By Tom MacDonald, Managing Principal Security Consultant
This post is part of a three part series by Nettitude consultants, from the network defender, threat intelligence and offensive penetration testing sides of the business, to show how they were able to map their military skills directly into the industry.
The cyber security industry has continued to flourish both in the UK and overseas. The continual message from the industry is that there is a chronic skills gap and lack of skilled personnel. There are a surprising number of ex-military staff within Nettitude, covering areas such as incident response, SOC analysts, red teamers and threat intelligence analysts. The aim of these blog posts is to explain how the soft skills that the military gives to its employees can be mapped across to consultative roles.
A key message we want to communicate is that whilst technical skills can be taught or updated, we cannot teach attitude, teamwork and temperament. We find ex-military staff to have these niche qualities in spades.
Soldier to Cyber
By Simon Robinson, Security Analyst
This blog post has been created entirely based on my experiences of leaving the Armed Forces, and how I went from clicking ‘submit’ on JPA to walking into the office on day one of my first civilian role in cyber security as a Security Operations Centre (SOC) Analyst.
Firstly, a bit of background about myself: I was a junior rank in the Royal Air Force and part of Trade Group 4, which is communications engineering – similar to the Army’s Royal Signals or the Royal Navy’s CIS branch. My roles were heavily network engineering based with some system deployment and my first posting was to the Tactical Communications Wing at RAF Leeming where I got to get my hands dirty with deploying tactical networks and radio shots. I soon learned that I enjoyed when the equipment didn’t work because I got to figure out why – delving into machine and network device logs. From here I began to develop the analytical and fault-finding skills that I still use today in my role as a Security Analyst at Nettitude.
By the time my next posting was coming to a close, I knew I wanted to work within cyber defence, but I also knew that I was probably unlikely to do so within my current rank in the RAF. So, after much deliberation, I decided to leave at my nine-year point, knowing I wanted to work within cyber security but not exactly knowing how to get there.
I decided to book myself onto the Cyber and Security Cleared Expo in London and spoke to numerous exhibitors about what skills they were looking for in an analyst so I could add them to my ‘to-do’ list. Amongst the exhibitors was SANS, a training provider, and they were about to start the UK Cyber Retraining Academy – this was a 10-week course packed full of SANS training…for free! The only catch was that applications were open to the entire UK and there were only 55 places. The application process involved an online assessment, written application, and formal interview. By some miracle I made it through the selection and got myself onto the retraining academy!
Having served over eight years, I was entitled to 25 days resettlement leave and fortunately, I had 25 days annual leave that I could combine and use for this 10-week SANS academy. Thankfully, my chain of command allowed me to do this and in January 2017 I began the academy. There were four SANS courses covered, which culminated in two SANS GIAC certifications: GSEC and GCIH. The training was intense and the instructors were fantastic – I learned more than I thought possible in those 10 weeks and having those SANS certifications on my CV certainly made an impact.
SANS training can be very expensive however – a live course and the exam will cost more than a dip into your Enhanced Learning Credits. There are ‘online only’ versions of the courses that are a little cheaper, but by far the cheapest option would be to purchase the official study guides second hand and just pay for the exam. The latest exam prices can be found on the sans.org website.
After the academy, I booked myself on to a Career Transition workshop and registered with the Career Transition Partnership. Both the CTP and workshop are packed full of useful information and the CTP has a vast range of jobs and employment fairs to attend. I’d recommend doing this as early as possible in your journey, as there are some good CV and interview techniques that stood me in good stead. It is worth bearing in mind however that the information from the CTP is aimed at the generic service leaver and may lack some of the information you require to prepare for cyber security roles. If you require additional information or CV writing help, reach out to the community over LinkedIn or Twitter – someone will always be more than happy to help. As a quick reference, a sample CV can be found here – it’s similar to mine, which has worked for me!
After this however, the hard slog began – I had my certifications and my CV written, all I needed was an actual job! It took a lot of applications, telephone interviews and face-to-face interviews but finally, with about four months left of resettlement, I landed my first SOC analyst role. This was a tier one position and involved a lot of ‘first line’ activities, which wasn’t ideal but it was still good experience. After about 12 months, I was up for more of a challenge, so I applied to Nettitude. I still work in a SOC role but I now also get to work on Incident Response. I’ve completed two certifications and I am about to start a Masters Degree in Cyber Technology.
Enough about me. Below I’ve written some of the things that I found helpful during my resettlement. The important thing is not to worry – you have enough time if you plan and use it wisely.
