How military leadership prepares veterans for cybersecurity success

In this Help Net Security interview, Warren O’Driscoll, Head of Security Practice at NTT DATA UK and Ireland, discusses how military leadership training equips veterans with the mindset, resilience, and strategic thinking needed to excel in cybersecurity.

Drawing on habits such as disciplined preparation, blunt honesty, and adaptive decision-making, veterans bring a blend of defensive and offensive planning skills to high-stakes cyber operations. Their leadership experience fosters trust, cohesion, and problem-solving, qualities that can transform cybersecurity teams.

Can you walk us through how military leadership training shapes the mindset of veterans entering cybersecurity? What kinds of habits or values translate most directly into elite cyber performance?

So many ways! For a start, military leadership training instills a mindset focused on honesty and integrity, with a focus on objectives, logical decision-making, contingency planning and adaptability under pressure. Military personnel are trained to operate under both physical and mental stress, planning carefully for all eventualities within an ‘if this, then that’ framework. This aligns with cybersecurity’s emphasis on logical control planning and structured incident response.

What’s more, soldiers’ training equips people with both the defensive planning skills to operate in high-threat environments, and the offensive planning capabilities required for mission targeting. These are advanced skills. War-fighting is not linear but asymmetric and complex, with a mix of misinformation and hard and soft power plays. In many parts of the business world, these skills look out of place. But in cybersecurity, where subject matter experts must constantly think about the adversary’s position, and how offensive and defensive activities shape control planning, they are extremely valuable. Every soldier, regardless of role or function, comes with a pre-programmed security mindset, instantly differentiating their thinking from that of their civilian peers. Dozens of military practices and tools are directly transferable into industry-based cybersecurity, teaching quick but confident decision-making paired with communication up and down the chain.

Military life also instills a practice of arduous training that pays off in civilian life. In an environment where mistakes can easily cost lives, the armed forces are drilled in the need to practice skills until people’s responses are entirely automatic, giving them the mental capacity to think carefully while muscle memory takes care of essential and urgent tasks. These practices build enormous resilience and mental toughness, enabling veterans to pivot swiftly when under pressure while retaining their focus on delivering the mission. Such habits are often critical for the rapid response and recovery needed within cybersecurity environments.

Ultimately, the military drives a range of behaviors and thinking that, when enabled correctly, can significantly enhance organizations’ ability to deliver cybersecurity strategies and operations. These include the abilities to put your team first rather than yourself, to plan and train for the unexpected, to act with moral courage, honesty, and integrity, to shape decision-making around a realistic assessment of the opponent’s behavior, to deliver direct, to-the-point communications, to retain mental flexibility and resilience, and always to focus on delivering the mission.

Cybersecurity often involves high-stakes, high-pressure situations. How does veterans’ experience in critical missions prepare them for these moments? Can you share a time when that resilience made a difference?

After dealing with extremely high-pressure environments, in which making the wrong decision can cost lives, veterans and reservists have little trouble dealing with the kinds of risks found in the world of business, such as threats to revenue, brand value and jobs. What’s more, the time-critical mission mindset so essential within the military is highly relevant within cybersecurity, where attacks and breaches must be dealt with confidently, rapidly and calmly.

In the armed forces, people often find themselves in situations so intense that Maslow’s hierarchy of needs is flipped on its head. You’re not aiming for self-actualization or more advanced goals, but simply trying to keep the team alive and maintain essential operations. This ingrained focus on the fundamentals helps veterans to cut through the noise, think clearly, and take decisive and, when required, difficult decisions in high-pressure environments. This is valuable in the world of cybersecurity.

I remember one occasion on which a critical national infrastructure (CNI) client asked us to stand up a Security Operations Centre to address an emergency. This would normally take weeks or months, yet the military mindset made it possible to get it up and running 24/7 within a few days. In high-stakes, time-critical environments, veterans thrive, making the impossible possible.

How do veterans’ trust-building instincts and ability to foster strong team cohesion show up in cybersecurity teams or client-facing roles? Any stories that illustrate how they built or stabilized a team quickly?

Research shows that high-performance teams are often built around the ability to table, discuss and address the unmentionable, yet in my experience, many people in business don’t know how to have difficult conversations. This is a fundamental failing, for a lack of openness and honesty foments distrust and weakens teams’ ability to realize their goals.

Military experience, on the other hand, fosters unparalleled trust, honesty and integrity within teams. Armed forces personnel must communicate really difficult messages. Telling people that many of them may die within hours demands a harsh honesty, but it builds trust. Combine this with an ability to achieve shared goals, and military leaders inspire others to follow them regardless of the obstacles. So veterans bring blunt honesty, communication, and a mission focus to do what is needed to succeed. These are all characteristics that are essential in cybersecurity, where you have to call out critical risks that others might avoid discussing.

Veterans’ ability to provide a vision and lead from the front are another factor that enables teams to rapidly stabilize and succeed against tight deadlines, and this applies to experienced soldiers of all ranks. While people often assume that the military is intensely hierarchical, western forces favour a principle of local command. Those on the battleground are recognized to have greater situational awareness than distant officers, and are given the autonomy to make decisions and adjust tactics in-line with their operating procedures. You can’t micromanage people on the battlefield. Instead, personnel are empowered to act for themselves within the limits set by intense training and boundaries. These too are extremely valuable behaviors in staff combating cyber crime and attacks, enabling them to respond rapidly as threats evolve.

Clients often mention how refreshing it is to have someone come in and tell them the blunt truth, even when that truth may not be in our immediate interest. If they don’t actually need the latest equipment and their current kit is good enough, for example, I’ll say so.

From your experience, what kind of military roles or training most directly align with cybersecurity functions today? Any unexpected overlaps?

Roles in targeting and reconnaissance align surprisingly well with cybersecurity. People develop a threat-based mindset given experience in these fields, enabling them not only to identify and disrupt targets but also to understand how they themselves might be targeted. That dual perspective is invaluable in cyber threat intelligence, where anticipating an adversary’s next move is critical to staying one step ahead. Communication roles such as those in Royal Signals also offer helpful overlaps, providing experience in command, control and managing information flow under pressure. These backgrounds foster critical thinking, rapid decision-making, and resilience that are invaluable in cyber operations, even if the specific technical knowledge must be learned after transitioning.

Have you seen specific examples of onboarding or mentorship practices that helped veterans overcome those gaps? What made them effective?

Veterans come into the cybersecurity industry with strong ‘hardware’, resilience, leadership and logical thinking, for example, but often need to develop ‘software’ skills, such as specific cybersecurity knowledge, business experience, and familiarity with software. Effective onboarding focuses on leveraging their innate strengths while rapidly building technical competence through tailored training and mentorship. This can take a little while, and military personnel generally enjoy a good challenge!

The key to success here is recognizing and addressing knowledge gaps early, openly and without stigma, creating an environment where veterans can blend their military strengths with industry expertise. It also helps to have veterans involved in the design and delivery of onboarding processes, so newcomers can engage first with people who understand their background and challenges, including mental health considerations. Organizations that recognize the value of military skills in cybersecurity can benefit enormously from recruiting veterans and reservists, but it does require careful thought, suitable policies and a commitment to personnel development. Signing up to the Armed Forces Covenant is one valuable way in which employers can improve their ability to recruit and support military personnel.