At Bishop Fox, we are thankful to have Veterans amongst our ranks translating their work in national security to supporting our offensive security services. If you peek around the Fox Den, you will find Veterans working across the organization in a variety of roles and responsibilities. While many previously served in cybersecurity roles, others embarked on a civilian career transition armed with the unique values, discipline, and experience gained from military life. No matter the type of military service, two common threads are interwoven amongst our Veterans:
- Invaluable lessons and experiences that military service bestowed upon them
- Their deep passion to serve and protect others
That’s why today (and everyday) is the perfect occasion to celebrate our modern military heroes and their service and commitment to their country. We recently talked with our Veterans about how their paths led to Bishop Fox, why they are inspired to work in cybersecurity, and lessons from their military service that translate into the civilian workforce.
Featuring
- Andy Doering, Sergeant, U.S. Army, Adversarial Operator Bishop Fox
- Brock Logan, Major, U.S. Air Force, Analyst I, Bishop Fox
- Christopher Todd, First Class Petty Officer, U.S. Navy Reserves, Director of Information Security, Compliance, Bishop Fox
- David Edwards, Corporal, U.S. Marine Corps, Analyst II, Bishop Fox
- Jessica Stinson, Staff Sergeant, U.S. Air Force, Security Consultant II, Bishop Fox
- Shad Malloy, Petty Officer Second Class, U.S. Navy, Managing Senior Consultant I, Bishop Fox
What inspired you to enter the cybersecurity/tech field?
Brock: I’ve always had an affinity for computers. I was well on my way to earning a Master’s degree in 2017 when I first learned that ‘penetration testing’ was actually a thing. I retained an interest in the field, mostly listening to podcasts and dabbling in some CTFs with friends and my brother from time to time. It always seemed like a dream job to me!
Andy: I found cybersecurity through the military. My undergraduate degree is in graphic design, and I worked as a graphic designer for a couple years after college. I enjoyed the work, but I really didn’t enjoy the industry. While looking at career changes, I began to explore the idea of enlisting in the military. I have many immediate family members who were prior service members and first responders. The call to serve at some point won out in terms of where to go next, and I found myself in a local Army recruiting office reviewing occupational specialties. I wanted to fly helicopters; however, I chose a cyber-related military intelligence MOS (35Q/Cryptologic Network Warfare Specialist) that had just opened. I felt confident about how much I thought I knew about computers after spending the last few years designing in pretty much every digital medium possible. However, I found out just how little I knew once I got to the schoolhouse and the technical training kicked off. The rest of the story is one that I'm sure most cybersecurity service members are familiar with.
Christopher: When I left active duty in 2009, I wanted to use the skills I learned from the Navy. I enjoyed the computer work that I did so it made sense to go into the IT space. While I was working on my degree, I needed to choose a specialty and security piqued my interest. So, I stayed with it, found jobs in the field, continued my education, and really liked what I was doing.
David: My mother was an electrical engineer, building circuit boards for water companies. Watching her create electrical circuits was fascinating to this 10-year-old. I dove into computers and electronics growing up with the Y2K generation and decided to help create the technology-age of today.
Jessica: After leaving the Air Force, I watched the headlines closely and noticed the number of cyber incidents occurring across the globe. Once I spoke with my professors and did a little research, I realized how broad and interesting a career in cybersecurity could be.
Shad: When I got out of the Navy, I did industrial controls and built networks to support them followed by network and systems administration roles. After a while, I realized the only part I really enjoyed was malware analysis. That led me to taking some courses and getting my first penetration testing job. Ultimately, I think I liked the aspects of IT where you solve puzzles.
What brought you to Bishop Fox?
Andy: I really only knew the realm of cybersecurity from the singular lens of the Department of Defense (DoD). After years of working in a very niche enclave, I really wanted to expand into the private sector and join the rest of the computing world. After researching Bishop Fox, I jumped at a referral opportunity.
Brock: I saw Bishop Fox’s posting on the DoD’s Skillbridge site. Skillbridge is a program designed to help service members build skills to gain employment after the expiration of their service contract by allowing them to be unpaid interns during the final six months of their service (while still maintaining their military pay and benefits). It’s a clever win-win; companies get free workers, and service members get the chance to develop new skills prior to exiting. I had been searching for various tech-related options hoping to leverage my degree, but I was so struck by the posting and Bishop Fox’s awesome website that I just had to put out a feeler. I was fortunate to get an internship, and from day one, I knew this was a company I would love to work for. Now four months later, I’m fortunate enough to say that I do!!
Christopher: When I was searching for jobs a friend of mine who works for a security company said, “The toughest job in this industry is working security for a security company, having to convince people who probably know more than you to do things they don’t want to do but know they should do.” I wanted that challenge, so when I was searching for jobs and came across Bishop Fox, I knew this was the organization for me.
David: Bishop Fox was a consulting company I had used in the past. I enjoyed working with the consultants on the various projects and jumped at the chance to start hunting the vulnerabilities instead of fixing them.
Jessica: I am part of a cybersecurity club in downtown Tampa and heard about job openings through another member. I was interested in Bishop Fox because they were doing exactly what I wanted to do as a cybersecurity professional and specialize in hacking. While in my final semester of graduate school, I landed an internship with Bishop Fox. The internship helped me get a fresh look at testing actual networks and applications outside of CTF environments.
What do you find meaningful about your work in cybersecurity?
Andy: It's a captivatingly multi-faceted arena to operate in. There is a myriad of areas to specialize in and they are all related to one another. Additionally, the amount of technology in our lives now means that the power we have as cyber professionals to help and protect people is both vast and deep. I find that meaningful in that my day is always filled with new things to learn, fresh challenges to solve, and most of all that my work helps people.
