After a short, unsuccessful stint at college, I enlisted in the U.S. Army. Unbeknownst to me at the time, that choice set me on the path to a lifelong career in security. Upon joining the Army, I won the proverbial lottery when I was assigned to be a SIGINT (signals intelligence) analyst, later assigned to the National Security Agency. Before I was old enough to buy a beer, I got my security clearance, was trained to be an intelligence analyst, and embarked on the first part of my career in the intelligence community.
When I look back on my time in the military through the lens of my current role as CISO at Noname Security, there are few critical lessons I learned that still serve me in my job today.
Critical thinking is a must
There’s a common misconception that the military trains people to think alike. My experience was the exact opposite. As an intelligence analyst, techniques and strategies for critical, contrarian analytical thinking are taught as core curriculum and expected daily. There is heavy emphasis on the importance of developing one’s ability to think outside of the box and create evidence for analytic conclusions in a way that is defensible. Importantly, this includes acknowledging and planning for uncertainty and ambiguity in the face of limited facts.
Critical thinking is a skill I exercise daily in my current role. It’s particularly helpful when it comes to prioritizing time and capacity or to self-assess a control’s quality or efficacy. In the Army, I learned to always be skeptical and self-aware, which is essential for building and maintaining a strong security posture within a startup.
Like most people, I struggled with some degree of anxiety when it came to public speaking, but I was coached to overcome any apprehension pretty quickly. Despite being very junior at the beginning of my career, I was still expected to brief senior officers in person on a daily basis. This often meant extensive preparation to handle tough questions and conflict amongst groups of senior leaders. I had to learn to read the room, influence without authority, and think on my feet.
Today, I have very limited pause when it comes to speaking at events or conferences. Even being put on the spot in front of a large group is no longer a challenge since it became such a habit in the Army. This strengthened my ability to communicate and collaborate with different groups of people, listen actively, and find solutions on the fly.
Working with — and learning from — people from different backgrounds
As a child, I grew up in North Dakota and later moved to Michigan. All in all, you could say I was pretty sheltered when it came to exposure to different types of people and cultures. Joining the Army gave me the privilege of working with — and learning from — people from a wide variety of backgrounds.
From drill sergeants to squad leaders, everyone had their own unique stories and perspectives; the diversity within the Army is incredible. I also spent over three years in Asia and Africa, immersed in new cultures and learning to better adapt to the people and world around me.
The importance of camaraderie when working under pressure
There’s no shortage of high-pressure situations in the Army. Teams work under extraordinary pressures, unusual hours, in sometimes challenging (or dangerous) situations. Teams very quickly form extremely close bonds which endure for years long after most have left service.
In the cybersecurity world, it can be hard to find talent, and burnout is a very real issue. Leaders who don’t pay close attention to their people are faced with high employee turnover. The “human” element of managing a security department is more consequential than the technology you choose to support your practice. Security teams are often working under a lot of pressure, and as a leader, it’s up to you to find ways to create and maintain a sense of team. These team bonds can really create a sense of camaraderie and purpose when you’re all in it together.
Don’t neglect the basics
In the military, keeping up with the basics means showing up on time, in the right place, in the right uniform, and ready to go. In cybersecurity, we do the same thing through access control, patch management, and incident response. These things are foundational basics that we consistently need to do well. There will always be sophisticated tasks or problems that need solving, but it’s critical to not get distracted from getting the basics right. The Army’s emphasis on meticulousness in everything one does got me in the habit of continually practicing good security habits as a CISO.
From maintaining strong security practices to managing people, the role of a CISO can be a dynamic and challenging one. I’m grateful that I can draw from my experiences and lessons learned during my time in the military to navigate challenges and lead my team in the right direction.