November 29, 2023
The 5×5—Veteran perspectives on cyber workforce development
On November 3, the Atlantic Council’s Cyber Statecraft Initiative hosted “Joining forces: Veteran perspectives on cyber and tech workforce development” to discuss transitioning veterans interested in careers in cybersecurity and cyber policy. The veteran community is diverse but the transition out of uniform to civilian work is a well-recognized and widely challenging shift, both for servicemembers and their families.
In July 2023, the Biden administration released the National Cyber Workforce and Education Strategy, aimed at developing and maintaining the United States’ cybersecurity advantage through a skilled workforce. The Strategy highlights the importance of attracting veterans to careers in cybersecurity, given that the community is comprised of “diverse, and technologically skilled … people who have served the country and are committed to mission success.” Enhancing career pathways for servicemembers and the veteran community to join the cyber workforce can go a long way toward both meeting the urgent demand for cyber talent while providing job opportunities to those aspiring to meaningful careers beyond the military.
To continue these conversations, and in honor of National Military Veterans and Families Month, we brought together a group of veterans to discuss their own transitions from the military to the cyber workforce and suggest ways to improve the process for others.
#1 What are the barriers to entry for veterans seeking careers in cybersecurity? What is one way for hiring managers to overcome or mitigate them?
Nicholas Andersen, nonresident senior fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council; chief operating officer, Invictus International Consulting; former US Marine Corps:
“A typical barrier for veterans seeking a career in this field is that hiring managers may not be familiar with the missions throughout the military cyber community; they may only focus on experiences that are like those of typical applicants. We sometimes see the same challenges with traditional pathways to technology jobs, where managers are more inclined to hire applicants with degrees. Hiring managers need to shift their thinking from traditional qualification to focusing on competencies. Hiring managers should be thinking about how they can find the most competent people to fill these critical roles within their companies and what skills do they need to have?”
Cait Conley, senior advisor to the director, Cybersecurity and Infrastructure Security Agency; former US Army:
“Leaving the military and starting a new career either in the private sector or in federal or state government can be an intimidating (and outright confusing) process, especially if the military has been the servicemember’s only career experience. Hiring managers and leaders can make a huge difference here. They can show incoming veteran teammates that joining the team not only matters but is a priority. They can put in extra time to explain the application process and help veterans seeking to join their team navigate any questions or challenges that may come up during the process.”
Steve Luczynski, senior manager, Accenture Federal Services; chairman of the board, Aerospace Village; former US Air Force:
“One challenge that is not necessarily specific to cybersecurity is translating military experience to corporate roles, especially when cybersecurity job descriptions often have a difficult time adequately capturing the nature of the work to be done. Hiring managers and human resources teams would benefit from ensuring that they have someone on their teams, or easily accessible, to read resumes and provide explanations for military roles. I know servicemembers invest significant effort in attempting to remove jargon from their resumes, but that additional perspective from someone who shares their background ensures valuable skills are not lost simply because of an imperfect resume.”
Brandon Pugh, director, cybersecurity and emerging threats, R Street Institute; US Army:
“The transition for servicemembers into most civilian career fields presents challenges, and cybersecurity is no exception. It is imperative for servicemembers and veterans to learn from and network with those who have successfully transitioned before them and with those who are working in the field already. Hiring managers play a key role and should strive to proactively create a culture internally of hiring and supporting veterans, including linking job seekers to veterans at their organizations. I can attest firsthand that many individuals in the cyber field are willing to be a resource, and veterans should seek mentors early on in their job search.”
Maggie Smith, nonresident senior fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council; director, Cyber Project, Irregular Warfare Initiative; US Army:
“A major barrier for many veterans is higher education and credentialing. While the military provides funding opportunities to pursue a degree while serving, access to those opportunities is often difficult—operational tempo, field training requirements, and other time constraints often prevent or deter a servicemember from taking classes. Additionally, most civilian certification opportunities are based on work role, meaning servicemembers who are not in cyber-related career fields are unlikely to encounter opportunities to earn credentials unless they pursue them on their own time—which, as discussed above, is often unpredictable and in short supply! I have encountered lots of soldiers in non-cyber military occupational specialties with an affinity for computers, networking, and technology but their lack of job experience in a cyber field, lack of any credentials, and a high school diploma prevent them from pursuing cybersecurity as a career. Expanding apprenticeship programs and revisiting job application requirements, as not all roles require a four-year degree, could get more veterans into cybersecurity.”
#2 What kinds of military activities provide relevant experience for cybersecurity roles?
Andersen: “I have seen plenty of non-technical veterans who transitioned to technical fields after they left active duty, but those with experience in cybersecurity, information technology, and intelligence make up the majority of the people in these roles. Servicemembers should take full advantage of tuition assistance and local technology training classes while they are still in the military! This does not cost them anything but time and can lead to any servicemember transitioning into a technology role if that is his or her desire.”
