What is security clearance
There are three types of security clearance levels:
CONFIDENTIAL
This clearance level is issued to personnel that need to access material, which, if improperly disclosed, could be reasonably expected to cause some measurable damage to the national security. The vast majority of military personnel are given this fundamental level of clearance.
SECRET
This clearance level is issued to personnel that need to access material, which, if improperly disclosed, could be expected to cause serious damage to the national security.
TOP SECRET
This clearance level is issued to personnel that need to access material, which, if improperly disclosed, could be expected to cause exceptionally grave damage to the national security if it was released without authorization.
Some government positions require an increased level of sensitivity, but not a security clearance. These are public trust positions. The investigation for public trust positions is similar to the clearance levels listed. It is often misrepresented as the fourth type of clearance; however, it is not considered a clearance, just an investigation type. If you have worked on a public trust position before, that could have you viewed as a “clearable” candidate, meaning you could obtain on of the clearance levels listed.
The Veteran Appeal
Obtaining a security clearance while in the military is beneficial for when you transition out and back into civilian life. Most federal contracting companies and the government alike love employing veterans. There have been studies released that suggest veterans are more productive than their civilian counterparts and maintain higher retention rates. That is especially attractive to a contracting company that could spend thousands of dollars on obtaining or maintaining a security clearance, performing background checks, and other overhead costs. This makes a veteran with a security clearance a very appealing option to hire.
If you are seeking a career in cybersecurity with little to no prior experience, there are some entry-level options you could pursue. Though many of them do, not all of the jobs in the military that require clearance are related to technology. If you gained some IT experience, this will help you transition into a cybersecurity position. If you did not work in IT, but in intelligence, that too makes for a smooth transition into cybersecurity as well. You can emphasize the skills you gained. If you did not perform any IT or intelligence work, your leadership skills and security clearance still make you a valuable addition to any company.
The best job for you to pursue depends on your long-term career goals, previous experience. You should take time to access what skills you gained during your time in the military and what your ultimate career goal is.
Some of the items you should inventory:
- Do you have a degree? If so, what level (B.S., M.S., Ph.D.)? What was your major? A degree in any field can prove helpful in getting a position, but a technical degree can substitute years of experience in some cases.
- What were the details of your job in the military? As you prepare your resume, you want to be mindful of what you did and how that translates into skills pertinent to cybersecurity. Did you participate in activities that provided physical security support (standing watch or duty, for example)? Look at job postings you are interested in and pay attention to the language used. There may be things you did that you did not consider to be relevant to a job in cybersecurity.
- What are your short- and long-term career goals? Knowing where you want your career to go is helpful in writing your resume as well as your job search. The cybersecurity field is vast. It is a field, not just one job. Saying you want to work in cybersecurity should always be followed up with a specific job type. There are technical jobs; these include things like pen testing, security testing applications and systems, system administration, security architecture, cybersecurity analyst, and more. There are compliance related jobs that include, security auditors, cybersecurity engineering, testing could fall into this category as well. Information Systems Security Officers and Managers (ISSOs/ISSMs) fall into this category. They ensure systems are compliant with all required laws and regulations. There is also the management track. This is for people who want to manage security-related projects and organizations. Knowing where you want to be can help you determine where to start. If you’re interested in a technical path, then you want an entry-level job with some technical requirements to help build your skillset. You also want to look at certifications that could be helpful. Do you want to go to a management path or compliance? You potentially need a degree and possibly a more advanced certification (e.g., CISSP).
Below are a few positions to consider if you have a clearance, prior military experience, and a desire to work in cybersecurity.
Helpdesk Administrator
Working a company’s IT helpdesk is a great Segway into IT and potentially cybersecurity. This is a great entry-level position for someone with no prior IT experience. Working as a helpdesk technician, you help users troubleshoot their technical issues. Most helpdesks offer scripts for their technicians to follow to guide them in asking the right questions and finding a potential solution. You may encounter various types of issues that will build up your mental knowledge base of technical issues and their fixes—learning these tools to help you transfer to a more technical position such as a system administrator or tester.
System Administrator
Many organizations, depending on their needs and size, have slots available for Junior System administrators. This is another excellent entry-level option. Those with some prior IT experience they gained from the military, or maybe on a helpdesk position, are generally qualified for a junior sysadmin job. If you gained substantial IT experience, you could qualify for a higher leveled position or maybe a direct cybersecurity job.
Technical Writer
If you have a knack for writing and great attention to detail, this could be a great starter job. Some companies have openings for junior technical writers. However, if you have a B.S. in any field, that often substitutes 3-4 years of experience. You had to write to finish your college education. A technical writer writes technical documentation, procedures, guides, and other items. Some technical writers are responsible for website content and updates as well. Starting in technical writing, you get an opportunity to learn about technical things. Some technical writing positions are cybersecurity specific, meaning you learn about various cybersecurity things while writing.
Cybersecurity Analyst
The job requirements for a cybersecurity analyst vary. Many analyst positions are in support of Network Operations Center (NOC) or Security Operations Center (SOC) environments, but not always. Some of these positions in the NOC or SOC environment include evaluating malware, monitoring systems for abnormalities or intrusion or performing threat hunting activities using tools like Wireshark. Some analyst positions involve performing compliance analysis, ensuring the proposed architecture will be able to pass any future security audits. Or evaluating the proposed architecture for potential vulnerabilities and exploitable weaknesses. Many of these positions require some level of previous technical experience; however, having prior military experience with a clearance, some companies are willing to pair you with a more seasoned analyst and train you.
Cybersecurity engineer
As with the other jobs listed, there are junior and mid-level cybersecurity engineering jobs. A cybersecurity engineer is normally a mix of technical and compliance analysis. You would be responsible for analyzing the compliance needs of a system and ensuring the best solutions are implemented. This includes analyzing cost concerns, system requirements.
Conclusion
I’ve been in this position myself. I spent 4 years in the Navy as a Cryptologic Technician. I knew I wanted to work in cybersecurity (though back then, we used the term Information Assurance). As suggested earlier, I sat down and evaluated my skill set and my long-term career goals. The first job I secured after my enlistment was a Technical Writer for a Navy program office that provided IT systems for other DoD agencies. Knowing working in cybersecurity was my goal, I used the information I learned as a tech writer to advance into becoming a tester, which led to becoming a systems administrator. I spent years as a sysadmin to learn about architecture and operating systems. I used that to become a cybersecurity engineer. After a few years as a cybersecurity engineer, I had the time in the field to be able to sit for the CISSP. With the combined years of experience and CISSP certification, my career options opened. If I can do it, you can too.
Good luck in your career endeavors!