Transitioning from the military can be a shock to any service member’s system. We are used to order, discipline, accountability, and upholding standards. However, when we leave the military, we lose all structure around us and are left to forge our own path. Some of us have a job lined up one year out and start before we end terminal leave. Others struggle with trying to translate military skills into appreciable civilian terms, and some struggle with finding a purpose in life. A career in cyber security isn’t for everyone, but for those who would enjoy an intellectually stimulating career in an industry which encourages innovation and initiative, it’s a job hunter’s paradise.
Making the leap into a completely new industry is not easy though. With no previous Information Technology (IT) experience, aspiring cyber security job seekers may feel helpless and under-qualified. Fortunately, there is a skill gap that exists in this industry. A skill gap that can be overcome with dedication and hard work. This industry offers multiple careers paths that can be both lucrative and personally satisfying. The following guide will provide an outline for success, but it is ultimately up to the job seeker to foster a passion for this industry.
Education and Certifications
Education and certifications are some of the most talked-about and debated issues as a requirement for an Information Security role. Although they are first on the list, they are not necessarily the most important to all hiring managers. That being the case, many companies require them, at least to get past HR.
Certifications are important in this industry. Most entry-level positions require at least a CompTIA Security+ certification. This shows you have a solid baseline understanding of foundational security concepts. From there, many people come to a fork in the road. A more technical career requires more technical certifications, such as Offensive Security’s OSCP and OSCE certifications, or SANS GPEN and GXPN certifications. On the other hand, a managerial or policy focused career requires certifications such as the (ISC)2 CISSP or the ISACA CISM. Either way, additional certifications will only serve to bolster your resume. Also, the GI Bill will reimburse you for many of them! Pro tip: unless you’re trying to land a .gov job, save your money and pass on a CEH certification. It has a cool name, and the exam is allegedly changing for the better in the future, but many in the industry regard it as a check-the-box cert, and put little worth in the exam.
As far as education goes, it is ideal to have a Bachelor’s degree, preferably in Computer Science, IT, Cyber Security, or a similar program. Computer Science will give you a solid foundation to conduct highly technical operations, whereas IT degrees tend to be more policy-based. The truth is that many job requirements in this field only serve to screen people through HR. A BS in Business Management or Psychology will get you past the HR filter in many cases. You should have some certifications to your name if that’s the case, though. It is not uncommon for people with little-to-no formal education to be hired for positions. We’ll get into how that happens below (hint – networking), but you really should focus on getting a degree – even if it’s part time. It is time consuming, monotonous, and you will feel like Billy Madison, but the payoff will ensure your success. Either way, if you are not using the GI Bill, you’re wasting time! Enroll now!
Networking is probably the single most important thing you can do to benefit your career. The community in this industry is amazing and totally unique. You may have heard of DEFCON, the largest hacking conference in the world. However, it can be expensive and overwhelming for someone new to the industry to attend. There are more local conferences in every corner of the US that provide the perfect platform for networking. You can meet and connect with InfoSec professionals in your local communities this way. You might have to do the dreaded ‘talking to people’ thing, but one conversation can change your entire future. Studies have shown that up to 85% of jobs are filled through networking. By forming relationships with people in your area, and in your target industry, you are setting yourself up for success. In an interview with GotUr6 TV regarding a career transition into cyber security, Bryson Bort, a US Army veteran, founder of Grimm, founder/CEO of Scythe, and co-founder of the non-profit ICS Village, said, “You are not doing this alone. No one is expecting you to do this alone. And your ability to perform in the job market and get that next job are helped tremendously by who you know.”
Beyond conferences, you can also focus on local InfoSec meetups (check out Meetup.com, defcongroups.org, and even Twitter – which is not only the choice social media platform of 16-year-old girls, but also, inexplicably, much of InfoSec). These meetups give you the chance to engage with other passionate security enthusiasts, many of whom are looking for the right hard-working coworkers and employees to join them.
Leveraging Your Military Background
When the time comes to start building your resume, you should highlight the best part of your military career. You possess an extremely unique skillset, but you are doing an extreme disservice to yourself if you cannot communicate this value to those who you are trying to convince to hire you. Engage your network to improve your resume. The VetSec Slack channel has a dedicated channel for those trying to improve their resumes, and there are plenty of helpful members willing to give advice. You should also review old performance reviews, example resumes, ask advice from those in the industry.
Also, do not downplay your responsibilities! If you were a team leader by position but not rank, you should claim that team leader status. No one in the civilian world cares if you didn’t make points or didn’t get promoted due to administrative reasons. People care about results, but only if you can communicate your previous leadership experience correctly. Project management is often a big part of this field, and being able to articulate your background in leadership and management can be a huge benefit. Tools also exist which can help translate military skills into civilian-friendly terms.
Always be a student! This industry is swift-moving, which is ideal for those of us who cannot stay idle. You should develop and foster a true passion for cyber security, and part of that is continuing to learn, study, and grow. With the wealth of online courses, free certifications, webinars, podcasts, and livestreams, and books, there is no excuse to NOT be current. Many times, interviewers will ask candidates about late-breaking security news. You should be able to carry a conversation about not only the technical details, but also the bigger picture lessons to be learned. This shows your investment and passion to the hiring manager.
Build your personal brand
A big part of establishing a long-term presence in this industry is establishing your own personal brand. You can do this by maintaining a blog where you detail walkthroughs, projects, and thoughts of the day. Your social media accounts should be free of anything you would not want your CEO to see, including those dank SpongeBob memes. Maintain LinkedIn, Twitter, and Slack accounts. Facebook seems to be on the way out, at least for the tech crowd, and with the privacy implications, many are happy to see it go. There are many articles which go into much greater depth on how to build a personal brand on the internet. Many have used this technique with great success.
Find a Mentor
There exist many qualified industry professionals who would love to help mentor a motivated, intelligent, hard-working veteran trying to break into cyber security. The VetSec Slack channel alone has job seekers, Security Analysts, Penetration Testers, Managers, Directors, CISOs, CEOs, and everything in between. There are tons of success stories buried in the chat, including many personal connections and meetups made through the networking opportunities. This is a great resource for veterans, and you would be remiss if you did not take advantage of it.
Do not stop there. A good mentor does not have to be a veteran. You will find that many people in this industry are extremely approachable if you use tact and good sense.
Learn to Code
This guide is not all-inclusive. You should identify your own weaknesses and shortcomings, then address them appropriately and logically. Are you lacking a degree? Get it knocked out! Do you feel you lack technical knowledge? Learn to hack with HackTheBox! Having a hard time getting your foot in the door? Meet people and connect – in real life!
Also, do not be afraid to take an internship position, even if it is unpaid. Many companies use internships as feeder positions into full-time positions. The cream rises to the top, and if you are a stellar worker who lacks experience, an internship with the right company can be the foot in the door that you need.
While the struggle to change careers is daunting, and you will likely spend many long nights behind a keyboard, studying, listening to exam prep study guides, and stressing out over your impending due assignments, hard workers will be rewarded with a satisfying career. Again, you do not have to struggle alone. Many others have successfully made this leap, and with a bit of determination, you can too. And one more thing – Mental Health Hackers has a veteran-specific outreach wing – do not be afraid to reach out for help.