In this article, we’ll discuss ways in which your security clearance can better position you for cybersecurity positions, and how to leverage that advantage throughout your career.
First, what do we mean when we say “security clearance”?
There are three types of security clearance levels:
Confidential
This clearance level is issued to personnel who need to access material which, if improperly disclosed, could be reasonably expected to cause some measurable damage to national security. The vast majority of military personnel are given this fundamental level of clearance.
Secret
This clearance level is issued to personnel that need to access material which, if improperly disclosed, could be expected to cause serious damage to national security.
Top Secret
This clearance level is issued to personnel that need to access material which, if improperly disclosed, could be expected to cause exceptionally grave damage to national security if it was released without authorization.
Public Trust
Some government positions require an increased level of sensitivity but not a level of security clearance. These are public trust positions. The investigation for public trust positions is similar to the clearance levels listed. It is often misrepresented as the fourth type of clearance; however, it is not considered a clearance, just an investigation type. If you have worked on a public trust position before, you could be viewed as a “clearable” candidate, meaning that you could obtain one of the clearance levels listed.
The business argument for hiring veterans
Obtaining a security clearance while in the military is beneficial for transitioning out and back into civilian life. Both federal contracting companies and the government alike love employing veterans. Some studies suggest that veterans are more productive than their civilian counterparts and maintain higher retention rates. That is especially attractive to a contracting company, which could spend thousands of dollars on obtaining or maintaining a security clearance, performing background checks and other overhead costs. This makes a veteran with a security clearance a very appealing option to hire. If you are seeking a career in cybersecurity with little to no prior experience, there are some entry-level options you could pursue. Though many of them do, not all jobs in the military that require clearance are related to technology. If you gained some IT experience, this will help you transition into a cybersecurity position. If you worked not in IT but in intelligence, that position can also make for a smooth transition into cybersecurity as well, and you can emphasize the related skills you gained in this role. If you did not perform any IT or intelligence work, your leadership skills and security clearance will still make you a valuable addition to any company. The best job for you to pursue depends on your long-term career goals and previous experience. You should take time to access what skills you gained during your time in the military and what your ultimate career goal is. Some of the items you should inventory: Do you have a degree? If so, what level (B.S., M.S., Ph.D.)? What was your major? A degree in any field can prove helpful in getting a position, but a technical degree can substitute for years of experience in some cases. What were the details of your job in the military? As you prepare your resume, you want to be mindful of what you did and how that translates into skills pertinent to cybersecurity. Did you participate in activities that provided physical security support (standing watch or duty, for example)? Look at job postings you are interested in and pay attention to the language used. There may be things you did that you have not considered that can be extremely relevant to a job in cybersecurity. What are your short- and long-term career goals? Knowing where you want your career to go is helpful in writing your resume as well as your job search. The cybersecurity field is vast. It is a field, not just one job. Saying you want to work in cybersecurity should always be followed up with a specific job type. There are technical jobs, including pentesting, security testing applications and systems, system administration, security architecture, cybersecurity analyst and more. For many people, these are the default cybersecurity jobs as they deal with tech, but they are not the only options out there. There are also compliance-related jobs which can include security auditors and cybersecurity engineering; testing can also fall into this category. Information Systems Security Officers and Managers (ISSOs/ISSMs) fall into this category. They ensure systems are compliant with all required laws and regulations. There is also the management track. This is for people who want to manage security-related projects and organizations. Knowing where you want to be can help you determine where to start. If you’re interested in a technical path, then you want an entry-level job with some technical requirements to help build your skill set. You also want to look at certifications that could be helpful. Do you want to go to a management path or compliance? You potentially need a degree and possibly a more advanced certification (e.g., CISSP). Below are a few positions to consider if you have a security clearance, prior military experience, and a desire to work in cybersecurity.
Helpdesk administrator
Working for a company’s IT helpdesk is a good segue into IT and potentially cybersecurity. This is also a great entry-level position for someone with no prior IT experience. Working as a helpdesk technician, you help users troubleshoot their technical issues. Most helpdesks offer scripts for their technicians to follow to guide them in asking the right questions and finding a potential solution. You may encounter various types of issues that will build up your mental knowledge base of technical issues and their fixes — learning these tools to help you transfer to a more technical position such as a system administrator or tester.
System administrator
Many organizations, depending on their needs and size, have slots available for junior system administrators. This is another excellent entry-level option. Those with some prior IT experience they gained from the military, or maybe on a helpdesk position, are generally qualified for a junior sysadmin job. If you gained substantial IT experience, you could qualify for a higher leveled position or maybe a direct cybersecurity job.
Technical writer
If you have a knack for writing and strong attention to detail, this could be a great starter job. Some companies have openings for junior technical writers. However, if you have a B.S. in any field, that often substitutes 3-4 years of experience. You had to write to finish your college education. A technical writer writes technical documentation, procedures, guides and other items. Some technical writers are responsible for website content and updates as well. Starting in technical writing, you get an opportunity to learn about technical things. Some technical writing positions are cybersecurity-specific, meaning you learn while writing.
Cybersecurity analyst
The job requirements for a cybersecurity analyst vary. Many analyst positions are in support of the Network Operations Center (NOC) or Security Operations Center (SOC) environments, but not always. Some of these positions in the NOC or SOC environment include evaluating malware, monitoring systems for abnormalities or intrusion or performing threat-hunting activities. Some analyst positions involve performing compliance analysis in order to ensure that the proposed architecture will be able to pass any future security audits or evaluating the proposed architecture for potential vulnerabilities and exploitable weaknesses. Many of these positions require some level of previous technical experience; however, having prior military experience with a clearance, some companies are willing to pair you with a more seasoned analyst and provide on-the-job training.
Cybersecurity engineer
As with the other jobs listed, there are junior- and mid-level cybersecurity engineering jobs. A cybersecurity engineer is normally a mix of technical and compliance analysis, though the term cybersecurity engineer is used for a wide range of job types. It can include vulnerability management, architectural design, compliance, risk assessment, software configuration, installation and more. You would commonly be responsible for analyzing the compliance needs of a system and ensuring the best solutions are implemented. This includes analyzing cost concerns and system requirements. If you have some prior technical experience, some companies are willing to train you on the compliance aspect of the position. Alternately, if you do not have prior technical experience but are great at project management and understand compliance concerns, you could still be deemed an asset.
Conclusion
I’ve been in this position myself. I spent four years in the Navy as a cryptologic technician. I knew I wanted to work in cybersecurity (though back then, we used the term “information assurance”). As suggested earlier, I sat down and evaluated my skill set and my long-term career goals. The first job I secured after my enlistment was as a technical writer for a Navy program office that provided IT systems for other DoD agencies. Knowing that working in cybersecurity was my goal, I used the information I learned as a tech writer to advance into becoming a tester, which led to becoming a systems administrator. I spent years as a sysadmin to learn about architecture and operating systems. I used that to become a cybersecurity engineer. After a few years as a cybersecurity engineer, I had the time in the field to be able to sit for the CISSP. With the combined years of experience and CISSP certification, my career options opened. If I can do it, you can too. Good luck!
Sources
Starting a career in cyber security: A guide for veterans, Comparitech Is a Public Trust the Same as a Security Clearance?, ClearanceJobs Onward and Upward: Understanding Veteran Retention and Performance in the Workforce, CNAS