Brock: I think about this from a mostly philosophical perspective. I see the various ways technology is growing increasingly intertwined with our lives and society, and I think this is generally a good thing. But having spent over a decade protecting our nation, I’ve also seen a great number of clever ways in which our technologies can be abused. So I think cybersecurity is a requisite underpinning for a technologically integrated society to flourish. The TL;DR is that I think it is important work and a way to provide for the good of all.
David: Learning new attack vectors and skills is always inspiring. There is an exceptionally wide spectrum of subjects a security professional can dive into and explore.
Jessica: I have the unique opportunity to help organizations and individuals become more secure, which is incredibly rewarding. Furthermore, with the growing number of devices finding their way into our homes and pockets, there is no shortage of work that needs to be done. At the end of the day, I like to think I am doing my small part in stopping a potential breach from occurring which could harm individuals as well as an entire organization.
Shad: I’ve worked in government and private industry doing both red and blue team roles. At one government agency, I worked directly with Native American populations and enjoyed helping historically underserved populations in that role. At Bishop Fox and in the private industry in general, I’ve had a chance to be a mentor to junior consultants, seeing people pop their first shell is just as exciting for me as for them.
How have you translated your military experience to civilian work, including your cybersecurity role?
Andy: The technical aspect is certainly identical and translates fairly equally. I think the other important aspect is the soft skills you have built up and bring with you, both in how to manage and improve yourself as well as your team. Being in the military teaches you a lot about how to care for yourself and those around you, while working toward a common goal.
Brock: The military instills a great number of valuable workplace skills; innovativeness, organization, communication, and proactiveness, among others. Additionally, aviation requires learning a great deal of information repeatedly throughout one’s career. General aviation rules change from time to time, and every time you change airframes, there’s a whole new set of flight characteristics, operating procedures, and tactics to learn. It instilled in me a great capacity to learn, which has been very important in this transition. There has been a LOT to learn, as there’s not a ton of overlap between flying and cybersecurity, but my past career left me well-equipped for the task!
Christopher: The Navy core values of Honor, Courage, and Commitment are my most important takeaway. The military helped shape my work ethic and taught me there were bigger things than myself. Employees must think about the company, just as much as their job.
David: Leadership and self-confidence are skills I would not trade for anything. The ability to be decisive, act upon a choice and then be responsible for those actions are paramount in this field.
Jessica: My position in the military was not related to computers or computer security by any means. However, as an enlisted aviator, I was taught the importance of attention to detail in my work. This skill is by far one of the most transferable skills I have used as a security consultant. Oftentimes, we will work on an engagement and will not see much of interest at first glance. It’s when we dig into the details and review those slight differences in output, we can find crucial parts needed to solve the puzzle.
Shad: I operated reactors for the Navy. All ships out to sea are self-contained and you must rely on everyone around you. It made me unafraid to admit when I didn’t know something or had a question. I think a lot of Veterans have enough experience in life that they can set their ego aside and ask for help and learn from anyone.
What advice would you give fellow Veterans or current Service Members who may be interested in joining the industry?
Andy: The best advice I can give is to show passion and initiative. It's always the interesting personal projects that stand out the most from the applicants. For example, GitHub profiles highlighting passion projects or CTF write-ups are something I always enjoy reviewing, and it really helps make a candidate memorable amongst peers. It also helps demonstrate additional ways that a candidate can help fill the existing requirements we have on the team, and often, it can be the defining factor when certifications and experience are fairly equal between two separate applicants.
Brock: First, transitioning is scary; leaving the support network that the military provides, especially when it’s all you’ve known for years, or possibly ever. But it helps to remind oneself that most people in the world get along just fine without that network. This seems obvious, but it’s easy to forget when facing down a big life change.
Follow your heart, not the money. There are plenty of ways to make money in the world; the best thing for your mental/physical health is to seek out something you enjoy doing, rather than chasing the mighty dollar to the detriment of your wellbeing. Additionally, happy workers tend to be better workers, and if your company is worth its salt, they should notice and value a worker who legitimately cares about what they’re doing.
Jessica: Get involved and network. There are so many resources available out there for Veterans interested in this career field, from certifications covered by the GI Bill to mentorship groups and cybersecurity meetups. Moreover, there are a ton of free and inexpensive resources that will allow you to work on getting upskilled right from home. Finally, do not be afraid to get started and get your hands dirty with the technical stuff because it is the best way to learn.
Shad: Don’t be intimidated. The industry is full of non-traditional people who didn’t come straight from college. Cybersecurity is a huge industry, and there are so many niches that you can find or make your own to become an expert.
Discovering a Civilian Career Path
Regardless of whether you’re a junior enlisted member or a retiring general, everyone’s time in the military eventually ends, and it becomes time to move on to the next career adventure. Consider the circumstances surrounding your transition, the life you want to have for yourself, and set goals to help you get there. Goal setting helps to hold yourself accountable and determine the path from where you are to where you want to be...and maybe, just maybe, that path will lead you to the cybersecurity community.
We are hiring! Look at our Careers page to see if there is an open role that fits your interests!
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.
Dec 12, 2024
Our Favorite Pen Testing Tools: 2024 Edition
Oct 15, 2024
Off the Fox Den Bookshelf: Security and Tech Books We Love
Sep 17, 2024
Navigating DORA Compliance: A Comprehensive Approach to Threat-Led Penetration Testing
Aug 28, 2024
Offensive Security Under the EU Digital Operational Resilience Act (DORA)