The ongoing battle against cybercrime requires a new generation of skilled professionals. Since the cybersecurity skills shortage is expected to reach 1.8 million unfilled positions by 2022, these professionals are in high demand.

IBM is taking a new collar approach to filling these positions by concentrating on skills and experience rather than formal education and degrees. In particular, the company’s efforts to hire 2,000 U.S. military veterans to launch new collar careers over the next four years is putting experienced military personnel where they are needed most: on cybersecurity teams.

Education Beyond the Classroom

Military experience includes intensive education on specific jobs, but it goes far beyond the typical classroom learning experience most colleges provide. That’s part of the reason the new collar approach looks past the traditional requirement of a college degree that most employers want.

Bob Stasio, program director, threat hunting at IBM Security, was assigned to command an Army company at the National Security Agency (NSA) that was working on cybersecurity. “For some cyber jobs where I worked, a soldier would have to go through nearly three years of training before they touched a real keyboard,” Stasio explained. “The private sector generally wants people to be hired fully trained and then further training is on your own.” That kind of investment in training can’t be matched in the corporate or collegiate environment.

Cybersecurity positions need more than technical prowess when intrusions threaten the safety of networks and the data they handle. Nick Bradley, practice lead for IBM’s X-Force Threat Research Group, emphasized the advantage he gained from his military service.

“As you move up in the command structure in the military, you gain leadership skills because leadership is built into the job and the training,” he said. Bradley’s training and experience enabled him to rise through the ranks in his civilian career. As he put it, “It was only a few years after I began my civilian career before I moved up to a management position. That all came from my military experience in leadership.”

Applying Military Experience to the SOC

Enterprise jobs present different opportunities and challenges for those with previous military careers. The situations encountered in the military allow veterans to apply their experience to enterprise environments that truly need their help.

“Enterprise organizations today essentially face this same dire threat from hackers,” said Stasio. “They essentially have to fight a war on their networks.”

Stasio worked in tactical operations centers (TOCs) and found that they were very effective at fighting protracted conflicts. He brought that experience to his work at IBM. “My understanding of how to build and run these operations centers has been invaluable to transfer into the SOC environment,” he said.

For some, the change from military to civilian enterprise means a move from a smaller-scale environment to one that spans the globe. While it may seem like the military works around the world, most assignments are limited to smaller, more local environments. “I joined IBM to work at a global scale with even more data than I had access to in previous roles,” explained Mike Oppenheim, global lead for research at IBM X-Force Incident Response and Intelligence Services (IRIS). “With the impact we have at IBM, we can help organizations enhance their security posture and defend at scale.”

Advice for Veterans Launching New Collar Careers

Stasio offered some advice based on his military experience and what he learned after migrating to the private sector.

“I wish enterprise organizations would better adopt the concept of attribution,” he said. “I think this is really important — to figure out who is going after you and why. As an analogy, let’s say you are walking down the street and someone randomly throws a rock at your head (i.e., you get hacked). For most organizations today, the solution is, ‘Next time you walk down the street, protect yourself better and wear a helmet.’ Instead, attribution is trying to look around and trying to find out who threw the rock at you and why so they don’t do it again.”

Bradley’s experience led him to advise new collar workers to jump at the first job opportunity “just to get in the door.” He continued: “Do something that you know you will enjoy. The leadership skills you learned during your military service will always help, even if you only use them in a single project that you lead.”

For his part, Oppenheim said he learned a lot while with the Marines, but he felt he hit a threshold in what he was learning. He echoed advice he picked up in the service and while working his way up the ranks in civilian enterprises: “Always surround yourself with people smarter than you.”

New collar efforts are paying off for enterprises and former military servicepeople alike. By bringing the skills they gained in the military to private enterprises, veterans can protect organizations from cyberattacks while climbing up the ranks on a rewarding career path.

Read the IBM Executive report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today