VetSecCon 2020, a convention focused on veterans wanting to get into or currently employed in cybersecurity has just taken place. The event took place over two days with the tagline “A world where no veteran pursuing information security goes unemployed.” Speakers were drawn predominately from veterans who are experts in their field. There were three separate tracks; Humanity, Technical and Transition.
While VetSec is a US-based 501c3 charity. It works with veterans from other nations including the UK. James Murphy, CEO, TechVets talked about how it was working to get UK veterans into cybersecurity. It will be interesting to see when TechVets runs its first convention. When it does, there will be a lot of interest in the transition track in particular.
Tom Marsland, board chair for VetSec opened by saying: “VetSec is a registered 501c3 nonprofit organisation, mainly based here in the United States. It accepts applications from all over the world, from 49 countries for veterans and active-duty military to help them transition into the cybersecurity and information technology industries. We’ve been around for a few years now, and this is our first time kicking off something big like this, so I hope you enjoy yourselves.”
Importantly, that focus on the veteran community made this very different from other conventions, even those around cybersecurity. Sessions were “issue-based” and “how-to” focused. There was no vendor participation which meant no marketing at the attendees. That despite three sponsors who advised on how to organise VetSecCon. They also paid for the infrastructure and Zoom channels to enable it to happen. Those sponsors were CrowdStrike, Quadrant Information and Layer Eight conferencing.
The Humanity track
The Humanity track focused on the individual. In an industry where long hours dominates, mental health and burnout are serious risks. For veterans, who are attractive to employers because of their mission-focused mentality, the risks are heightened. In addition, many employers worry about the risks of PTSD when employing veterans. Ironically, it seems that many are ignoring the risk of mental health among their entire staff.
Keynote speaker Chloé Messdaghi, VP of Strategy, Point3 Security, approached this saying: “One thing I will say is that this year has brought a lot of mental health up above the ground. What I mean by that is that those that didn’t have ever anxiety or depression are now experiencing these feelings. And it’s really hard for them because they never knew that they had these issues, or that they ever could feel this way.”
As well as mental health, there was much focus on exploitation from financial and fraud to non-consensual sexual and other types of exploitation. The dangers of what you send people and how it can be used to compromise you later were covered by several speakers. It’s an area where veterans and serving members of the Armed Forces should be aware. However, many don’t see the dangers until later when it can be used against them.
The Technical track
This was a wide-ranging track for those that wanted to learn new skills or just understand more about the industry. Several of the tracks walked the attendees through how to identify and locate malware. When the videos of this track go live, they are likely to see high levels of downloads as attendees look to glean all they can.
One of the standout session came from Lesley Carhart (@hacks4pancakes). Carhart has over a decade of dealing with digital forensics and incident response both in the USAF and as Principal Threat Analyst at Dragos. Carhart talked about Industrial Control Systems, an area where the number, intensity and destructive nature of cyberattacks is growing rapidly.
ICS is also an area where many cybersecurity teams are weak. They often don’t understand or see the threat as these are systems installed outside of their control or awareness. Carhart did not pull any punches over the issue of risk and its impacts. She also made it clear that veterans are: “Some of the best candidates to build these bridges and build these programmes that we need so badly in industrial control systems.”
Another well-attended session that is likely to get downloads is Omar Santos’, Build Web Application Labs with WebSploit. It was a great hands-on session that will appeal to those wanting practical skills. It washow-to is fine not alone. Many of the other sessions will be useful to those upskilling.
The Transition track
One of the hardest problems for many veterans is that transition from military to civilian life. It’s not just about a new working environment but also understanding what is expected in this new world. Many veterans have a lot of experience in their chosen trade but communicating that to employers who have a different frame of reference, is not simple.
When it comes to cybersecurity, there are a lot of different roles on offer. One of the big decisions is how to get a proper grounding before specialising. Several VetSecCon sessions talked about where to find resources, how to choose your route into cybersecurity and what certificates are worth having. For some military personnel, funding for those certificates is covered by resettlement grants. For others, it is about what makes sense financially, especially in the early days.
One of the benefits that VetSec has is that a number of its members either own their own business or are senior employees. They bring a lot of experience and knowledge to bear when it comes to what is expected of new hires. Some of this was given during the conference, but much more is available in the VetSec forums.
Enterprise Times: What does this mean
Veterans helping veterans is the core ethos for both VetSec and TechVets. With VetSecCon, VetSec took this further in giving veterans from all countries the information they need to get into and further their skills in cybersecurity. It’s also important to note that this is not just about veterans. At any given point in time, there are tens of thousands of serving military about to start their transition to civilian life.
What was surprising was that despite employers saying they want veterans with cybersecurity skills, it is still not the first career path that veterans target. The hope is that events like VetSecCon and groups such as VetSec and TechVets can change that.
One of the really important things, however, is that this was an open, non-country specific conference. Very little, except for a few things in the transition track, was US-centric. This was a major bonus and it means that once the videos are available, anyone can take advantage of them.
Few conferences ever truly address their tagline. VetSecCon with “A world where no veteran pursuing information security goes unemployed” is a good step on the route to meet that promise.