The number of unfilled cybersecurity positions is increasing at an alarming rate, despite the best efforts of schools and training organizations. The (ISC)², an international nonprofit association for information-security leaders, keeps tabs on the deficit, and its 2018 Cybersecurity Workforce Study report shows a widening of the global cybersecurity workforce gap to nearly three million jobs. Now consider what was estimated in the 2017 (ISC)² press release:

“The Global Information Security Workforce Study finds that the cybersecurity workforce gap is on pace to hit 1.8 million by 2022–a 20-percent increase since 2015.”


SEE: Job description: Security architect (Tech Pro Research)

Another cybersecurity crisis is forming, and it’s one that cyber bad guys are happy about: Lack of experience. Let’s say it’s possible to train enough people in the art of cybersecurity to fill all the job openings–that meets the employment demand, but book learning only gets one so far. It’s a scary proposition to get security experience on the job when an organization’s survival is at stake; plus, cybercriminals do not sit idly by nor rest on their laurels.

Why you should consider hiring ex-military personnel

To stem the rising tide of cybercrime, there is a strong push to militarize cybersecurity. In this 2014 TechRepublic article, I wrote:

“Treating cyberspace like a battlefield is gaining momentum among information-security professionals. Proponents also suggest private organizations adapt military-style strategies to defend their internet presence. One such game plan involves analyzing what Lockheed Martin calls the Cyber Kill Chain. The concept first surfaced in the seminal paper: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (PDF).”

If that’s the case, then wouldn’t it be prudent to enlist veterans who are already trained in cybersecurity and understand the concepts of militarization? “Much of the situational, hands-on experience of veterans translates well to the battlefield of cybersecurity,” writes Brian NeSmith, Forbes contributor and CEO of Arctic Wolf Networks in The Cybersecurity Talent Gap is an Industry Crisis. “Today, many veterans’ programs are promoting opportunities in the industry and providing cybersecurity training and certifications to a growing number of interested veterans.”

SEE: How to build a successful career in cybersecurity (free PDF) (TechRepublic)

Why military personnel make the best cyber defenders

As NeSmith alludes to, there are veteran programs in the US that provide cybersecurity training. Colorado Springs, CO is one area that has all the needed components to make it work. There are multiple military bases located in the Colorado Springs area: US Army’s Fort Carson, Peterson Air Force Base, Schriever Air Force Base, and the United States Air Force Academy. Key elements of the Air Force command structure–Air Force Space Command, North American Aerospace Defense Command, Missile Defense Integration and Operations Center–are also in the Colorado Springs area. All of which indicates there are a lot of cybersecurity experts currently in the military, and even more who live in the area as veterans/civilians.

It is important to consider something else: Military experience in the military is quite different than experience in a civilian job, and if cybersecurity is moving towards militarization that type of experience becomes imperative. Eric Hipkins, CEO of root9B, a provider of cybersecurity products and training, suggests the best defense is a well-informed, thinking, active cyber defender. Hipkins, who also has over 25 years of security and intelligence experience in the military and National Security Agency, adds the availability of people with those qualifications is a big reason why root9B is located in Colorado Springs.

Thinking like an adversary rather than focusing solely on technology requires individuals with specific training, according to root9B CTO Michael Morris, who adds, “Military personnel make the best cyber defenders simply because they have been steeped in fighting adversaries.”

This became very apparent when visiting Schriever Air Force Base. The base is critical for several reasons, including the 50th Space Wing, a component of the Air Force Space Command responsible for the operation and support of 185 Department of Defense satellites including those for GPS. Men and women daily provide space and cyberspace war-fighting capabilities that ensure our safety and security.

An impressive amount of responsibility is bestowed on the base’s personnel–some of whom are no older than their college counterparts. It would be interesting to witness a conversation between a college student who racked up an impressive score on a video game and a young enlisted man or woman whose job is to control one or more of the 20-plus GPS satellites in orbit.

SEE: IT jobs in 2020: A leader’s guide (ZDNet special report) | Download the report as a PDF (TechRepublic)

How the CSCEDC is helping

Colorado Springs Chamber & EDC (CSCEDC) members are aware how valuable service members who are highly trained in cybersecurity are to the local community and to the country. The CSCEDC is developing a website that will make data related to cybersecurity qualifications of transitioning service members available to the public.

A cybersecurity training resource for service members

For service members who are transitioning to civilian life and are interested in increasing their cybersecurity skill set, there are resources available. One option is SecureSet, an immersive, accelerated cybersecurity academy.

SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)

“Veterans will be a key resource for meeting the current shortfall of qualified cybersecurity professionals,” according to this SecureSet press release. “The company’s Cybersecurity Career Program is designed to help active-duty soldiers acquire environment-ready skills by participating in SecureSet’s five-month program which prepares them for civilian careers as security engineers, penetration testers, security consultants or information assurance analysts.”

Ready to go to work

If combining cybersecurity experience with adversary awareness is important, it appears there are a significant number of qualified professionals who could be put to work with a minimal amount of retraining.