Penetration Testing Services

From Military Cyberwarfare to Commercial Pen Testing

Tips, Tricks, and a Pep Talk For a Successful Transition

The following article is a discussion about helping you to best utilize your military skills to successfully transition into the commercial space.

Author: Conner Buell, Sr. Penetration Tester

Table of Contents

Do You Have What it Takes?

I am proud of my military service. I was able to serve my nation and earned a plethora of great opportunities and skills because of it. That being said….. I couldn’t wait to get out of the military! In the months leading up to my final day, I grew increasingly excited, but lurking anxiety began to crawl up. “Will I be able to find a job? Do I have the right skills to work in a commercial environment? Maybe I should stay in the military or be a defense contractor. That way, I won’t have to relearn everything I know and look like a fool.” As I drew nearer to fulfilling my contract, these questions and thoughts popped into my head. Doubts like these are not exclusive to me; nearly every veteran goes through a similar bought of self-doubt and worry. So, to any veteran or transitioning service member reading this, I would like to reassure you that you have all the tools at your disposal necessary to make this transition, and though you may not know it yet, you are primed to thrive.

Yes, You Have the Skills!

Whether you would like to admit it or not, the military equipped you with some useful habits and social tools. Your uncanny ability to always be on time, the resolve to maintain bearing in the most absurd circumstances, and mastery of courtesy will arm you well in the commercial world. Leaders and peers alike notice and respect these traits. In fact, during my interview process here at Redbot Security, I remember my first virtual meeting with CEO Brian Stearns. The first thing he said was, “Thank you for being on time” I remember thinking, “Wow, can I be thanked for that? ”. The hiring team quickly took notice of my timeliness and qlear communication. At the time, I believed anyone seeking a job would be just as timely. Apparently, that is not the case. This is where a veteran has the advantage. These traits don’t just help with getting hired but with the daily tasks of a Pen Tester. Clear, timely, and respectful communication with clients and coworkers can work wonders. The only tricky part is fighting the incessant urge to say “Roger That” or “Too Easy”. Besides filtering out the jargon, your military social training will help you to thrive in a commercial environment. So use and maintain those traits; you may be excited to leave the military but let’s not throw the baby out with the bathwater.

Adapt and Overcome

Another useful trait you have likely developed through your time in the military is adaptability. Many service members in the field of Cyber Warfare, myself included, have been thrown around a hundred different work roles and been expected to simply “figure it out.” While frustrating at the time, this certainly makes an individual quick to pick up new skills and an effective problem solver. It also provides you with a wide breadth of knowledge across the many domains of cyber security. All of which will come in handy. To succeed, penetration testing requires a diverse knowledge of many different environments, systems, toolsets, and technologies. Rely on your generalist mindset, incorporate strategies and techniques from your various experiences and adapt them to your new environment. You may test the wireless security of a law firm one week, an internal test on an ICS/SCADA system another week, and a web application test for a bank the following week. The number of skills necessary to succeed across all these domains is incredible, so having a wide area of knowledge and the ability to adapt quickly is essential. Your ability to adapt and overcome in any environment will be a game changer and allow you to excel in the ever-evolving field of penetration testing.

“Rely on your generalist mindset, incorporate strategies and techniques from your various experiences and adapt them to your new environment.”

Military Cyber Gives You a Hiring Advantage

When speaking with fellow veterans and service members involved in cyber, a theme that is commonly brought up is that they feel they do not have the knowledge or experience to successfully make the transition to the commercial sector. I certainly understand these feelings as I myself struggled with them during my transition to commercial penetration testing as well. Some service members believe their skills are too specific to the military, that they use different tools than the commercial sector, or even that their training was inadequate, and they do not have much of the requisite knowledge to move to commercial pen testing or similar fields. Many of these fears can be chalked up to imposter syndrome or simply doubt. Very few cyber-related work roles are so specific to the military that you cannot find a commercial use case. In fact, you may find that you are one of a select few people with the knowledge and experience to do some of the rarer types of penetration testing, including satellite or cellular testing. Many companies would be eager to hire anyone with experience with these technologies, which are often less common among testers with a civilian background. If you have a specialized or unique set of skills, investigate the commercial applicability before simply writing it off and shooting yourself in the foot without exploring an opportunity to succeed.

You Understand the Fundamentals

The next common fear is that most of a service member’s experience is with toolsets specific to the military or federal agencies. Again, I sympathize with this fear, but it is not something that should hold you back. You will be surprised to find that many of the technologies you used during your military service have very similar commercial alternatives that require only a minimal adjustment to become proficient. To prepare yourself, do some research on common penetration tools and their functions. You will be surprised that many of the tools you used in your early training are the same tools used in commercial Pen Testing environments. Familiarize yourself with these tools to make life easier on yourself both during the hiring phase and after you have secured a job. Even if there is not a similar commercial tool to what you are accustomed to, the important part is that you understand the fundamentals of how certain scans, attacks, systems, exploits, and payloads function.

Your Training is Superb

Many service members feel as though their training or knowledge is inadequate. From my experience, the training, especially early on in your career, is superb. It was just so long ago you forgot how much you learned. At the very beginning of most cyber warfare service members’ time-in-service, they attend a grueling cyber security course. Those who have participated in this course will remember that this is a six-month course, eight hours a day, every day, learning cyber security and computer science fundamentals. This provides many cyber warfare service members with a profound understanding of foundational knowledge about computing, cyber security, and more. A course that can provide someone with such an in-depth yet broad knowledge of cyber security is difficult to come by in the civilian world. With the exception of certain university programs, you will be unlikely to find a course that will better educate you on the prerequisite knowledge necessary for working as a Pen Tester or other related cyber security field.