What do you want to do?
Security Operations Centre (SOC) – an excellent choice for ex- military beginners
The cyber security industry is massive. It is important to make a decision early on in your resettlement or at least have an idea on what direction you want to take. In defensive cyber, most people will begin their career as a Security Analyst within a Security Operations Centre – this is an excellent platform from which you can begin to translate your analytical skills gained in the military into analytical skills used in defensive cyber.
Don’t worry if you still don’t fully know what direction you want to take. If you have leave remaining, look out for workplace placements or open days that will give you more of an insight into a particular aspect of cyber security.
How do I do it?
Cyber Security Courses to Look For
There are many courses and certifications out there. Some are better than others. Some are more expensive than others. There is also a lot of free information out there, such as Cybrary - I’d recommend looking at their CompTIA Security+ and CySA+ courses. Other sites such as Udemy, PluralSight, LinuxAcademy and PentesterAcademy are all reasonably priced, or have almost continual sales / Black Friday deals.
Speak with your unit’s Resettlement Advisor and the Chief Clerk to find out exactly what your entitlements are. Remember your Enhanced Learning Credits (if you still have them). Now that you are in resettlement the “benefit to trade” rule no longer applies and you can use them for whatever course you like, so long as the provider accepts learning credits.
Make sure your CV and covering letter are up-to-date and tailored to the jobs you are applying for.
Useful Cyber Security Certifications
Below are some of the certifications that will stand you in good stead for a career in defensive cyber security:
Each of the links above will have the appropriate suggested reading and/or course materials and additional information can be found in the training websites previously mentioned. I’d recommend the CompTIA and CISCO Cyber Ops certifications first as these have an official study guide to work from. The CREST CPIA does not have a study guide so hands-on experience will be a real benefit here – I’d suggest taking this one with 6-12 months experience under your belt.
Points to note
- At whatever point you decide to leave, make sure you have an idea of what you want to do – don’t wait until you are half way through your resettlement to make a decision or you may run out of time.
- Register with the Career Transition Partnership and book yourself on to a Career Transition Workshop.
- Speak with your unit’s Resettlement and Learning Centre for CV advice and to find out what your entitlements are in terms of resettlement leave and learning credits for example.
- Begin your learning early on – create an achievable list of goals you want to meet by the end of your resettlement.
- You can apply to leave earlier than your exit date if you have a written job offer.
- Make sure you gain as much wider experience of the industry as possible – you might start out thinking that you want to do Incident Response, but after trying it for a short period you might realise that actually the offensive side of security is more your thing. It’s best to find this out as early as possible, so don’t be afraid to try things that you didn’t think that you’d be interested in.
Don’t underestimate your military experience
The time you have spent in the military is not wasted. The technical skills and analytical processes you have been taught will easily translate into a civilian role. Don’t underestimate your soft skills either. Your ability to perform under pressure, to follow commands, or to lead a team are equally valuable. At Nettitude, we value people with the right attitude along with an aptitude for the role.
There are also a number of other roles within the Armed Forces that fit well in cyber security, not just communications engineering. Intelligence Analysts have the analytical training that makes them suitable for SOC or Threat Intelligence roles. Military Police have the investigative mindset that is required for cyber investigations and may have even worked on digital forensics during their military career. Whatever your role was in the Armed Forces, I guarantee that some of those skills will be directly transferable into the civilian world of cyber.
It may not go the way you want on the first try. Expect to get some rejections – but remember that every interview you attend is a learning experience for the next interview. It’s important not to give up – yet another quality that translates well from the military to civilian sector!
- Prior planning! Know what type of role you want and have an idea about how to get there. Plan your time and plan your learning.
- Understand your resettlement entitlements – speak with your Learning Centre and Chief Clerk.
- Apply for courses as early as you can. Places fill up fast or the course may only run twice a year for example.
- Register with the CTP and book a transition workshop – their advisors will help you to navigate from military to civilian life (including housing and schooling options).
- Set up a sensible email account and start applying for jobs, create a LinkedIn page and connect with other people within cyber security.
- Don’t listen to those people who tell you that there aren’t any jobs outside of the military, or the ‘grass isn’t greener’. Instead listen to the CTP careers advisors and those that have already made the transition.
Above all else, don’t worry! Leaving the military isn’t a nightmare – you just need to make a plan for your resettlement. There are a number of us here at Nettitude that have made the transition from the military and plenty more people in the wider industry that will gladly give you advice. If you have any questions at all, please feel free to contact me on LinkedIn.