Conley: “Today, technology is a fundamental factor in warfare. Regardless of branch, military experience provides critical thinking and risk management skills essential to succeeding in any cybersecurity role. From day one of basic training, servicemembers learn how to identify, assess, and manage risk—a foundational mental model for cybersecurity professionals. Servicemembers also learn how to lead teams under stressful conditions in operating environments where technical tools are as integral as the humans themselves. Servicemembers, sometimes without even realizing it, have experienced the operational integration of a myriad of technologies from communication platforms and electronic warfare sensors to satellite systems and machine learning data aggregation tools. Those perspectives can provide unique insights into understanding and mitigating risk in changing environments.”
Luczynski: “Cybersecurity is comprised of a wide array of specializations in which high-level, broad governance and policy skills are more valuable in some domains than the deeply technical skills required in other domains. Security teams combining these diverse skillsets share the common need to prepare and then practice implementing response plans, which occurs often in the military. The ability to train in this manner, especially where open and honest after-action sessions can occur, is highly relevant and valuable in most cybersecurity roles.”
Pugh: “Direct cyber experience while in uniform is very helpful when looking to transition to cyber roles in the civilian workforce, and servicemembers can have experiences that civilians do not from their service. It is important to realize, however, that individuals who have served in different fields are still valuable in cybersecurity, especially because servicemembers often are good at handling competing demands in high stress environments, are educated and/or have practical experience in professional settings, and often have security clearances already. These can all be beneficial in the cybersecurity field.”
Smith: “This is a tricky question because it changes from service to service and, I would argue, every servicemember has a cybersecurity role to play! My own experience in the Army started when I enlisted in the Signal Corps and, later, I commissioned as an intelligence officer before becoming a cyber officer when the Army created the branch in 2014. I consider those three branches the Army’s trifecta—each has work roles that will result in an attractive resume. However, within every branch, there are opportunities to gain skills that technology companies and cybersecurity firms want: leadership, multi-tasking, curiosity, and mental agility. I think the challenge that many veterans face is translating their experience for the private sector so that companies can see their potential impact.”
#3 What are some positive US government initiatives to assist veterans in entering the cyber workforce? Where is one place for the US government to improve on this front?
Andersen: “Number one on the list must be the Department of Defense’s (DOD) SkillBridge Program, which is unmatched for the opportunities it provides to get firsthand experience with companies and have the military safety net while servicemembers consider their next career move. The generic Transition Assistance Program will not prepare servicemembers to exit the military successfully. The government needs to focus more on transitioning back to civilian life as a simple acknowledgement that the military is still part of regular society. Educating oneself, building savings, and addressing health needs are not tasks to begin at the end of a period of service. Those are tasks that are critical to making certain that our servicemembers return to civilian life ready to lead within communities and contribute to a different mission.”
Conley: “While there is always room for improvement, I am incredibly proud of the work that the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security have done to promote cybersecurity learning for the veteran community. One of the most impactful ways that CISA contributes to helping transitioning veterans is by operating and maintaining the National Initiative for Cybersecurity Careers and Studies (NICCS), an online training initiative and portal. NICCS offers over eight-hundred and fifty hours of course content on a variety of important cybersecurity topics such as cloud security, ethical hacking and surveillance, risk management, malware analysis, and more. While it does not come with any formal cybersecurity certification, it does provide critical knowledge and insight for veterans to feel confident about their foundational understanding of cybersecurity.”
Luczynski: “The DOD’s SkillBridge career transition program is an incredible partnership between industry and servicemembers of all ranks and experience levels as they transition out of the military. In short, it is an internship where servicemembers can experience working outside the military as they look for their next role. Continuing to improve awareness among servicemembers about these opportunities and increase the industry participants will ensure that this program is a continued success.”
Pugh: “Over time, the military has put more emphasis on assisting servicemembers with their transitions, including facilitating opportunities for them to work with industry and to pursue cyber certifications while in uniform. One challenge is that there are many programs and opportunities to assist with transition run by the government, nonprofit organizations, and industry. Knowledge of these programs and knowing where to start is not always straightforward, which is one area in which the government and military can do better.”
Smith: “The new-ish Skillbridge program provides transitioning servicemembers with a chance to gain civilian work experience—any field, not just cybersecurity—through industry training, apprenticeships, or internships over their last one-hundred eighty days of service. Frankly, I am looking forward to taking advantage of this program when I retire in a couple years; it is a chance to spread my wings and test out a company or try something completely new. Even with Skillbridge, I think the military can do more. The Army is experimenting with a pilot program to allow soldiers to submit their retirement paperwork two full years before their anticipated end of service. That allows soldiers more time to plan for their life in retirement, but it is difficult to provide the same timeline for soldiers leaving service before they hit twenty years. Focusing on mid-career transitions and providing junior enlisted members with additional resources, such as career counseling, college counseling and application assistance, Department of Veterans Affairs, and financial benefits courses, could lead to better outcomes for veterans.”
