Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

07:30 AM
Connect Directly
E-Mail vvv

What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity

Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.

Over the past few years, alumni of the elite Israeli Defense Forces' Unit 8200 have become known for founding cybersecurity startups, including the two co-founders of Cybereason, where I work, along with many of my colleagues — both men and women. At 18, I was picked to serve in Unit 8200. The experience sparked my interest in both military intelligence and my current career as a security researcher. 

Surprisingly, despite its notoriety and success, Unit 8200 doesn't follow a conventional recruiting model. Technical skills aren't a requirement; the unit values traits that indicate leadership and problem-solving skills, using hiring processes that build women leaders and serve as an example for the private sector to address the current security talent shortage. Here are five best hiring practices from Unit 8200.

Practice 1: When recruiting, look beyond the traditional candidate profile.
Traditionally, when filling entry-level security positions, organizations look for candidates with either IT or computer science backgrounds. Hiring managers want script kiddies and computer gamers to fill those jobs. But hiring people with only these profiles limits the workforce's diversity. In reality, men outnumber women in computer science degree programs (although not everywhere). In 2015, for instance, women earned 18% of all computer science degrees awarded in the US. That percentage is even lower for women of color, according to the National Center for Education Statistics. Meanwhile, females who like to geek out in their free time and play video games often face harassment and abuse. Ultimately, these situations lead to low numbers of women entering the IT and security fields.

Unit 8200 knows it's not going to find female candidates by looking for recruits with conventional backgrounds. Instead, candidates with general traits that indicate success in tech fields are sought. These include critical thinking, the ability to learn skills on their own, leadership, problem-solving skills, and good interpersonal skills. As for technical skills, Unit 8200's leadership assumes those can be acquired later.

As part of its recruiting program, Unit 8200 runs tests designed to identify individuals who can handle stressful events, are team players, can find innovative solution to various problems, and, most importantly, are coachable. Recruits who pass these tests undergo extensive training that teaches them any technical information they need to know. This training is followed by on-the-job training. This approach has helped Unit 8200 have an equal number of female and male soldiers.

Practice 2: Manage the high employee turnover rate.
Losing cybersecurity talent is a chief concern at many organizations. Unit 8200 is a great place to learn how to deal with high employee turnover since approximately 90% of its workforce only serves in the unit for five years or less. To handle this situation, Unit 8200 has a system to deal with high workforce churn. All the unit's soldiers serve in small squads. After finishing their training, new recruits are assigned a mentor who usually has served for about a year. That gives them enough time to acquire knowledge that's transferable while still being aware of all the challenges a newbie faces. There's a set cadence for promotion and succession. After about two years, the more accomplished soldiers receive officer's training to become squad commanders. They're replaced by the soldiers who were recruited the year before. In an environment of constant but planned turnover, capturing and sharing knowledge is key and important information is kept in secure systems.

Practice 3: Provide a seat at the table.
Women in the workforce often feel excluded from discussions on topics about which they have extensive knowledge. But in Unit 8200, subject matter experts discuss critical military matters with top commanders, regardless of gender or how junior they are. For example, a 19-year-old female soldier briefing a chief of general staff in the IDF is not uncommon. This provides them with an opportunity to participate in the decision-making process, a chance that's rarely given to females early in their careers.

Practice 4: Fight "impostor syndrome."
Some women harbor the false belief that they're not qualified for their jobs, despite their professional accomplishments. This is known as "impostor syndrome," the psychological perception that stymies women from advancing in their careers. At Unit 8200, which recruits young, untrained individuals, leaders emphasize recruits' abilities to learn and improve. During training, all individuals receive daily updates on how they're progressing with skill development. They're routinely praised for achievements and constantly reminded about how far they've advanced in a short period of time. Recruits are always reminded that their unique abilities led to them being selected for their roles in the unit, increasing their confidence. The unit's reward and promotion program, while helping motivate all the unit's soldiers, particularly boosts the self-worth of female soldiers.

Practice 5: Consider security industry takeaways.
In Unit 8200, diversity is welcomed. Having soldiers with different backgrounds leads to new approaches to problems. The security industry is filled with tons of complex problems that need solutions, problems that can't be solved if organizations only look to hire men with IT and computer science backgrounds because there aren't enough of them. There are simply are too many security jobs to fill.

People whose experiences are unconventional shouldn't be passed over for security jobs. The security industry (and the greater technology community) needs to realize that technical skills alone do not make a person qualified. Many women who lack a technical background but possess keen problem-solving skills, great communication abilities and strong leadership qualities would be eager to pursue a security career. They just need someone to give them the opportunity.

Unit 8200 has demonstrated that its approach to finding security talent works. The private sector should take note. In Israel, just 26% of the tech positions are held by women. And the situation isn't much better in the U.S., where women hold 25% of those jobs. Gender diversity is even worse in cybersecurity; women comprise only 11% of the global workforce. If the methodologies used by Unit 8200 to recruit and promote women are adopted by the private sector, not only would security teams become more diverse, the security talent shortage wouldn't be so acute.

Related Content:

Lital Asher-Dotan, senior director of research and content at Cybereason, has 15 years of experience working with tech companies. Asher-Dotan is a veteran of Unit 8200 of the Israeli Defense Force. View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
5/21/2018 | 12:54:43 PM
Well written and informative.
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-27
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integ...
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2...
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.