The first time I heard the term “social engineering,” it wasn’t in the context of cybersecurity, but during Navy training in the late 1980s. I was stationed at Point Loma submarine base in San Diego, where part of the standardized boot camp and duty station training included learning how to identify the original social engineering attempts, live and in-person. In the bars and tattoo parlors surrounding the base, it wasn’t uncommon for people to strike up conversations with the hidden motive of gaining more information about base access. A seemingly friendly stranger might ask, “How do you all get around the rocks right by the barracks?” or “There has to be a back gate! Is that gate always manned?”— many of the same tactics used in modern day social engineering cyberattacks. It was our job to remain vigilant and thwart off these attempts to compromise submarine security, base security and ultimately national security.
Long before cybersecurity and cyberterrorism became mainstream talking points in the U.S., we have been equipping our servicemembers with the skills and mission-driven mindset so desperately needed in cybersecurity. That’s why industry leaders need to make a more concerted effort to hire veterans.
Across the armed forces, we’ve seen an expansion of IT and security roles in response to heightened cyber threats. The U.S. Army, for example, plans to double its cyber workforce in the next decade. Today, there are an abundance of military occupational specialties specific to IT and cyber that offer natural transitions into civilian cybersecurity positions (e.g., CyberOps, Crypto, Cyber Defense, InfoSec, etc.). In fact, an increasing number of servicepeople are leaving for civilian work after gaining cyber training in the military.
Cybersecurity is currently facing 3.4 million vacant positions (and counting), and with 200,000 servicemembers transitioning into civilian life each year, there’s an opportunity for veterans to help fill the skills gap. In many ways, veterans have a better foundational security understanding than those with traditional degrees, given their real-world experience defending national security. It’s up to organizations to not only recognize veterans’ value and transferable skills, but also to be intentional in recruiting and supporting them.
The mission-driven security mindset
When we think of military training’s value in the civilian world, we often think of a mission-driven mindset. In the armed forces, everyone has the same mission, so supervisors put less emphasis on specific skillsets so long as the job gets done. This creates an environment where individuals can leverage their natural skills and develop in areas that most interest them.
In the corporate world, by contrast, people are hired for a skillset: accounting, graphic design, communication, engineering, etc. Most individuals within the organizations focus on their specific area’s goals, performance metrics and recognition. That isn’t a bad thing, but without the foundational one-mission perspective, personal or departmental goals can be siloed or even conflict with one other, and the shared objective gets lost. For example, marketing could overachieve on its metric of success for website visits or ad clicks, but the number of sales or customers for the business doesn’t increase. Marketing might then say, “not my fault, doing my job.” Veterans don’t operate that way. They are trained to focus on the shared mission from the beginning — an indispensable value to embody in early adulthood as you begin your career and develop core professional values.
Like the military, cybersecurity is inherently a mission-driven practice — the mission being to reduce risk and stop bad things from happening to good organizations. Veterans have been sharpened by discipline, meaning that on top of IT and security skills, they also bring to the table a level of adaptability, commitment, resistance to burnout and general security professionalism that empowers them to succeed in quickly evolving, high-stress situations.
Fostering intentional veterans initiatives
Intentionality is paramount in hiring and supporting veterans. As a hiring manager who is a veteran and a woman, I try to ensure we have diverse candidates — in the sense of both traditional diversity and diverse skillsets. At the end of the day, I will always hire the most qualified candidate who is the best fit for a position, but it’s nearly impossible to produce the highest caliber of candidates without prioritizing diversity-focused recruitment.
Oftentimes, unless a veteran has a perfectly polished resume for the civilian world, their valuable experience in the service might be passed over. To compound the problem, veteran candidates don’t always immediately understand how transferable their skills are to a career in cybersecurity. But if companies are intentional in seeking out and uplifting veterans, it isn’t difficult to recruit them. Cybersecurity hiring managers should attend veteran-focused job fairs, join LinkedIn groups like Veteran Mentor Network and The Value of a Veteran, and engage with organizations such as Hire Military and Hire Our Heroes.
Hiring veterans isn’t simply a box to be checked, however, and support shouldn’t stop once veterans arrive for their first day on the job. Organizations can also invest time and effort into veterans-focused employee resource groups (ERGs) to establish community and camaraderie on the back end of the recruitment process. ERGs help foster an intangible feeling of closeness and commonality among members, which is especially important amid remote and hybrid working models. These support systems also provide valuable mentorship as new veterans transition from military to civilian roles.
Intentional veteran-focused efforts and resources can serve as an important recruitment tool for organizations. According to research from Monster, 86% of job seekers believe that a company’s approach to DEI is an important factor when considering an employer. In fact, Gen Z and Millennial candidates say it’s a top value they seek when on the job hunt. As a veteran myself, I always inquire about a company’s veteran recruitment and retention efforts during the interview process because it’s important to me that the organization I work for values and supports our veterans — and many fellow servicemembers feel the same.
It's difficult to quantify how much veterans brings to the table in their civilian roles, but it’s clear that there are several ways their presence in cybersecurity drives business value. From technical skills to the hands-on experience of day-to-day military operations, former servicemembers are exceptionally well-suited for tackling the challenges of private sector cybersecurity. Organizations should look to leverage this largely untapped talent pool with intentionality to produce mission-critical results.