Could military veterans solve the channel's skills shortage?
IBM Security is calling on companies to see military veterans as an invaluable talent pipeline. Nima Green meets the vets on the front line of the chronic cybersecurity skills gap
Poised and with a steady gaze, former Private EJ Ocljighoro has the kind of polish you might expect from someone with a military background - buffed shoes, crisp clothes and a firm handshake - but that is to oversimplify.
Another cliché, less well worn, is that after serving their country, the MoD and private sector seem all too often to leave them hanging; a frustrating limbo in which they're told their military service is respected, but that they are not speaking the right corporate lingo. But could these same people be the answer to the channel's skills shortage?
Civvy street can seem like a minefield to the 16,000 veterans who leave the British armed forces every year, as Ocljighoro knows all too well.
He is currently employed by global integrator Logicalis, after leaving the army in March 2017.
However, the transition came only after investment in new training, which in Ocljighoro's case was instigated by himself and facilitated by not-for-profits such as the Corsham Institute, SaluteMyJob, a veteran focused consultancy service, and IBM Security.
IBM certification
The trio banded together to provide cybersecurity training courses for veterans, resulting in IBM Security certifications in two IBM security products: i2 Analyst's Notebook, a platform used in the military, as well as commercial space, to bring disparate data together and present it visually; and QRadar, a security analytics platform.
They celebrated their 100th graduate this month.
IBM Europe channel success executive Nick Gibson told CRN that tackling its partners' talent shortage is "vitally important to IBM".
"IBM offers partners of all levels (from Registered to Platinum status) education and training vouchers to take certification and optional preparatory road map education to increase company skill sets," Gibson said.
"IBM also runs security-focused educational webinars targeting all forms of partners, CSP/MSP/ISV/SI/Reseller, to help with training and skills development for the IBM portfolio as well as ensuring the partners learn how to apply those tools in a practical way as they work to protect their company and customers."
Ocljighoro is a member of the next cohort being trained up. He said that reskilled veterans such as himself are "a game changer" to the corporate world; uniquely placed to help tackle the growing shortage in skilled cybersecurity professionals, estimated by Frost & Sullivan to hit 1.8 million in Europe by 2022.
"The army drills a lot of personal habits that can be transformative to the private sector, from discipline to high ethical standards. We bring these core values over to a corporate environment. It's indispensable," he said.
"But most of the transition was from me being interested in technology, so I've got myself trained in things like Cisco and AWS courses. Everyone deserves a chance to prove themselves.
"I think security should be the number one priority of every business, and we are a great force to be reckoned with if given the opportunity to prove it."
A new recruitment model
Ocljighoro was lucky. His transition took just a month. However, SaluteMyJob MD Brigadier (retired) Andrew Jackson warns that many companies are missing out, by not being able to recognise talent that comes from outside more familiar avenues, such as university graduate schemes.
He suggested that current recruitment policies are problematic, and simply not keeping pace with rapid cybersecurity advancements.
" We need to break this model, where someone goes and does a degree course, or long periods of education, by which time the world of cybersecurity has moved on about three generations anyway. And so by the time they appear, employees might be justified in saying 'these people don't have the skills that we now need'." - Brigadier (retired) Andrew Jackson, SaluteMyJob
"Instead of just whinging about a shortage of people, we need companies to actually engage. It frustrates me that companies have graduate programmes to ease students into corporate life, but don't have one for the military," Jackson said.
"So shorter, sharper emersions, and then the employer also investing in these people, is very much the model we're trying to develop here."
Two other beneficiaries of this new recruitment model are Wesley Freeman and IBM reseller partner and Bedfordshire-based cybersecurity specialist Satisnet.
Freeman was a Rifleman in the British Army for five years. He left this year, and, despite having no IT experience, enrolled on one of IBM QRadar user interface courses.
Satisnet MD John McCann came to meet some of the veterans, offering four students a one-month 'try before you buy' work placement. Wesley is now one of two vets with permanent positions at the leading IT reseller.
McCann told CRN that he was impressed by the resilience and initiative that Freeman displayed.
"It's his attitude, willingness to learn and determination to succeed that have really impressed the team at Satisnet. As soon as I met him, he was positive, articulate and it was obvious that he had set himself the goal of getting a job in the growing world of opportunity in cybersecurity. He climbed a steep learning curve during his work attachment, which gave both of us the time to decide and he is thriving.
"He's a great example to other ex-military people and shows how they can succeed in cybersecurity roles."
Calm in a crisis
Brigadier (retired) Jackson was quick to point to non-technical risk management as also being crucial to handling cybersecurity threats.
He cited the 2016 debacle at TalkTalk, where 157,000 of its customers' personal details were accessed (including bank details). Then-CEO Dido Harding couldn't explain publicly why it took 24 hours to admit the breach, and was far from media-ready to speak about the company's encryption or security policies.
The blowback sent TalkTalk shares plummeting to a 33 per cent loss in value. Harding subsequently stepped down as CEO.
"I was struck by the response of TalkTalk last year to cyber hacking, not so much on the technical side but what people in the business said. I think we all listened to [John] Humphrys attacking the CEO of TalkTalk on the [BBC] Today programme," Jackson said.
"So it is also managing external communications, communications with clients and project management as well, where the skills of ex-military people can add value."
Experience is king
VP of IBM Security in Europe Julian Meyrick agrees that clear-headed problem solving is key to responding to security incidents in business.
A former infantry platoon commander himself, he explained why he was delighted to see partners in the IBM network benefit from military services experience.
"Veterans bring a lot of the soft skills we need in the cyber domain. We need people who are able to deal with complex situations; are able to be calm when other people have their hair on fire and don't understand why their company has been hacked, or the IT isn't working; and people who are used to following structured processes but also have the confidence to use their initiative, because the reality is that however much you can plan for a cybersecurity incident, most of them never quite turn out the way you expected."