Craig Hinkley, CEO, WhiteHat Security
The number of noteworthy data breaches across U.S. businesses, government agencies, and other organizations reached 1,300 in 2017, compared to fewer than 200 in 2005, according to the U.S non-profit organization Identity Theft Resource Center. It’s therefore not at all surprising that cyber-intelligence and security expertise is in high demand – so high in fact, that the number of unfilled cybersecurity positions far outweighs the supply of relevant talent. The 2018 Cybersecurity Workforce Study report from (ISC)², an international non-profit association for information security leaders, shows that the global cybersecurity workforce gap is widening to nearly 3 million jobs.
It’s becoming a cybersecurity crisis, caused by lack of expertise to tackle the rising tide of cybercrime. Schools and training organizations are working tirelessly to address the shortfall, but is there another approach that can also be taken to help fill the myriad job vacancies in this sector?
The militarization of cybersecurity
Cyberspace can be likened to a battlefield, filled with unknown threats that could come from anywhere. It therefore makes sense for organizations to consider adapting military-style strategies to defend their digital properties, and who better suited to the role than military veterans, already trained in cybersecurity and who understand the idea of militarization?
In this approach, the best defender is one who is well informed and thinks like an adversary, rather than putting the focus exclusively on technology. This is why ex-military personnel excel in this role, simply because their training and experience is immersed in fighting adversaries.
Yet veterans face a real struggle
But, even though the idea of tackling cyberspace as if it were a battlefield is starting to gain momentum, ex-military employees with relevant cyber expertise are struggling to find appropriate employment in a civilian environment.
According to a 2016 report from the Department of Defense, each year over 200,000 members of the US military change from active-duty positions back to civilian life. It’s not an easy transition, with servicemen and women facing plenty of challenges, including:
1.) Where to source appropriate healthcare for specific issues or disabilities, such as post-traumatic stress disorder
2.) Where to find employment
3.) Appropriate certifications and licensing requirements
4.) How to apply a specific set of skills to a new career choice. Often a member of the military will fill a role that is quite similar to a job in the civilian sector, but the downfall comes when the resume does not describe the role and responsibilities in civilian ‘jargon.’
As a testament to how real the struggle is for ex-military personnel, last year, the Bureau of Labor Statistics counted more than 370,000 unemployed US veterans.
From military expert to cybersecurity pro
The good news is that many organizations and academies already have programs in place tailored specifically to veterans, providing them with cybersecurity training and certifications, mentorship and placement opportunities in the cybersecurity industry.
Chris Presley, a former sergeant who acquired skills in cryptography, communication analysis, and compiling intelligence reports of transmitted messages while in the US Army, found himself unable to find gainful employment post-military. It was only after attending a presentation from California-based application security specialist WhiteHat Security that he realized he could easily put the skills he’d learned while in the army to good use in a cybersecurity job.
The secret to his motivation and enjoyment of the job, according to Presley, comes from what he learned in the military. “I view my job as a game of strategy, in which I am challenged to think like a hacker in order to break through security measures. If there’s a way to bypass filters, I will find it,” he said.
Thanks to WhiteHat’s veterans training and placement program, targeted specifically at ex-military employees with security-focused skills, Presley is now an application security specialist at WhiteHat, testing vulnerabilities in web applications, checking potential weaknesses in systems, user accounts or personal information that could compromise organizational or customer security. Because of the sensitive nature of WhiteHat’s work as ‘ethical hackers’, veterans like Presley are excellent candidates for the company’s training and placement program, which currently has more than 50 openings in San Jose, California, Houston, Texas and Belfast, Ireland. “I’m now well beyond a successful transition from military service to a civilian job, and as I look forward to career growth opportunities in the cybersecurity industry, I often think of my fellow veterans still struggling to identify a productive place in the civilian workforce,” said Presley.
With the projection by the Global Information Security Workforce study that over 1.8 million cybersecurity jobs will go unfilled by 2022, now is the time for organizations to look to military veterans who can help address the severe cybersecurity talent shortage, and in doing so, empower veterans to assimilate back into civilian life and still serve their country.
Craig Hinkley, CEO, WhiteHat Security
Craig Hinkley joined WhiteHat Security as CEO in early 2015, bringing more than 20 years of executive leadership in the technology sector to this role. Craig is driving a customer-centric focus throughout the company and has broadened WhiteHat’s global brand and visibility beyond the application security space and security buyer to the world of the development organization and a DevSecOps approach to application development.
Prior to joining WhiteHat, Craig became a certified Cisco working expert in 1996 and was one of the first 1,200-1,300 people in the world with that qualification. Craig also served as vice president and general manager of the LogLogic business unit for TIBCO Software. In that role, he was responsible for global field sales and operations, client technical services, engineering, research and development, product design, and product management. Before TIBCO, he served as the general manager at Hewlett-Packard for the HP networking business in the Americas.