Ex-military intelligence officers should be trained to work in IT security to serve their needs and fill the skills shortage.
Amar Singh, chair of the London Chapter security group of ISACA and CISO of News International, told SC Magazine that finding a way to help former soldiers and army intelligence officers take up a new career in information security was one of his key aims.
He said: “I want to give them the assurance so that when they leave [the armed forces], it is not the end of the world and offer them a route into the corporate world. I don't think they are getting that help.”
As well as working with teenagers and school children on developing ‘cyber education', he said that he envisions events offering advice and opportunities to make these people aware of the opportunities and training on offer.
“I believe that soldiers are actually very good information assurance and security and audit people,” he said.
“The whole IT arena is a great place for soldiers to be in, in my opinion, and in information security they have a lot of discipline, but they are not being given guidance on that.
“I don't know why this is, just because they don't have commercial skills and do not have any certifications, they do not know what is available once they leave the army.”
Singh later said that this was something that he was very passionate about, especially as ISACA has certifications and he wanted to see what could be done to help these people get into the corporate world.
He also said that there are opportunities for a former soldier with five to ten years' service experience, but asked what support there is for them to get into information assurance and security.
Sarb Sembhi, chair of the ISACA government and regulatory advisory sub-committee for Europe and Africa, and a former president of the London chapter, said training was about taking good people with good skills, ‘de-risking it' and retraining them.
He said: “There are two sides to things: on one hand we have more data breaches than we have ever had, we have hackers succeeding where they had not before and reports of malware that doesn't get detected for years, so [it is] worse than it's ever been.
“Then on the other a bunch of people who have been in security a while and are trying to lead the way with thought leadership and be the best they can, while others have been around for a few years and have a couple of certifications and sometimes lack the leadership and technical abilities together and want to provide what is needed. That is missing in some respects. Although there is a general skills gap in information security, there is still a skills gap within those already there.”
Terry Neal, CEO of training firm Infosec Skills, agreed that more work should be done with former military intelligence officers as they have transferable skills that are relevant, for example dealing with obstacles and crises, attention to visual detail, research and written/oral presentation skills.
“If they also have IT skills, all they need is the right training and they could be valuable members of the information assurance community,” he said.
“If they have no existing IT skills then an academic qualification should be sought first so that they have a foundation upon which information assurance skills can be taught.”