Despite some turbulence in the broader tech industry over the past few years, cybersecurity remains a robust career path for tech professionals. CyberSeek finds that the U.S. cyber workforce stands at more than 1.25 million, with an additional 457,000 positions currently listed as open.
Closing that cybersecurity talent gap has been one of the industry’s most difficult tasks. There is, however, a group that can help fill these roles: military veterans. The U.S. Department of Labor finds that about 200,000 men and women leave U.S. military service every year and return to civilian life, creating a significant talent pool.
Military veterans leave active duty with valuable skills (whether those are hard technical skills or so-called “soft skills” such as leadership and communication) that remain crucial to the cybersecurity community and organizations seeking talent to fill numerous roles.
“Veterans possess a wealth of transferable skills that align closely with the demands of a cybersecurity career. The ability to maintain situational awareness, quickly learn on the job, make decisions under pressure, and respond to dynamic challenges are critical attributes that the cybersecurity industry values,” said Callie Guenther, a senior manager for cyber threat research at security firm Critical Start and seven-year U.S. Navy veteran. “Veterans are uniquely positioned to transition into cybersecurity careers, thanks to the technical expertise, problem-solving skills and adaptability developed during their service.”
For many veterans, starting a cybersecurity career can prove difficult, especially as they prepare to leave active duty and seek out opportunities in the private sector—many of which require unique skill sets and at least some background in IT or security.
To help, the U. S. Cybersecurity and Infrastructure Security Agency recently created a website for veterans and current military personnel interested in cyber careers. The site offers advice and information, including job resources, details about cybersecurity certifications, training and education opportunities.
While transitioning from military to civilian life and the private sector is challenging, hiring managers and cyber leaders believe veterans are crucial to closing the security talent gap, even if prospective candidates don’t have all the skills listed on job boards.
“Veterans leaving the service can bring a lot of very needed and very desirable skills to the private sector. I won’t say it’s an easy transition, but given how much of security and cybersecurity architecture is based on military thinking, tactics, policies and procedures, there’s an immediate frame of reference that former servicemembers can tap into,” Rob Hughes, CISO of RSA, recently told Dice. “To stay operational, organizations need security personnel who are equally capable. Knowing that a prospective hire has had experience in minimizing risks and detecting threats, and knowing that they learned those skills in the highest-stakes environments, always makes those prospects stand out.”
For active service members working toward a cybersecurity career, developing the right skills and laying out a plan now can help with the transition. Industry insiders and observers also believe that seeking educational opportunities and expanding a candidate’s knowledge base can make a difference.
Here’s a look at how active military personnel and veterans can start.
Seeking Out Opportunities and Benefits
For veterans like Guenther, one of the best places to start is with one of the U.S. military’s best-known programs: The GI Bill, which can help cover the cost of training and schooling.
Each branch of the military also has programs designed to teach the basics and more advanced aspects of cybersecurity.
In the Navy, for instance, the Credentialing Opportunities Online (COOL) program can cover the cost of these certifications while members are still serving, Guenther added. Outside the military, vets can seek out universities that are designated Centers of Academic Excellence in Cyber Defense (CAE-CD) as well as non-profit organizations such as CyberVetsUSA and Hiring Our Heroes that offer training, mentorship and job placement services.
“Networking is critical when transitioning to a civilian cybersecurity career. Joining veteran-focused organizations like VetSec can connect you with others who have successfully made the leap,” Guenther told Dice. “These networks offer mentorship, career advice and valuable connections in the industry.”
Carving out educational opportunities is also important, whether on active duty or as a veteran. For Danny Pickens, who served in the Marine Corps and Army for 15 years, focusing on secondary education to add to his military skill set is one mistake he would have fixed when he started looking for cyber jobs.
“I was an enlisted member of the Marine Corps, Marine Corps Reserve and Army Reserve over my military career. This allows me to focus on task to output and provides me with great leadership skills I have been able to continue refining in the private sector,” Pickens, who is now director of incident management at Optiv, told Dice. “However, I believe a more formal post-secondary education would have brought great business-minded skills and knowledge. When working in the private sector, you are beholden to budgets and shareholders and have to make decisions that impact a business—and not just system policy. Knowing this would allow for greater career growth for those who are interested in working toward an executive career, rather than remaining a technical practitioner.”
Developing Skills Sets In and Out of the Military
For vets who are either working in IT or cybersecurity during their military career or looking for security work after they leave active service, having the right combination of hard and soft skills is a major asset.
One way to gain the skills needed for cybersecurity work in the private sector is through certifications. Several experts noted that the most sought-after of these include:
- CompTIA Security+ or Network+
- Certified Information Systems Security Professional (CISSP)
- Offensive Security Certified Professional (OSCP)
Combining one or more of these certifications with the skills learned in the military can make a big difference for veterans seeking new job opportunities.
“If you know what civilian cybersecurity job you want to have in the future, I'd focus on the certifications that are necessary for those positions,” John Allison, senior director of federal advisory services at Optiv and ClearShark and 24-year veteran of the Air Force, told Dice. “As for skills, I would say to focus on decision-making in the fog of war. Being able to stay calm and make the correct decisions is a bedrock of military service and will serve any veteran working in cybersecurity on the outside.”
When RSA’s Hughes interviews veterans for potential jobs, he looks for candidates who understand concepts such as identity and access management (IAM), since many private sector firms are moving toward zero trust models and many cyber incidents start with threat actors abusing stolen or compromised identities to move around networks.
“In the private sector, you can have a wider mix of users, customers, contractors, service accounts, machine accounts, devices and more—possibly with less structure, documentation and rigor around their implementation,” Hughes noted. “You need to establish clear controls to manage each device, authenticate every user and manage their access and permissions. Combined, that makes for a significant attack surface for threat actors to target and a valuable area where former servicemembers can contribute and show value to a cybersecurity program.”
Preparing for a Cyber Career Ahead
By laying the ground for developing skills, obtaining certifications, and exploring areas within the military that can translate to the private sector, veterans can position themselves to fill the thousands of open cyber positions available.
For those looking toward the private sector after leaving active duty, it’s important to tailor a resume or CV to how enterprises view the open position.
“When updating your resume, focus on translating military-specific skills into civilian-friendly language,” Guenther noted. “For instance, instead of listing a Navy rating like Cryptologic Technician, describe transferable skills such as managing network monitoring systems, detecting and mitigating threats or responding to security incidents.”
Veterans must also keep in mind that a CISO or other executive seeking to hire military veterans looks for individuals who demonstrate adaptability, a willingness to learn and a strong understanding of the commercial landscape.
These hiring managers value the veteran's inherent leadership qualities, crisis management skills and technical expertise, but also seek evidence of their ability to embrace a less hierarchical structure, make independent decisions, and balance security with business needs, said Bryan Willett, CISO of Lexmark.
“For veterans embarking on this career path, the advice is clear: Highlight your transferable skills, emphasizing your experience in crisis management, leadership, and working with advanced technologies,” Willett told Dice. “Demonstrate your understanding of the commercial environment and your willingness to adapt to a different organizational culture. Be prepared to discuss how you will embrace empowerment and balance security with business needs. By showcasing these qualities, veterans can successfully transition their valuable skills into a rewarding cybersecurity career.”
