Threat Intelligence

5/21/2018
07:30 AM
Connect Directly
Twitter
LinkedIn
Twitter
LinkedIn
RSS
E-Mail vvv
0%
100%

What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity

Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.

Over the past few years, alumni of the elite Israeli Defense Forces' Unit 8200 have become known for founding cybersecurity startups, including the two co-founders of Cybereason, where I work, along with many of my colleagues — both men and women. At 18, I was picked to serve in Unit 8200. The experience sparked my interest in both military intelligence and my current career as a security researcher. 

Surprisingly, despite its notoriety and success, Unit 8200 doesn't follow a conventional recruiting model. Technical skills aren't a requirement; the unit values traits that indicate leadership and problem-solving skills, using hiring processes that build women leaders and serve as an example for the private sector to address the current security talent shortage. Here are five best hiring practices from Unit 8200.

Practice 1: When recruiting, look beyond the traditional candidate profile.
Traditionally, when filling entry-level security positions, organizations look for candidates with either IT or computer science backgrounds. Hiring managers want script kiddies and computer gamers to fill those jobs. But hiring people with only these profiles limits the workforce's diversity. In reality, men outnumber women in computer science degree programs (although not everywhere). In 2015, for instance, women earned 18% of all computer science degrees awarded in the US. That percentage is even lower for women of color, according to the National Center for Education Statistics. Meanwhile, females who like to geek out in their free time and play video games often face harassment and abuse. Ultimately, these situations lead to low numbers of women entering the IT and security fields.

Unit 8200 knows it's not going to find female candidates by looking for recruits with conventional backgrounds. Instead, candidates with general traits that indicate success in tech fields are sought. These include critical thinking, the ability to learn skills on their own, leadership, problem-solving skills, and good interpersonal skills. As for technical skills, Unit 8200's leadership assumes those can be acquired later.

As part of its recruiting program, Unit 8200 runs tests designed to identify individuals who can handle stressful events, are team players, can find innovative solution to various problems, and, most importantly, are coachable. Recruits who pass these tests undergo extensive training that teaches them any technical information they need to know. This training is followed by on-the-job training. This approach has helped Unit 8200 have an equal number of female and male soldiers.

Practice 2: Manage the high employee turnover rate.
Losing cybersecurity talent is a chief concern at many organizations. Unit 8200 is a great place to learn how to deal with high employee turnover since approximately 90% of its workforce only serves in the unit for five years or less. To handle this situation, Unit 8200 has a system to deal with high workforce churn. All the unit's soldiers serve in small squads. After finishing their training, new recruits are assigned a mentor who usually has served for about a year. That gives them enough time to acquire knowledge that's transferable while still being aware of all the challenges a newbie faces. There's a set cadence for promotion and succession. After about two years, the more accomplished soldiers receive officer's training to become squad commanders. They're replaced by the soldiers who were recruited the year before. In an environment of constant but planned turnover, capturing and sharing knowledge is key and important information is kept in secure systems.

Practice 3: Provide a seat at the table.
Women in the workforce often feel excluded from discussions on topics about which they have extensive knowledge. But in Unit 8200, subject matter experts discuss critical military matters with top commanders, regardless of gender or how junior they are. For example, a 19-year-old female soldier briefing a chief of general staff in the IDF is not uncommon. This provides them with an opportunity to participate in the decision-making process, a chance that's rarely given to females early in their careers.

Practice 4: Fight "impostor syndrome."
Some women harbor the false belief that they're not qualified for their jobs, despite their professional accomplishments. This is known as "impostor syndrome," the psychological perception that stymies women from advancing in their careers. At Unit 8200, which recruits young, untrained individuals, leaders emphasize recruits' abilities to learn and improve. During training, all individuals receive daily updates on how they're progressing with skill development. They're routinely praised for achievements and constantly reminded about how far they've advanced in a short period of time. Recruits are always reminded that their unique abilities led to them being selected for their roles in the unit, increasing their confidence. The unit's reward and promotion program, while helping motivate all the unit's soldiers, particularly boosts the self-worth of female soldiers.

Practice 5: Consider security industry takeaways.
In Unit 8200, diversity is welcomed. Having soldiers with different backgrounds leads to new approaches to problems. The security industry is filled with tons of complex problems that need solutions, problems that can't be solved if organizations only look to hire men with IT and computer science backgrounds because there aren't enough of them. There are simply are too many security jobs to fill.

People whose experiences are unconventional shouldn't be passed over for security jobs. The security industry (and the greater technology community) needs to realize that technical skills alone do not make a person qualified. Many women who lack a technical background but possess keen problem-solving skills, great communication abilities and strong leadership qualities would be eager to pursue a security career. They just need someone to give them the opportunity.

Unit 8200 has demonstrated that its approach to finding security talent works. The private sector should take note. In Israel, just 26% of the tech positions are held by women. And the situation isn't much better in the U.S., where women hold 25% of those jobs. Gender diversity is even worse in cybersecurity; women comprise only 11% of the global workforce. If the methodologies used by Unit 8200 to recruit and promote women are adopted by the private sector, not only would security teams become more diverse, the security talent shortage wouldn't be so acute.

Related Content:

Lital Asher-Dotan, senior director of research and content at Cybereason, has 15 years of experience working with tech companies. Asher-Dotan is a veteran of Unit 8200 of the Israeli Defense Force. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BPID
50%
50%
BPID,
User Rank: Strategist
5/21/2018 | 12:54:43 PM
Excellent
Well written and informative.
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.