Check Out these “Cool” Programs

If you are a service member that still has some time in service and is thinking about transitioning to Pen Testing but do not feel knowledgeable enough, then use one of the many military training programs you have access to. The Army has the COOL ( Credentialing Opportunities On-line) program. This program will provide you with a system to find and pay for certification programs. Assess what skills you feel you lack the most and use the program to educate yourself. Other branches have similar credentialing assistance programs as well. Many Commands will also have vouchers available for various certifications, talk to your supervisors to see how you can claim one of these vouchers. Additionally, the Department of Defense (DOD) has the Skill-Bridge program. This program is designed specifically for the purpose of assisting you in transitioning to the commercial sector. The program allows a service member to work as an intern for a civilian company for up to six months; all while still being paid by the DOD. similar commercial alternatives that require only a minimal adjustment to become proficient. To prepare yourself, do some research on common penetration tools and their functions. You will be surprised that many of the tools you used in your early training are the same tools used in commercial Pen Testing environments. Familiarize yourself with these tools to make life easier on yourself both during the hiring phase and after you have secured a job. Even if there is not a similar commercial tool to what you are accustomed to, the important part is that you understand the fundamentals of how certain scans, attacks, systems, exploits, and payloads function.

You will Soar!

By no means is this post meant to convince service members to leave the military. The intent here is to clear up some doubt and properly explain the opportunities available to service members who would already like to separate. In fact, I would say to those wishing to start a cyber-security or Pen Testing career but have no experience or means to educate or certify themselves that the military can be a wonderful way to break into the field while serving your nation. You can enter the military with almost no computing or security knowledge whatsoever, and leave with all the essential knowledge, traits, and social habits necessary to enter the cyber security field and thrive. So to all the service members reading this. You have a professional appearance, demeanor, and manner of speech. You have timeliness, sensibility, and adaptability. You have excellent cyber security knowledge, training, and certifications. You have many military programs you can leverage to round out any skills you are missing. You are prepared, ready, and able to make this transition. Get after it!

Picture of Conner Buell

Conner Buell

Conner brings 6+ years of military cyber operations experience and served as a Cyber Operations Specialist with the work roles of Special Activities Team (SAT) Technician, Expeditionary Cyber Operator (ECO), Information Operations Operator, and Pilot Operator. Conner emulates malicious actors and provides the customer with the knowledge necessary to prevent a security incident before it happens – Simulating Real World Attacks – Before they Become Real…

Pen-Test Project Quote

Penetration Testing Service Provider

Our expert team will help scope your project and provide a fast and accurate project estimate.

Contact Redbot Security

Related Articles

Pen Testing Industrial Control Systems

ICS/SCADA Penetration Testing: Where to Start

Becoming proficient in Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) network testing can appear daunting as there are fewer learning resources.

Read More »
IDOR Fix

Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference (IDOR) vulnerabilities pose a significant risk to the security of web applications, allowing attackers unauthorized access to sensitive data and functionalities. By understanding the implications of IDOR and adopting secure coding practices, web developers can protect their applications and users from potential exploitation.

Read More »
Common Attacks

Microsoft Windows Laptop Security

Malicious actors prey on weak configurations like locusts. Microsoft, despite knowing that their operating systems, have inherent weaknesses have done little to enhance their initial security outside of remediation for publicly known vulnerabilities.

Read More »
Ransomware Nightmare

Android Malware

The likelihood of a cyber attack on a mobile platform is significantly high, but how difficult is it for a malicious actor to generate malware? You might be surprised.

Read More »
Network Pen Testing Companies

Attack Surface Management (ASM)

Today, cybercriminals have plenty of entry points to exploit. Therefore, it has become crucial for organizations to improve their attack surface visibility to have more effective protection. This is where attack surface management (ASM) comes into play. This article will explore all about attack surface management (ASM), including its importance, working principle, and benefits.

Read More »
The Impact of Data Breach

The Impact of a Data Breach

Increasingly, investors see proactive cybersecurity spending as a hallmark of strong corporate governance. It can be factored into how they value a company’s resilience and risk profile

Read More »
mass assignment vulnerability- Web Application Security

Mass Assignment Vulnerabilities

Mass Assignment Vulnerability occurs when a web application allows users to submit a more extensive set of data than is intended or safe. The potential consequences of this vulnerability can be severe

Read More »
Red Team vs Penetration Testing

Evolving Your Cybersecurity: From Penetration Testing to Red Teaming

While penetration testing is valuable in identifying technical vulnerabilities, red teaming provides a more holistic assessment by simulating realistic threat scenarios. By embracing red teaming, organizations can bolster their defenses, uncover weaknesses, and stay one step ahead of sophisticated adversaries.

Read More »
How to prevent active directory attack

AS-REP Roasting

Kerberos Authentication Service Response (AS-REP) Roasting, a technique similar to Kerberoasting, has gained prominence as a method for attackers to compromise Active Directory (AD) authentication systems.

Read More »

Cyber threat news feed

Check out the latest cybersecurity news around the globe

Cymbiotic will provide unparalleled security insight with the ability to manage teams, clients, on-demand testing with rapid internal VM deployment […]

Pen-Test Project Quote

Penetration Testing Service Provider

Our expert team will help scope your project and provide a fast and accurate project estimate.

Contact Redbot Security

Security Management Platform

Cymbiotic is a revolutionary, scalable platform providing unparalleled security management: on-demand testing, secure reporting, and remediation tracking, while also acting as an advanced attack surface management platform ... for every network.
Show Buttons
Hide Buttons