Everyone in the industry knows that there is a huge demand for cybersecurity professionals and a worrying shortage of talent. In fact, Frost and Sullivan estimated that we will face 1.8 million unfilled cybersecurity positions by 2022. So how do we solve this problem — and fast?

A recent executive report from the IBM Institute for Business Value (IBV) suggested that we can close this gap by filling cybersecurity roles through a new collar approach. This means tapping professionals who may lack a traditional college degree, but possess in-demand technical skills and aptitudes.

Read the report: Addressing the Skills Gap with a New Collar Approach

Veterans to the Rescue

According to the IBM report, employers are looking for cybersecurity professionals who embody the core attributes and skills of explorers, problem solvers, students, guardians and consultants. These characteristics can, of course, be found in a multitude of other sectors beyond cybersecurity.

One such sector is the military, where my own career began. As a former regimental signals officer in the Royal Green Jackets in the British Army, I can attest that the guardian attribute is common among military veterans. This means they are highly ethical, reliable and motivated to protect others. I am also convinced that veterans are proven self-starters.

In terms of specific cybersecurity roles, we’ve found that veterans are particularly suited for operator and communicator positions. Looking specifically at operators, roles can include threat monitoring analyst, penetration tester, security operations center (SOC) analyst and cyber operations manager. Anybody who has worked in the operations center of a warship, military unit or Royal Air Force (RAF) station will have the experience and transferable skills needed to deal with the types of incidents we encounter daily.

A Virtuous Circle

Recognizing the value and skillset veterans can bring, IBM has already hired hundreds of ex-military personnel. In March, the company announced plans to hire 2,000 U.S. military veterans over the next four years. Here in the U.K., we have an ongoing partnership with SaluteMyJob and the Corsham Institute to provide veterans with free training and certification on IBM’s i2 Analyst’s Notebook data analysis and QRadar cybersecurity products.

Almost 100 veterans have now qualified as data analysts thanks to this program. It’s a virtuous circle: At the end of the training course, recruiters can get in touch with veterans, and vice versa. The next course will be held in early September in Corsham, England. Interested veterans can apply via SaluteMyJob.

We continue to support ex-military employees once they join the business, too. When we hire veterans, we offer them a mentor from IBM who also comes from the military, so the individual has someone to talk to from a similar background.

Where to Find New Collar Candidates

If you’re considering hiring ex-military personnel for a cybersecurity role, you might be wondering where to start. I would recommend finding a partner such as SaluteMyJob that can provide access to motivated veterans with the right background. Next, attend training courses and events designed for veterans to meet the talent pool and introduce yourself to prospective employees.

In my security division, we’re using this new collar approach to cope with the cybersecurity skills gap. To me, it makes perfect business sense to train veterans with proven skills that are difficult to interview for. With the right training and investment, we can start closing that gap.

Read the IBM Executive report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…