by Andrew Donoghue

Ex-spooks spy out IT security careers

Apr 27, 200912 mins
IT LeadershipSecurity SoftwareTelecommunications Industry

Planning for a server outage, a power cut or half your staff being taken ill from a rogue batch of sushi at the company party are all probably within the ability range of most competent managers. But if things escalate, it’s time to call in the professionals. The comfort and confidence that knowing the police, ambulance or even military are there to help if things take a real turn for the worse is just as vital to oiling the wheels of commerce as an effective regulatory or financial system. Luckily, as recent history has shown, the systems underpinning the police and military are more robust than those found in some areas of the City or Wall Street. A global financial crisis has been punishing enough, but imagine a similar meltdown in health provision, law enforcement or even the army. The perception that law-enforcement agencies and the military adhere to more rigorous standards than the average citizen goes a long way to explaining the swathes of ex-army and law-enforcement types in the upper echelons of business. In the IT sector, companies including Microsoft, Unisys, Verizon and Xerox have all hired former military, intelligence or law-enforcement personnel. Tracking down exact numbers for how many IT professionals have come from law enforcement or the army is not easy but, for those personnel with technical experience, the computer industry is a natural progression. However, it’s not only technical skills that make these individuals attractive; the abilities to stay calm in a crisis and deal with pressure are also highly valued. People management is another key skill that commercial companies appear to value extremely highly when it comes to military personnel, according to insiders. “I have found that working with ex-military over my career, [what is impressive] has been their ability to handle all kinds of skills sets and personalities,” says Jeff Irby, vice president for global industries at services specialist Unisys. “If you think about who is in the military, from the most junior 18-year-old to some very seasoned veterans, their leadership skills have been honed to handle those multiple types of people, skills and knowledge.” Irby, who manages vice president of identity management and ex-UK army officer Neil Fisher, served in the US Air Force himself and claims that the leadership training in the military is second to none. “I have found that MBA programmes, while they do talk about emotional intelligence and some of these other things, don’t have the kind of rigour that goes into [military leadership] training because your real-time scenarios could include the death of human beings. You have to be pretty well grounded in how to lead that.” Solid leadership skills aren’t just the preserve of the military though, according to Mike Mason, chief security officer for US communications giant Verizon. “The leadership opportunities I had in the FBI undoubtedly prepared me for my current role,” says Mason, a 22-year FBI veteran and former head of the FBI’s Criminal, Cyber, Response and Services Branch, who joined Verizon in January 2008. “There were many times over the course of my FBI career when the days and weeks seem to require more from our people than anyone should be asked to give. Yet, with the proper application of leadership and attitude, the people always got the job done – and done well.” In the IT sector, and specifically in the arena of security, a law-enforcement or military background obviously has benefits, given the exposure to the latest technology which government service provides. However, the in-built mystique and respect engendered in civvies by those who have carried a gun or worn a badge for a living shouldn’t be ignored.

