Large-scale data breaches, and their prevalence in the media, mean that businesses and consumers alike are acutely aware of corporate responsibility in the field of cyber security – and the introduction of the General Data Protection Regulation (GDPR) has raised the stakes further.
Yet, despite mass awareness of the risks of a data breach to consumer privacy (and to the reputation and financial stability of UK plc), cyber attacks continue apace, and demand for cyber security professionals is far outstripping supply.
The National Cyber Security Centre reported an increase in attacks on UK businesses, while the Department for Digital, Culture, Media and Sport (DCMS) reported that more than four in 10 businesses have experienced some type of cyber security breach in the past 12 months.
In this context, it is particularly worrying that the House of Lords Digital Skills Committee has estimated there will be a shortfall of two million cyber security professionals worldwide by 2019, while Cyber Security Ventures estimates more than three million unfilled positions by 2021.
So how do we solve the cyber security time bomb facing UK businesses, particularly in the context of the post-Brexit brain-drain predicted by many commentators?
Engaging and educating the next generation of cyber security professionals clearly involves educational institutions inspiring and upskilling people at an early age. However, one immediate and largely untapped talent pool is the many thousands of ex-military personnel who are looking to transition to civilian life.
There are many reasons ex-forces personnel are so often an ideal match for a new career fighting cyber crime:
- Security mindset. People who have spent many years in the forces have a deeply ingrained security mindset – many find it a natural progression to move from protecting national security to another form of security. Historically many people leaving the military have moved into private or physical security and there is now a groundswell of interest and awareness among veterans about the new digital avenues open to them.
- Analytical assessment. The military trains its recruits to assess a high-stakes combat situation in terms of first-, second- and third-order consequences, and formulate a rational response. Ex-military turned cyber specialists are therefore often more adept at planning for multiple potential outcomes and foiling cyber attacks.
- Learning mentality. Training and lifelong learning is a way of life in the military so leavers are often swift to master new IT and cyber skills. Many have often developed a good technical basis in non-combat roles such as IT, security and telecoms.
- Self-starting leaders. It is not rare for military veterans to have experience managing dozens if not hundreds of troops, inspiring and leading them sometimes in life-threatening situations. These extreme leadership skills complement their experiences of having worked in a rigid hierarchy, where highly-experienced leaders are used to also diligently and respectfully responding to superiors. Despite the hierarchy of the military, recruits tend to also be excellent self-starters who take accountability for their actions.
- Communication skills. Military recruits are drilled in the importance of first-class communication skills, which can make the difference in a high-risk frontline scenario. These soft skills are crucial to cyber security roles as they allow veterans turned cyber warriors to explain highly technical scenarios to colleagues, such as CEOs, who may have little technical knowledge.
A recent report from Barclays highlighted multiple reasons ex-service personnel are well-suited to business life at large, each of which offer much value to cyber positions. Possessing many prized attributes, veterans score in the top 30% for a number of key aptitudes necessary in the workplace including creativity, rational thinking and emotional intelligence.
So, when it comes to the cyber security frontline, veterans could play a key role in plugging the rapidly-widening skills gap.
Neil Williams is CEO of Crucial Academy, which is run by four former Royal Marines and provides free accredited courses in cyber security for those who have left the military or are currently undergoing resettlement