Ex-soldiers to become ethical hackers

A new programme will give armed forces veterans in Scotland a grounding in cyber security skills, including penetration testing and ethical hacking

Scottish armed forced veterans are taking part in an eight-week penetration testing course as a pilot programme designed to teach former soldiers new technical skills and help address the business critical shortage of trained cyber security professionals.

The ethical hacking programme is being run as part of Cyber Scotland Week by Skills Development Scotland, social enterprise SaluteMyJob, Abertay University, IBM, and tech startup Skillzminer. Additional support will be provided by the Veterans Scotland charity and the Scottish Business Resilience Centre.

A preparatory introductory course at Abertay held earlier in February was attended by 30 ex-military participants, expanding on SaluteMyJob’s established Cyber Skillsbuild programme – which has retrained more than 350 veterans to date – with additional specialist training from Skills Development Scotland.

SaluteMyJob was set up specifically to offer consultancy, recruitment and training services to employers looking to help ex-servicepeople and reservists into employment in the security space. It helps employers plan and put in place structured, sustainable and measurable programmes for veterans and aims to increase demand ‘pull’ for veterans as employees, contractors or consultants.

“Service men and women have the knowledge, skills and experience to transition relatively easily into well-paid jobs in cyber security,” said Andrew Jackson, SaluteMyJob managing director.

“Most think cyber is deeply technical; in fact, generalist military training is ideally suited to roles as security consultants, incident and operations centre managers, as well as more specialist roles such as penetration testing.”

Recent research conducted by Skills Development Scotland suggests there are around 13,000 job openings per annum in Scotland’s digital sector, with security in particular being one of the fastest growing areas, according to the organisation’s digital technology sector manager, Claire Gillespie.

“This pilot explores new and innovative ways of ensuring we can meet the demand for skilled workers. Military personnel bring a raft of relevant skills ideally suited to cyber roles, and our aim is to build a new pipeline of much needed talent for the tech sector,” she said.

Course participant Richard Barratt, a former marine with 45 Commando in Arbroath, said: “The support, guidance and advice SaluteMyJob has provided me in supporting my career transition into a cyber role has been excellent and testament to the team’s hard work and dedication.

“In addition, the opportunity and privilege of attending two of their courses has attracted the attention of several high-profile organisations in my current search for a new role.”

The programme aligns closely with the Scottish government’s Cyber Resilience Action Plan for Learning and Skills, which was set out in 2018 and aims to develop cyber resilient behaviours and build a base of security professionals within Scotland.

While cyber security itself is a reserved matter, the Scottish government believes it has “strong implications for the delivery and resilience of devolved services”. Its plan also aligns with the UK’s wider National Cyber Security Strategy, and the Scottish government works alongside Westminster and the National Cyber Security Centre (NCSC) to ensure joined-up policy at both the national and devolved level.

The Scottish government estimates there may be as many as 840 unfilled security jobs in Scotland in 2020 alone, for a number of reasons, including failure to promote security as a career option in schools; a lack of people choosing Stem subjects, especially girls; the relatively small scale of the Scottish cyber security industry; and a tendency for people with relevant skills to move elsewhere in the UK, particularly southeast England, to pursue work in the industry.

Read more about security skills

  • The British education system cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution.
  • There has been an active effort by the UK government to tackle the lack of skills in the cyber security space – but is it enough?
  • The cyber skills shortage is leaving businesses at increased risk of attack as organisations continue to struggle to fill security-related positions, a survey shows.

Read more on Security policy and user awareness

Data Center
Data Management