in 1999.

The “natural transition” at the time was into other uniformed organizations, such as the police or the prison service.

However, he says: “I realized the world was changing.” As part of his resettlement process, he took online courses in computer applications, then studied PC repair.

From there he moved into support desk work, and found his way into cyber security, with organizations such as BAE Systems and Universal Studios.

Mr Ahddoud’s military training has always informed his approach to cybersecurity. He recalls being told by an officer, that it’s not so important how deep a solider can dig. “When you’re being fired on, you’ll have the motivation to dig a really big hole.”

The real skill is dealing with problems, such as fixing broken supply chains, or coping when communications go down.

“That mindset was always around the process. How do you fix it?” In addition, he says, military personnel always think in terms of “risk, defence in depth, layers of defence”.

That fits “very neatly” with cybersecurity, where risk is ever-present and must be monitored.

Responses to potential attacks are prepared in advance, while accepting no plan “survives first contact” with an adversary.

“You have to work and be agile around it, because it never plays out how you expect it to,” says Mr Ahddoud.

Former military personnel are particularly suited to roles in so-called blue teams, says Catherine Burn, associate director at cybersecurity recruitment firm, LT Harper.

These are roles such as security operations, incident response and forensics, in contrast to red teamers – the ethical hackers who look for vulnerabilities and often prefer to operate alone.

As well as being “grafters”, Ms Burn says, vets tend to be strong team players and can keep their cool under stress. Afterall: “A lot of these situations are disasters.”

But the cybersecurity world has much to offer veterans too. Crystal Morin joined the United States Air Force, in part, because she wanted to learn a language.

She was assigned to learn Arabic, around the time of the Arab spring, and worked on counter threat finance and counter terrorism.

After leaving the service, Ms Morin joined a defence contractor, again working on counterterrorism, eventually transitioning to cyber terrorism then cyber threat intelligence. She’s now a cybersecurity strategist at US security firm, Sysdig.

“All of my training has been hands on,” she says. But she adds, other vets had “cross-trained” while in the service from other roles such as artillery or logistics, while others still used their GI Benefits to study security formally.

Whatever their path into cybersecurity, she says, it’s a natural transition. “A SOC [security operations centre] is exactly the same as the security fields we were working in. The adrenaline, the problem solving, right? It’s the keeping the peace. Fighting the bad guys.”

But, Mrs Morin adds, “The camaraderie is exactly like the military, the busy weeks, the quiet weeks, the jokes that nobody gets unless you’ve been there done that…It’s just a really tight knit community.”

Mr Murphy says employers have become more aware of the skills that veterans bring.

“Once an employer picks up someone from the ex-Forces community, they will want to come back for another one.”

That’s not to say some adjustments aren’t necessary. Onboarding processes can vary between organizations, while a lack of standardization and job titles can be a contrast with the highly organized military world.

The key is pinpointing the sort of organisation they want to work in, Mr Murphy says.

“Where you get up in the morning and you’re already looking forward to going to work, and you’re working in a team where you feel you belong, where you feel you’re having an impact.”

Although the nature of the “impact” might be different to what they’re used to. As Mrs Morin says, working in the private world is different to directly tackling terrorism.

“I do miss being able to take down the bad guys and defend the world… I can’t so much put folks in jail anymore.”