Stuart Quick is a former Army Officer and has successfully transitioned into the cybersecurity industry. He is now a Managing Consultant at IBM. SaluteMyJob chats to Stuart to find out more about how ex-military personnel can add value to an organisation and what hard and soft skills does IBM look for when recruiting for cybersecurity roles.
SMJ: What is your role at IBM?
STUART: I am a Managing Consultant and my primary role is maintaining and managing the security of a number of projects, providing advice and guidance to internal stakeholders and also liaising with security teams in client organisations.
SMJ: How did you transition from the Army into your role at IBM?
STUART: I had very little cybersecurity experience in the military but developed my cybersecurity skill set in previous roles - I came out of the Army and went into private security. I saw information security as a growth area that would ultimately end up encompassing physical security, so I decided to follow that path. I began to retrain and also incorporated some of that training into the work we were doing with clients in my previous company, Henderson Risk Limited. My leadership, management, organisational skills - all the soft skills I had developed in the military, have also been very useful and I made a full transition to pure cybersecurity work just over three years ago.
SMJ: How many veterans/reservists does IBM employ in the UK?
STUART: There isn’t a clear figure for this as data protection laws make it difficult for us to collect this information. However, IBM is working with veteran service organisations to help military veterans prepare for careers in the expanding field of advanced data analytics and cybersecurity.
SMJ: Does IBM do anything specifically to attract/retain veterans at IBM?
STUART: We encourage our former veterans and current reservists to introduce candidates and many of us engage with our personal military networks. In terms of retention, the main focus comes from our Military Services Community. The purpose of the community is to provide people with the opportunity to expand their network within IBM, to get involved in events we organise, for example Armed Forces Day and Poppy Collections. Some people engage in charity events and reach out to other people on the community. It’s a community where you can share ideas and ask questions with like-minded people. We are also working towards signing the Armed Forces Covenant.
SaluteMyJob, in partnership with IBM and Corsham Institute run an i2 Analyst Training course, to qualify former or transitioning Armed Forces' personnel on IBM i2 Analyst’s Notebook software. We have held five courses since 2015, with a 100% pass rate - with 75 ex-military candidates now qualified as data analysts. We will be running a further three courses this year - find out more here: https://www.salutemyjob.com/i2course
SMJ: There is a notable skills gap within cybersecurity – why do you think veterans could be best placed to fill these gaps?
STUART: From our perspective, the characteristics we look for when recruiting people to work for IBM generally fall into two areas. The first one is soft skills and the second is relevant skills and experience. We look for soft skills such as; team building, communication skills, problem solving, motivation, time management. All of which are skills and behaviours that ex-military people exhibit - and do very well.
The second area we look at is around relevant skills and experience. Members of the Armed Forces are becoming more and more involved in Information and Communications Technology (ICT) and so we are always keen to hear from people who have worked in, or maybe led, technical teams in the military.
Technology plays a significant role in the military which leads to service personnel being exposed to networking, communication systems, cybersecurity, information security and the intelligence aspects associated with these areas. So clearly, if people in the Armed Forces have these skills already, then they are obvious candidates to help address the skills gap.
SMJ: What hard and soft skills does IBM look for when recruiting people within their Security Business Unit?
STUART: Soft skills: Teamwork, communication skills, problem-solving, time management and prioritisation. Hard skills: We are interested in talking to people who have worked in any technical branch in the Armed Forces, and especially where people have been in cybersecurity or cyber intelligence roles. These people generally have some key core skills such as computing and networking and so can pick up new skills quickly with those who have worked in cybersecurity having an even greater advantage. You do also see veterans with relevant non-technical skills or experience, gained through roles in strategy, capability or procurement.
SMJ: How does the knowledge, skills and experience of veterans and reservists make them a good, if not better fit for your cybersecurity roles?
STUART: Those that have worked in the cybersecurity space will have very good real life examples of protecting a multitude of different assets in a range of hostile environments. Additionally, another aspect that is quite unique to people from the armed forces is that they have an ingrained security mentality or culture. Armed Forces leavers have a inbuilt understanding of threats, vulnerabilities, risk mitigation and risk management and are used to handling sensitive information.
SMJ: Which cybersecurity roles in IBM are veterans and reservists best suited to?
STUART: We have service leavers working as Security Intelligence Analysts, Secuity Operation Centre Analysts, Information Assurance and Security Consultants and in Security Sales.
SMJ: How do ex-military personnel and reservists add value to an organisation?
STUART: They have a positive work ethic, are highly adaptable and quick to learn and apply new skills. As well as all the things you take for granted like, being well-organised, self-motivated, self-managing - it creates quite a formidable package.
SMJ: What advice would you give to ex-military jobseekers looking to work in the cyber security industry?
STUART: For those people who have not left yet but are preparing to leave, the key is qualifications. They have got to start turning their experience and skills into qualifications - because getting through CV sifts without qualifications will be challenging. The five qualifications people should look at and what I would recommend are:
- The British Computer Society offer a good course called Information Security Principles.
- They also offer four or five ‘practitioner courses’ suited to people with more technical experience.
- Other popular certifications are CISSP (Certified Information Systems Security Professional) and CISM (Certified Information Security Manager). These are more expensive, and require a level of mandatory prior experience but are industry benchmark qualifications.
- ISO 27001 Implementer and Auditor courses offer a good grounding in managing information security within organisations.
- There are also a number of Ethical Hacking and Computer Forensic courses available for those more technically minded.
For people who have already left and are looking at moving towards into cybersecurity, it is about identifying opportunities in their current workplace where they can get involved in information security. This will help build their cyber story on their CV by requesting or volunteering to be an internal auditor or maybe helping to project manage a cyber-essential certification. Many ELCAS training providers offer cyber security related course so you will also be able to use ELCs to help fund training.
SMJ: What advice would you give to people on how to best prepare for their transition?
STUART: Plan your resettlement training carefully and network extensively. Create a broad but relevant network, regardless of whether this will be a career change or whether you are in transition. Be prepared to accept that you may not have as much autonomy and responsibility as you may have had in the past.