How did you transition from your military career to your current role in InfoSec? Was it a natural fit, or did you have to make adjustments?
Rick Howard, CSO, Palo Alto Networks (RH): I was already in InfoSec when I was in the military. I had the technical skill sets. What I did not have was an understanding of business and business culture.
I knew coming out of the military after 23 years that I would have to adjust to a civilian setting and I consciously tried to do that.
But my first couple of performance ratings after I retired from the military had a lot of phrases like this in them: “Comes off as too stern,” “Employees are afraid to speak their minds when he is around,” and “Too direct in his taskings.” Like I said, I tried hard not to do those things but it took me a while to find the right tone in a commercial environment.
What advice would you give to service members who are interested in InfoSec?
RH: When many military people retire, they seek jobs with Defense Industrial Base companies like Northrup Grumman, General Dynamics, etc. There is nothing wrong with that. Those are good companies and the people there do good work in supporting our government and the military.
The leadership structure in these companies is very similar to the military structure -- very hierarchical — and there are a lot of retired military people working there. For many retired military, this is a comfortable place to be when they hang up their uniform for the last time. Some use this as a stepping stone to transition to a pure commercial job later in their civilian careers. Pure in this case means that the company’s primary customer is not a government. Other retired military stay and have productive and engaging careers in this Defense Industrial Base space.
I did not do either of those. My first job after I retired from the military was with a commercial security firm that had no ties to any government. I threw myself into the deep and cold waters of the pure commercial pond. I am not saying my way is better but it did force me to learn about the commercial space a lot faster than I would have going through some transitional period. On the other hand, I did rub a few “pure” civilians the wrong way as I stumbled my way through the experiences.
Are there any particular strengths that you feel veterans bring to the InfoSec market?
RH: A common theme between the military community and InfoSec community is that there is an adversary that can and must be stopped; an adversary that we must prevent from being successful. That idea binds the two communities together.
Anything else you would like to add?
RH: Hiring a veteran is a smart thing to do regardless if you are an InfoSec firm or not.
This is not true for all veterans for sure, but generally you can expect a high work ethic, a can-do spirit and a desire to do the right thing. This is not to say that you cannot find those things when you hire non-military people. You can. Most of the non-military people I have worked with in my career have these qualities in spades but generally, they acquired those traits on their own through family and past experiences.
Veterans did all of those things too, but also went through the added crucible of the military where leaders ingrained those traits into them as part of the larger culture. How can you not want that kind of employee in your organization?
And, just as an aside, it is the right thing to do. These men and women have laid their lives on the line so that the rest of us can sleep in peace. Now that they have finished their watch, the least we can do is give them a hand as they transition.