How did you transition from your military career to your current role in InfoSec? Was it a natural fit, or did you have to make adjustments?
Rick Howard, CSO, Palo Alto Networks (RH): I was already in InfoSec when I was in the military. I had the technical skill sets. What I did not have was an understanding of business and business culture.
I knew coming out of the military after 23 years that I would have to adjust to a civilian setting and I consciously tried to do that.
But my first couple of performance ratings after I retired from the military had a lot of phrases like this in them: “Comes off as too stern,” “Employees are afraid to speak their minds when he is around,” and “Too direct in his taskings.” Like I said, I tried hard not to do those things but it took me a while to find the right tone in a commercial environment.
What advice would you give to service members who are interested in InfoSec?
RH: When many military people retire, they seek jobs with Defense Industrial Base companies like Northrup Grumman, General Dynamics, etc. There is nothing wrong with that. Those are good companies and the people there do good work in supporting our government and the military.
The leadership structure in these companies is very similar to the military structure -- very hierarchical — and there are a lot of retired military people working there. For many retired military, this is a comfortable place to be when they hang up their uniform for the last time. Some use this as a stepping stone to transition to a pure commercial job later in their civilian careers. Pure in this case means that the company’s primary customer is not a government. Other retired military stay and have productive and engaging careers in this Defense Industrial Base space.
I did not do either of those. My first job after I retired from the military was with a commercial security firm that had no ties to any government. I threw myself into the deep and cold waters of the pure commercial pond. I am not saying my way is better but it did force me to learn about the commercial space a lot faster than I would have going through some transitional period. On the other hand, I did rub a few “pure” civilians the wrong way as I stumbled my way through the experiences.
Are there any particular strengths that you feel veterans bring to the InfoSec market?
RH: A common theme between the military community and InfoSec community is that there is an adversary that can and must be stopped; an adversary that we must prevent from being successful. That idea binds the two communities together.
Sign up for CIO Asia eNewsletters.