More from the Cyber Statecraft Initiative:
#4 What is the biggest mistake you made (or avoided) in preparing for your transition from the military?
Andersen: “The biggest mistake that I made was focusing on my own transition out of the Marine Corps as a series of boxes to be checked. Successfully entering the civilian workplace was highly dependent on networking and having a support system of people who have previously done it themselves. I almost ignored this critical piece for too long.”
Conley: “I know a lot of veterans out there who struggle to find the same level of fulfillment in their career after the military, which sometimes leads them to question leaving the military in the first place. For me, after two decades in uniform with numerous deployments and over a decade in the special operations community, this was an important consideration when I looked at my next career choice. I knew that being part of a team with a mission focused on service and defending the Homeland was a necessity for me. That clarity helped me identify the best path forward for this new stage in my career. That is why I chose CISA. I know that I am not the only one either—veterans make up 40 percent of CISA’s workforce. Every day of my professional career—in or out of uniform—I have been excited to go to work because I know what I am doing makes a difference.”
Luczynski: “I tended to focus on my role at the time and short-term goals. Shifting to a longer-term approach and investing the time to consider my options gave me the benefit of having more time to prepare. I developed a better understanding of where my experience could be best applied while fulfilling my family and personal goals.”
Pugh: “I have been fortunate to serve in the military and now I am an active-duty military spouse. Before becoming a military spouse, I did not fully appreciate the unique employment challenges that military families face from their spouse’s military career caused by frequent moves and/or living in locations without the right job prospects. However, there are many opportunities for military spouses in cyber and many resources are available for them as well, along with some that are geared specifically toward spouses.”
Smith: “So… I have less than one thousand days until I will retire so at this stage, my mistakes are still in the future! However, what I am doing now is working with a mentor to work towards retirement milestones, identify people, jobs, and work roles that I find interesting, and really think through my transition. My mentor currently has me reaching out to people to conduct information interviews to talk to them about their careers, gather information about their company, and things like that. I have also prioritized doing things like this 5×5 because I want to keep academia’s door open to me, and remaining engaged in research will benefit me in the long run. I know I will make mistakes, but I am working hard on my transition plan in the hopes that I can mitigate risk and identify hazards before it turns into a dumpster fire!”
#5 What is the most important piece of advice you would share with a veteran interested in entering a career in cybersecurity or cyber policy?
Andersen: “This is a field that is constantly shifting and no one expert can sit on their laurels hoping that they will still be relevant in a few years’ time. Find a group of likeminded people that will push you to grow, and you will be surprised by how many rewarding experiences come your way. And if you are heading back to school using your GI Bill, make sure to join your local Cyber 9/12 Strategy Challenge team!”
Conley: “Recognize and own your value. Military service has taught you to be a good teammate, put mission first, and always remember that values matter. This combination of grit, selflessness, and reliability are rare qualities—and invaluable assets for any high performing security team. Be proud of your service history and look forward to what more good you can do!”
Luczynski: “Do not be afraid to ask for help! Reach out to your former supervisors and subordinates to learn what they do and what roles are available, review your resume, or help you grow your network. It does not matter that you have not spoken in a long time; that is understandable and easily fixed. I strive to put in as much energy toward helping folks now as so many did to help me during my own departure from the Air Force.”
Pugh: “There are many paths one can take within the cyber field. Too often people think opportunities within cybersecurity are very technical and that a technical background is essential. While those roles exist and are needed, there are many other ways to work in the cyber field, including in policy, law, and education, among many others.”
Smith: “I love this question because it presents the chance for me to champion the need for cybersecurity professionals with public policy experience and vice versa! I am a public policy nerd that happens to work in cyber—I started my Army career in an electronic maintenance shop repairing radios and later found myself getting my PhD in public policy as a cyber officer. One of my former students is currently doing a master’s degree at the Massachusetts Institute of Technology in technology and public policy—a match made in heaven! People often say that cybersecurity is a team sport, and I understand ‘team’ (and you will be hard pressed to convince me otherwise) as a multidisciplinary team, comprised of individuals with diverse backgrounds and skillsets coming together to craft a security strategy. Because humans are the ones who use technology, cybersecurity can never be just a technical field! However, cyber policy can never be just public policy. Just as cyberspace is the only domain of warfare that is totally dependent upon and spans the other domains of warfare (maritime, land, air, space) to exist, cyber policy is the only domain of policy that spans all other public policy domains (e.g., healthcare, education, transportation). Understanding of how technology works and its role in society is critical to crafting useful cyber policy.”
Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.
The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.