The ongoing battle against cybercrime requires a new generation of skilled professionals. Since the cybersecurity skills shortage is expected to reach 1.8 million unfilled positions by 2022, these professionals are in high demand.

IBM is taking a new collar approach to filling these positions by concentrating on skills and experience rather than formal education and degrees. In particular, the company’s efforts to hire 2,000 U.S. military veterans to launch new collar careers over the next four years is putting experienced military personnel where they are needed most: on cybersecurity teams.

Education Beyond the Classroom

Military experience includes intensive education on specific jobs, but it goes far beyond the typical classroom learning experience most colleges provide. That’s part of the reason the new collar approach looks past the traditional requirement of a college degree that most employers want.

Bob Stasio, program director, threat hunting at IBM Security, was assigned to command an Army company at the National Security Agency (NSA) that was working on cybersecurity. “For some cyber jobs where I worked, a soldier would have to go through nearly three years of training before they touched a real keyboard,” Stasio explained. “The private sector generally wants people to be hired fully trained and then further training is on your own.” That kind of investment in training can’t be matched in the corporate or collegiate environment.

Cybersecurity positions need more than technical prowess when intrusions threaten the safety of networks and the data they handle. Nick Bradley, practice lead for IBM’s X-Force Threat Research Group, emphasized the advantage he gained from his military service.

“As you move up in the command structure in the military, you gain leadership skills because leadership is built into the job and the training,” he said. Bradley’s training and experience enabled him to rise through the ranks in his civilian career. As he put it, “It was only a few years after I began my civilian career before I moved up to a management position. That all came from my military experience in leadership.”

Applying Military Experience to the SOC

Enterprise jobs present different opportunities and challenges for those with previous military careers. The situations encountered in the military allow veterans to apply their experience to enterprise environments that truly need their help.

“Enterprise organizations today essentially face this same dire threat from hackers,” said Stasio. “They essentially have to fight a war on their networks.”

Stasio worked in tactical operations centers (TOCs) and found that they were very effective at fighting protracted conflicts. He brought that experience to his work at IBM. “My understanding of how to build and run these operations centers has been invaluable to transfer into the SOC environment,” he said.

For some, the change from military to civilian enterprise means a move from a smaller-scale environment to one that spans the globe. While it may seem like the military works around the world, most assignments are limited to smaller, more local environments. “I joined IBM to work at a global scale with even more data than I had access to in previous roles,” explained Mike Oppenheim, global lead for research at IBM X-Force Incident Response and Intelligence Services (IRIS). “With the impact we have at IBM, we can help organizations enhance their security posture and defend at scale.”

Advice for Veterans Launching New Collar Careers

Stasio offered some advice based on his military experience and what he learned after migrating to the private sector.

“I wish enterprise organizations would better adopt the concept of attribution,” he said. “I think this is really important — to figure out who is going after you and why. As an analogy, let’s say you are walking down the street and someone randomly throws a rock at your head (i.e., you get hacked). For most organizations today, the solution is, ‘Next time you walk down the street, protect yourself better and wear a helmet.’ Instead, attribution is trying to look around and trying to find out who threw the rock at you and why so they don’t do it again.”

Bradley’s experience led him to advise new collar workers to jump at the first job opportunity “just to get in the door.” He continued: “Do something that you know you will enjoy. The leadership skills you learned during your military service will always help, even if you only use them in a single project that you lead.”

For his part, Oppenheim said he learned a lot while with the Marines, but he felt he hit a threshold in what he was learning. He echoed advice he picked up in the service and while working his way up the ranks in civilian enterprises: “Always surround yourself with people smarter than you.”

New collar efforts are paying off for enterprises and former military servicepeople alike. By bringing the skills they gained in the military to private enterprises, veterans can protect organizations from cyberattacks while climbing up the ranks on a rewarding career path.

Read the IBM Executive report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today