“I am trained to write, to analyse, plan, to organise, and to manage as a staff officer,” says Unisys’s Fisher.” All those skills come in quite strongly in my current role. I am also taught to shoot to kill but I haven’t found a need for that yet.” But ex-army or former FBI agents aren’t just hired by IT companies purely for the kudos. Even during good times, government contracts are vital to keeping most private companies afloat, and it often helps a civil servant to make up their mind if the company rep on the other side of the table happens to have done some government service too. This is probably especially true when it comes to military contracts, a world that surpasses even IT in terms of having a language and culture prohibitive to outsiders. “It’s not unlike trying to win a banking contract or a communications contract; you have to be able to speak to the customer in their language,” says Unisys’ Irby. “If you don’t have people with relevant actual experience then you sound like someone who is trying to grope and apply a good idea, but it’s not in context.” The importance of large military and other government contracts to IT companies such as Unisys is especially high during an economic downturn, so having managers such as Fisher who is fluent in the language of the military and senior-level government is especially important. “The feedback I am getting from our global board of directors is that spending is going to happen on two fronts: one is to secure the citizenry in the digital and physical [spheres] – the threat of terrorism continues to be there, and IT plays its part in that – and, secondly, dispersing benefits securely to the citizens that don’t have jobs.” Hiring staff that have had the benefits of law-enforcement or military experience has obvious and tangible benefits for commercial firms, but how easy is it for the individuals themselves to transition from government service into a world of profit and loss? For some, the transition isn’t that difficult as organisational and planning skills relate closely between the private and public sector, but for others, shifting from a role that has a very definite sense of purpose to one based on generating revenue or shareholder value can be a shock. Former FBI agent and now Microsoft UK chief security advisor, Ed Gibson, admits that he found his initial time at the IT giant challenging. “The first seven to nine months were not easy,” he says. “I didn’t want to let go of the FBI because that was my love… that was me. The other thing is that Microsoft, and the exec who hired me, may not have been aware what they were hiring. Maybe it sounded glamorous, maybe they had an FBI agent they could put on a podium and pull a string, but I am pretty outspoken on things so it took several months for each of us to realise what strengths we brought and join those strengths together.” Cultural issues can be difficult to overcome, even, ironically, the relative freedom to act that commercial companies provide compared to the rather more rigid structures of the private sector. But for others, it’s simply a case of the change in motivation which is hard to handle. “In the military you are brought up with a culture of mission, mission, mission and everything revolves around that, and you get into the commercial sector and it’s revenues, profits, and a different set of factors, so it can be quite different for the military person coming in,” says Carlos Solari, vice president of security solutions for Alcatel-Lucent’s Bell Labs, who spent 13 years in the US Army and six years in the FBI before -becoming CIO at the White House from 2002 to 2005. Solari went from a military role into a civilian government position, which he claims eased the process, but he adds that for some it can be a difficult ride. Unisys’s Fisher admits that he experienced some of this culture shock when he moved from a career in the army that included technology support for counter-terrorist operations, to taking up a management position at a US dotcom. “I had a lot of experience and exposure to public sector, particularly when I was doing technology support for counter terrorism, and I thought I knew it pretty well,” he says. “When you get on the other side of the fence, you always know that people are driven by P&L, revenue and margin but the laser-like focus on those three aspects comes as a bit of a surprise. It is just another discipline I suppose, but it is not one that you are used to when you are in public service. You are worried about cost and that kind of thing but you are not really worried about margin.” Having to adhere to a budget remains, however, a core skill which managers in the public and private sectors have to share. The idea that government departments’ military and law-enforcement agencies have limitless reserves due to the importance of their work just isn’t true, according to Verizon‘s Mason. “Many of the staffing and funding challenges I faced in the FBI are exactly the same in my current position,” he says. “The myth surrounding the private sector and endless buckets of money to support security is just that – a myth. I am expected to make a sound business case, not just for increasing, but even for maintaining my current level of both staffing and funding. I was required to do no less in the FBI.” It is not only perceptions that government service doesn’t instill a ‘greed is good’ culture that can count against former military and law-enforcement personnel, there is still a view in some business circles that the public sector is far less cut-throat than the business world. “For too long I think there has been a perception of public-sector executives as less competent, less motivated and perhaps even less dedicated to their jobs than their counterparts in the private sector,” adds Mason. “I think this perception is completely and utterly false. I considered my role in the FBI to be my vocation and I know many of my colleagues felt the same. I have met many hard working, intelligent, dedicated people here at Verizon, but such people were also everywhere in the public sector and often served for far less compensation than their private sector counterparts.” Hiring from the military or law enforcement has a variety of benefits, whether it’s the acknowledged excellence of the people management skills those sectors often bestow or benefits it can provide in securing lucrative public-sector contracts. But for the individuals themselves, although the compensation in their commercial roles is very attractive and many find the work rewarding, it is often their government service that they still see as their true calling.

“After the tragic events of September 11, 2001, and other significant investigations, I saw people work themselves nearly to the point of exhaustion,” says Verizon’s Mason. “There was no overtime and, for most, no bonuses… they did it because the work had to get done. I am proud to be a member of the Verizon family today, but when I die it will be my service to the FBI and the United States Marine Corps, which I hope to have noted.”

IT’s roll call of former military and law-enforcement personnel

Ed Gibson, Microsoft UK chief security adviser Held senior positions as a special agent for 20 years and served as the FBI’s assistant legal attaché in the UK, where he was responsible for establishing intelligence alliances between UK police agencies, security services, the FBI and private-sector firms.

Geoff Donson, TelecityGroup group security manager Spent 27 years in the the Metropolitan Police including the National Hi-Tech Crime Unit, the National Crime Squad, and the Computer Crime Unit.

Carlos Solari, Alcatel-Lucent’s Bell Labs VP, security solutions Spent more than 25 years in various government and private industry positions, including 13 years as a US Army officer and more than six years as a senior executive with the FBI. Chief information officer at the White House from 2002 to 2005.

Neil Fisher, Unisys global public sector VP for identity management Served with the Gurkhas in the British army where he was involved in counter-terrorist operations and technology support. Left the military to be the UK MD of a US dotcom infrastructure company and a US biometrics company, before joining QinetiQ.

Forbes Gallagher, Unisys client account executive Spent 32 years in the police force including the Police Information Technology Organisation and the HMIC (Her Majesty’s Inspectorate of Constabulary), the body charged with improving the efficiency of policing in England, Wales and Northern Ireland. Mike Mason, Verizon chief security officer A 22-year FBI veteran and former head of the FBI’s Criminal, Cyber, Response and Services Branch, oversaw the largest branch of the FBI and is the executive responsible for the federal law enforcement organisation’s criminal, corruption, civil rights, and cybercrime investigations.

Anthony Franks, Overtis Group director of business development Served for 26 years in the British Army Intelligence Corps, retiring as a lieutenant colonel in 2005.

John Carrington, security consultant Former Crypto Custodian for the London Metropolitan Police, and now provides independent consulting on crime reduction, intelligence and professional standards to companies such as Stonewood.

Peter Ship, Memex intelligence specialist Former Metropolitan Police DCI with 30 years of experience.

David Sherriff, Microgen chief operating officer Was an officer in the British Army where he served with The Royal Regiment of Fusiliers in Northern Ireland and Berlin.

Nick Kimber, Trapeze Networks UK & Ireland public sector channel manager Spent 15 years in HM Forces as a telecommunications officer in the Royal Corp of Signals.