Plaintext: From Military to InfoSec

There are many programs to help people enter the security industry. In this issue of Dark Reading in Plaintext, we explore different career pathways into cybersecurity, especially from the military. Like the newsletter? Share with a friend!

Pathways into Security

There is no one defined path into cybersecurity. Some come up through IT – working in IT roles and then transitioning to security roles. Some come into security after spending time in the compliance and governance side of the business. Some take certification exams to get the baseline skills. Graduate programs, and some undergraduate institutions, are beginning to focus on cybersecurity curriculum to equip their students. Some sign up on crowd-sourced bounty platforms to hone their skills finding vulnerabilities. There really is no “right” way into the industry.

CyCognito’s new CSO Anne Marie Zettlemoyer says that her accounting and business experience “have absolutely helped me design security programs and functions to enable the business because I understand the business. If you’re going to be an enabler to the business, you have to understand the business or otherwise, you’re going to build something that doesn’t work.”

“I speak every business language there is, including risk.”

--Anne Marie Zettlemoyer, CyCognito

Another way into the security world is by way of the military. The importance of paying attention to even the tiniest of details due to potential impact and lives on the line is drilled into every military member," says Carnival CISO Devon Bryan. Bryan is also the co-founder Cyversity (formerly the?International Consortium of Minority Cybersecurity Professionals) There are plenty of service members who held cybersecurity roles while in the military, but the military teaches many skills that can be ported into security careers. [Read more Veterans Explain How Military Service Prepared Them for Cybersecurity Careers]

For example:

• Foreign language training and intelligence training teach the tradecraft behind intelligence collection and analysis, says LookingGlass Cyber Solutions’ Oxana Parsons.
• Veterans have experience working in chaotic situations and making consequential decisions in high-pressure situations, says [redacted] CTO Matt Georgy.
• The skills from serving as operations supervisor, mission control and evaluation supervisor, and head of operations and logistics department in the US Navy are just as critical in security, says Nuspire’s Josh Smith. The roles require “ingestion of data, analyzing what was received, disseminating it to the appropriate parties, and taking action based on the findings,” Smith says.

For some startup founders, serving in the military taught them skills they need to run their own companies:

• The military emphasized accountability culture and the sense of personal responsibility.
• Veterans have experience facing challenges without the advantage of extensive training or preparation. Seldom do you have all the answers, so you learn how to make decisions “off gut and the best information available.”
• Being direct and transparent. The military doesn’t have room for “I wonder what he actually meant,” and that is also the case in a startup.

Sevco Security’s JJ Guy says that while he was in the military, he was in many operational situations that were time-critical and human lives were on the line. This brought an edge of "get it done, make it go, make it work" mindset to achieving an objective. In a tiny startup, while not a life-and-death situation, there is a sense of personal accountability when a team of 10 to 20 people is building something from scratch. [Read more Military Vets Share Lessons That Helped Them Build Infosec Startups]

People First. Bytechek’s founder AJ Yawn says he began to realize the massive importance of compliance testing during his time in the Army’s Signal Corps. Yawn’s military experience has a direct impact on his life as a startup founder: “Courage, an appetite for risk, and a soldier's sense of leading on the job all undergird ByteChek's operations,” writes Carlo Massimo in the Security Pro File for AJ Yawn. “Perhaps ironically, Yawn's military experience also gave him a strong sense of empathy. His philosophy is proudly ‘people first,’ and that applies to his clients as much as to his eight staffers, his investors, and others.”

"Irrespective of branch of service and without regard to rank or station, the military emphasizes the necessity of working hard and with a passion for excellence, which are key for the infosec challenges of today." -Devon Bryan, Cyversity

Hiring managers should consider candidates with military experience. “Take a candidate with no security background who served in the military,” Jamie Tomasello (Bytechek) and Frederick “Flee” Lee (Gusto) write in their joint piece. “They might excel in an incident response analyst or compliance analyst role because their military training prepared them for situational awareness, following processes, executing procedures, and staying cool in escalating conditions.” [Read more Having Trouble Finding Cybersecurity Talent? You Might be the Problem]

Headlines on Tap

• An interview with former Under Secretary of State Keith Krach explores how China Is exporting tech-based authoritarianism
• Russia is using cyberattacks in coordination with its invasion of Ukraine.
• Pres. Biden broadened NSA oversight of national security systems back in January.

Subscribe to receive Dark Reading Weekly every Thursday morning!

On That Note

We just kicked off our July Edge cartoon contest.?Submit your best caption for a chance to win an Amazon gift card