Could soldiers, sailors and spies make better CISOs?

Military-trained information security professionals tend to have a better initial understanding of the concepts that are native to security and may even hold data in a more sacred position than a civilian counterpart.
— Ewan Lawson

In an insightful article on SC Media.com, Max Metzger asks the question, could soldiers, sailors and spies make better Chief Information Security Officers? He looks at how business has long co-opted the language of the military to promote leadership, fight adversity, work as a team, and achieve difficult goals - and asks how much more relevant are actual military skills and thinking for a CISO fighting a live opponent?

He interviews four veterans in the article:

  • Chris Pogue, CISO at Nuix, an American veteran who enlisted in 1996 and went into the field artillery.
  • David Venable, vice president of cyber-security strategy at Masergy, and a six-year veteran of the US Air Force and the National Security Agency.
  • Brett Wahlin, an independent cyber-security professional and former CISO at Hewlett Packard Enterprise, who spent several years as a counter-intelligence agent in the US military.
  • Ewan Lawson, senior fellow for military influence at the Royal United Services Institute, an RAF policeman and since 2002 has held a variety of roles as commanding officer of the UK psychological operations group and within the Joint Forces Command, developing cyber-warfare capabilities.

 

Key quotes from the article:

  • Chris Pogue told the journalist that in the security industry, “you're really doing the same sorts of things you would do in the military, with just a different set of information.” He added: “The job of information security, runs in close parallel to that of a combat soldier.”
  • David Venable agreed, he said being in the military “creates a mindset on which you can easily build an infosecurity career”.  
  • Brett Wahlin, said he continues to rely on military experience in others and former military people tend to make up a good deal of the teams he works with. He said: “Much of the understanding that benefits an information security role, you gain from from the military doctrine that is instilled no matter what role you actually take in the military.”
  • Ewan Lawson said: “Military-trained information security professionals tend to have a better initial understanding of the concepts that are native to security and may even hold data in a more sacred position than a civilian counterpart.”

To read the article in full, click here.