Experience matters: Veterans fill a cybersecurity niche
Editor's note: This article from CIO Dive's archives highlights Veterans' roles and potential impact on the national cybersecurity pipeline. Since it ran, CompTIA has updated its cybersecurity supply and demand heat map, which can be found here.
Just five miles across the Potomac River from Washington D.C. lies Arlington, VA, a city home to think tanks and contractors alike.
From an aerial perspective, the city's buildings tower far above the Capitol's height restrictions and are in close proximity to the Pentagon.
And just up the road, in Ashburn, VA, is "Data Center Alley," a technology corridor that touts the largest concentration of data centers in the world, which 70% of the world's internet traffic passes through.
Though SiIicon Valley receives much of the technology hype, the reality is the backbone of the internet runs through the D.C. metro area, bringing with it scores of cyberthreats. But this creates an opportunity for the budding cybersecurity workforce and the hiring managers eager to bring in talent for the increasingly understaffed field.
The concentration of military installations, federal agencies and contractors has allowed for a "Cyber Corridor" to emerge in the greater Washington area, particularly in Arlington. Feeding into that are the scores of veterans in the area who are uniquely suited for cybersecurity and looking to work in the private sector.
The military, by definition, works with advanced technologies and exposes people at a young age to leadership roles, places structure around daily efforts and work and exposes men and women to skills-based training, according to John McCumber, director of cybersecurity advocacy for (ISC)2.
"The average company does not need a security clearance. But the average company loves overqualified people."
Chief technology evangelist for CompTIA
A veteran himself, McCumber said basic skills training caters to the cybersecurity sector. "That's what the military had to do. What you live for is the mission and, at the end of the day, cybersecurity is about supporting a mission."
With advanced training in how to create security environments, networking and project management, veterans are tailor-made for cybersecurity. Some even have active security clearances, though in the private sector that is not necessarily a must-have resume item.
"The average company does not need a security clearance," said James Stanger, CompTIA's chief technology evangelist. "But the average company loves overqualified people."
Demand, meet supply
When looking at a map of the U.S., cybersecurity jobs and openings are often centralized in urban areas with large business centers. Certainly there are exceptions, but where there is a concentration of businesses, demand for security professionals can often exceed supply.
In response, the technology sector has placed an intense focus on growing the security pipeline, by introducing both boys and girls to STEM at a young age and promoting gender diversity in a notoriously male-dominated field.
Certain states are struggling with a cybersecurity talent gap more than others, according to data from a CyberSeek cybersecurity workforce heat map. California, Texas, New York, Maryland, Illinois, Georgia and Florida are among the eight states with more than 10,405 open cybersecurity jobs, based on the number of online job listings for cybersecurity-related positions from October 2016 through September 2017.
U.S. cybersecurity supply/demand, from Oct. 2016 through Sept. 2017
|Location||Total cybersecurity job openings||Total employed cybersecurity workforce|
But those states' workforce gaps pale in comparison to Virginia's cybersecurity needs. Virginia has 33,454 cybersecurity job openings, according to CyberSeek Data, but has a very low supply of cybersecurity workers to fill those positions.
The problem, however, is not the number of job openings.
"The real challenge is not that we have all these open positions, we just don't have the right pipeline," McCumber said. "We have too many barriers to entry."
Filling the hungry pipeline
Numerous organizations are now working together to try and close the cybersecurity skills gap by creating more streamlined avenues for security hiring. Some of these programs focus on hiring vets in particular.
Last November, Virginia launched Cyber Vets Virginia, a program to provide free cyber training for veterans living in the state to work in the cybersecurity sector. The program is in partnership with organizations such as Cisco, Amazon Web Services and (ISC)2, among others.
Part of the program, the Veteran's Cyber Training Pilot, is one of the first in the nation to offer certifications and trainings specifically to help bring veterans into cybersecurity.
"The real challenge is not that we have all these open positions, we just don't have the right pipeline. We have too many barriers to entry."
Director of cybersecurity advocacy for (ISC)2.
The 12-15 week training program has already had three cohorts with about 30 people each, McCumber said. It is currently on track to get about 200 participants through the program this year.
The location of the program also taps into what McCumber calls the "triad" to support cybersecurity initiatives, which can all help fill the pipeline: government, academia and industry to provide the needs and requirements.
Though the cybersecurity sector does not always require formal schooling, certificates and other accreditations can make it easier to hire skilled professionals. This is especially important for veterans because military skills and credentials don't always translate to the private sector.
(ISC)2, for example, can provide transparent certifications, which the private sector can better understand.
CompTIA has a similar effort with Microsoft to encourage more veterans to go into the cybersecurity field.
Veteran programs reach out to military professionals as they look to transition out of the service, according to Stanger. The programs offer several components:
Third-party certifications, whether from Microsoft, Cisco, CompTIA or (ISC)2, among others.
Hands-on training, which is required for companies to close the "confidence gap" in cybersecurity.
The ability to interview for cybersecurity jobs at the end of the program. For example, program participants can receive an interview with Microsoft or some of its 200-300 partners, depending on openings.
Such pipeline programs create a great "double whammy" for the security market. "They are certified with respected third-party certifications and they have years of experience," said Stanger.
Follow Naomi Eide on Twitter