The ongoing battle against cybercrime requires a new generation of skilled professionals. Since the cybersecurity skills shortage is expected to reach 1.8 million unfilled positions by 2022, these professionals are in high demand.

IBM is taking a new collar approach to filling these positions by concentrating on skills and experience rather than formal education and degrees. In particular, the company’s efforts to hire 2,000 U.S. military veterans to launch new collar careers over the next four years is putting experienced military personnel where they are needed most: on cybersecurity teams.

Education Beyond the Classroom

Military experience includes intensive education on specific jobs, but it goes far beyond the typical classroom learning experience most colleges provide. That’s part of the reason the new collar approach looks past the traditional requirement of a college degree that most employers want.

Bob Stasio, program director, threat hunting at IBM Security, was assigned to command an Army company at the National Security Agency (NSA) that was working on cybersecurity. “For some cyber jobs where I worked, a soldier would have to go through nearly three years of training before they touched a real keyboard,” Stasio explained. “The private sector generally wants people to be hired fully trained and then further training is on your own.” That kind of investment in training can’t be matched in the corporate or collegiate environment.

Cybersecurity positions need more than technical prowess when intrusions threaten the safety of networks and the data they handle. Nick Bradley, practice lead for IBM’s X-Force Threat Research Group, emphasized the advantage he gained from his military service.

“As you move up in the command structure in the military, you gain leadership skills because leadership is built into the job and the training,” he said. Bradley’s training and experience enabled him to rise through the ranks in his civilian career. As he put it, “It was only a few years after I began my civilian career before I moved up to a management position. That all came from my military experience in leadership.”

Applying Military Experience to the SOC

Enterprise jobs present different opportunities and challenges for those with previous military careers. The situations encountered in the military allow veterans to apply their experience to enterprise environments that truly need their help.

“Enterprise organizations today essentially face this same dire threat from hackers,” said Stasio. “They essentially have to fight a war on their networks.”

Stasio worked in tactical operations centers (TOCs) and found that they were very effective at fighting protracted conflicts. He brought that experience to his work at IBM. “My understanding of how to build and run these operations centers has been invaluable to transfer into the SOC environment,” he said.

For some, the change from military to civilian enterprise means a move from a smaller-scale environment to one that spans the globe. While it may seem like the military works around the world, most assignments are limited to smaller, more local environments. “I joined IBM to work at a global scale with even more data than I had access to in previous roles,” explained Mike Oppenheim, global lead for research at IBM X-Force Incident Response and Intelligence Services (IRIS). “With the impact we have at IBM, we can help organizations enhance their security posture and defend at scale.”

Advice for Veterans Launching New Collar Careers

Stasio offered some advice based on his military experience and what he learned after migrating to the private sector.

“I wish enterprise organizations would better adopt the concept of attribution,” he said. “I think this is really important — to figure out who is going after you and why. As an analogy, let’s say you are walking down the street and someone randomly throws a rock at your head (i.e., you get hacked). For most organizations today, the solution is, ‘Next time you walk down the street, protect yourself better and wear a helmet.’ Instead, attribution is trying to look around and trying to find out who threw the rock at you and why so they don’t do it again.”

Bradley’s experience led him to advise new collar workers to jump at the first job opportunity “just to get in the door.” He continued: “Do something that you know you will enjoy. The leadership skills you learned during your military service will always help, even if you only use them in a single project that you lead.”

For his part, Oppenheim said he learned a lot while with the Marines, but he felt he hit a threshold in what he was learning. He echoed advice he picked up in the service and while working his way up the ranks in civilian enterprises: “Always surround yourself with people smarter than you.”

New collar efforts are paying off for enterprises and former military servicepeople alike. By bringing the skills they gained in the military to private enterprises, veterans can protect organizations from cyberattacks while climbing up the ranks on a rewarding career path.

Read the IBM Executive report: Addressing the Skills Gap with a New Collar Approach

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today