Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

07:30 AM
Connect Directly
E-Mail vvv

What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity

Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.

Over the past few years, alumni of the elite Israeli Defense Forces' Unit 8200 have become known for founding cybersecurity startups, including the two co-founders of Cybereason, where I work, along with many of my colleagues — both men and women. At 18, I was picked to serve in Unit 8200. The experience sparked my interest in both military intelligence and my current career as a security researcher. 

Surprisingly, despite its notoriety and success, Unit 8200 doesn't follow a conventional recruiting model. Technical skills aren't a requirement; the unit values traits that indicate leadership and problem-solving skills, using hiring processes that build women leaders and serve as an example for the private sector to address the current security talent shortage. Here are five best hiring practices from Unit 8200.

Practice 1: When recruiting, look beyond the traditional candidate profile.
Traditionally, when filling entry-level security positions, organizations look for candidates with either IT or computer science backgrounds. Hiring managers want script kiddies and computer gamers to fill those jobs. But hiring people with only these profiles limits the workforce's diversity. In reality, men outnumber women in computer science degree programs (although not everywhere). In 2015, for instance, women earned 18% of all computer science degrees awarded in the US. That percentage is even lower for women of color, according to the National Center for Education Statistics. Meanwhile, females who like to geek out in their free time and play video games often face harassment and abuse. Ultimately, these situations lead to low numbers of women entering the IT and security fields.

Unit 8200 knows it's not going to find female candidates by looking for recruits with conventional backgrounds. Instead, candidates with general traits that indicate success in tech fields are sought. These include critical thinking, the ability to learn skills on their own, leadership, problem-solving skills, and good interpersonal skills. As for technical skills, Unit 8200's leadership assumes those can be acquired later.

As part of its recruiting program, Unit 8200 runs tests designed to identify individuals who can handle stressful events, are team players, can find innovative solution to various problems, and, most importantly, are coachable. Recruits who pass these tests undergo extensive training that teaches them any technical information they need to know. This training is followed by on-the-job training. This approach has helped Unit 8200 have an equal number of female and male soldiers.

Practice 2: Manage the high employee turnover rate.
Losing cybersecurity talent is a chief concern at many organizations. Unit 8200 is a great place to learn how to deal with high employee turnover since approximately 90% of its workforce only serves in the unit for five years or less. To handle this situation, Unit 8200 has a system to deal with high workforce churn. All the unit's soldiers serve in small squads. After finishing their training, new recruits are assigned a mentor who usually has served for about a year. That gives them enough time to acquire knowledge that's transferable while still being aware of all the challenges a newbie faces. There's a set cadence for promotion and succession. After about two years, the more accomplished soldiers receive officer's training to become squad commanders. They're replaced by the soldiers who were recruited the year before. In an environment of constant but planned turnover, capturing and sharing knowledge is key and important information is kept in secure systems.

Practice 3: Provide a seat at the table.
Women in the workforce often feel excluded from discussions on topics about which they have extensive knowledge. But in Unit 8200, subject matter experts discuss critical military matters with top commanders, regardless of gender or how junior they are. For example, a 19-year-old female soldier briefing a chief of general staff in the IDF is not uncommon. This provides them with an opportunity to participate in the decision-making process, a chance that's rarely given to females early in their careers.

Practice 4: Fight "impostor syndrome."
Some women harbor the false belief that they're not qualified for their jobs, despite their professional accomplishments. This is known as "impostor syndrome," the psychological perception that stymies women from advancing in their careers. At Unit 8200, which recruits young, untrained individuals, leaders emphasize recruits' abilities to learn and improve. During training, all individuals receive daily updates on how they're progressing with skill development. They're routinely praised for achievements and constantly reminded about how far they've advanced in a short period of time. Recruits are always reminded that their unique abilities led to them being selected for their roles in the unit, increasing their confidence. The unit's reward and promotion program, while helping motivate all the unit's soldiers, particularly boosts the self-worth of female soldiers.

Practice 5: Consider security industry takeaways.
In Unit 8200, diversity is welcomed. Having soldiers with different backgrounds leads to new approaches to problems. The security industry is filled with tons of complex problems that need solutions, problems that can't be solved if organizations only look to hire men with IT and computer science backgrounds because there aren't enough of them. There are simply are too many security jobs to fill.

People whose experiences are unconventional shouldn't be passed over for security jobs. The security industry (and the greater technology community) needs to realize that technical skills alone do not make a person qualified. Many women who lack a technical background but possess keen problem-solving skills, great communication abilities and strong leadership qualities would be eager to pursue a security career. They just need someone to give them the opportunity.

Unit 8200 has demonstrated that its approach to finding security talent works. The private sector should take note. In Israel, just 26% of the tech positions are held by women. And the situation isn't much better in the U.S., where women hold 25% of those jobs. Gender diversity is even worse in cybersecurity; women comprise only 11% of the global workforce. If the methodologies used by Unit 8200 to recruit and promote women are adopted by the private sector, not only would security teams become more diverse, the security talent shortage wouldn't be so acute.

Related Content:

Lital Asher-Dotan, senior director of research and content at Cybereason, has 15 years of experience working with tech companies. Asher-Dotan is a veteran of Unit 8200 of the Israeli Defense Force. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
5/21/2018 | 12:54:43 PM
Well written and informative.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to ...
PUBLISHED: 2021-06-22
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
PUBLISHED: 2021-06-22
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.