I think they are useful, however they can’t be key based on there just not being enough with aptitude and desire - and I say this being ex-military(I'll continue reserve veteran as those who have fought in actual wars). Take the US 200k leavers per annum - why if we just waited seven and a half years it would fix itself? Well not quite - US Military loses approx 15% of folk in basic and some more thereafter and I’d say to have bedded in well you need folk with 2-3 years. Loads of military people have trades they will practice, go on to other uniformed service, are looking after kids etc - and sadly a significant portion will be unwell or living chaotic lives - plus nearly everyone already set up for it does it (after all it was either that or Iraq so many of us decrepit old warhorses
Are in the fallow pastures of cyber…)

So great to have, and an important source but not key unless ISC2’s figures change.

Some cogent points made in the article, particularly how a military background conditions employees to:

1. Respect procedures
2. Have attention to detail
3. Follow the chain of command

But this shouldn't be such of a surprise given how much of information security descended from national defense/military concerns.

 

However, the grand flaw in a lot of this workplace prognosticating, especially when dealing with the US labor market, is a failure to recognize the widespread current and predicted labor shortage in all areas. Our workforce has been shrinking for years and the demographics seem to indicate the trend will continue. Basically, businesses need to find a way of maintaining or increasing output with fewer employees. I am not sure what that will look like, but the math impacting cybersecurity is not vastly different from what is impacting every sector. To me this all points to a shifting of jobs. Specialized jobs will actually shrink, and jobs requiring multiple hats will grow. I say the future is not bringing more people into cybersecurity but bringing security awareness and practices to more people.