InfoSec careers for military veterans

I know an owner of a company that supports military veterans by placing them into information security positions within the Minneapolis/St Paul area. His motto is, if we trust our military to protect our country, why shouldn’t they also protect our companies from infosec attacks? So, I’ve been considering what career tracks they can have that would lead to a financially beneficial career for them and their families.

Security analyst

My first thought focuses on the variety of security analyst roles that exist related to Security Operation Centers. The SOC is the center of the storm when a breach occurs, the storm escalates to the Security Incident Handling experts.  But the SOC analysts need to be vigilant in reviewing data (e.g. Security Incident and Event Management information) to determine if a breach has already occurred. 

Security analyst roles can grow up into higher and higher analyst roles.  I’ve seen 5 levels of analyst roles within local large banks.   It would be beneficial for the analysts to pick up a CISSP certification to give them a good background in InfoSec concepts.

Product administration

Another career path is that within product administration.  Administration of simple products is profitable and as one moves to administration of more complex products one can see large gains in financial compensation. One can start with Linux administration.  They can get a good Linux administration book from a local bookstore.

After Linux administration, I would recommend the next role would be virtual machine administration.  Virtual machine solutions give great insight into the core functionality of a datacenter and they support custom and purchased applications in all the SDLC (dev, test, stage, and production) environments. Help desk work is also beneficial because it gives one insight into a company’s critical solutions.

Once someone understands the datacenter, they can move into specialty administration functions like: storage subsystems, firewalls, load balancers, two factor authentication tools, and identity and access management products. Specializing in administration of any of these areas is quite profitable and there are limits in the number of experts that can perform these functions. People that don’t understand IT complexity shouldn’t apply.                                          .

Sales

So, what is the most profitable work? Security engineering and sales is the most profitable. It is difficult to deploy security products well within large corporations. Security engineers are often flown in to deploy their company’s products within companies that have paid for their products.  Common products include switches/routers, firewalls, load balancers, storage products, virtualization products and identity and access products.

Sales and marketing roles are critical roles and they are also very profitable. Sales roles are likely the most reachable for some of the military veterans. The veteran’s skills in gaining trust and persuasive communication are most important.  As they learn more about various security solutions they become even more valuable.  Marketing is a little harder to break into because some of the marketing roles require an in-depth understanding of a product. That can be hard to gain over time if one lacks a product development background – designing the product.

Another area is security architecture. Architects are concerned about how the security and other IT products work together.  They often do the research to determine which products should be deployed to meet security needs. They also interact with sales engineers to do the planning for deployment of new products. The architects often interact with the engineers who deploy the products.

In summary, I would recommend the following career paths for military veterans: security analysts, product administration and sales. I would not recommend sales engineering, marketing and security product marketing until they have more experience with products and IT infrastructure. Getting a CISSP certification would also be beneficial to give them some understanding of the infosec business.