INSIDE THE 
NEWS + ADVICE
Transition Success: How a Marine Moved to the Civilian World
Maria Thompson is State Chief Risk Officer (SCRO) for the State of North Carolina and a Retired Marine with 20 years of service.
What was surprising or difficult about your transition to civilian life?
One of the biggest eye-openers for me had to do with very mundane tasks in my personal life that the general populous have been doing for years. Because whether you’re living in an apartment or living in base housing, you’re pretty much taken care of. From a career standpoint, I didn’t have any major challenges in my transition. I think that’s largely because of the field that I was in and the relationships that I established along the way.
One of the challenges I did face was taking off the uniform and not feeling as though I was part of something—the greater good. So when I was getting close to retirement and I had about 120 days of terminal leave, I still wanted to be part of the action. The idea of going into the commercial world wasn’t appealing to me. I felt in more alignment with being over in Iraq, because the last four years before I retired I was always deployed. So the idea of sitting back in the rear and watching everything play out on TV, didn’t really sit well with me. I was fortunate enough to have a relationship where I picked up the phone and I said, “Okay, you have a job for me?” and they said yes.
Did your military skills translate to your civilian career?
My job aligned well with what I’m doing now as the Chief Information Security Officer and Risk Officer for the State of North Carolina. When I retired I was the Information Assurance Chief for the Marine Corps, now called the Cybersecurity Chief. I’m very grateful for the time that I spent in the Marine Corps and the training that I received as one of the first 30 Marines accepted into the Cybersecurity Military Occupational Specialty when it first opened up.
I knew it was a new field and I didn’t know what the promotion opportunities were like, but I looked at it as an opportunity to learn something new. When I moved into that MOS, it started picking up steam. Honing your skills on various cybersecurity controls that you’re putting in a deployed environment, where things are a matter of life and death, really gives you perspective. It builds a foundation for what you can transition into the civilian world.
How do leadership skills and technical skills play a part in civilian roles?
Having spent 20 years in the Marine Corps and retiring as a Master Gunnery Sergeant, you have natural leadership traits that are built, fostered, and developed over time. And going back to the deployment side of things, I think that puts a different perspective on how you engage from a leadership perspective. When things go south now, my perspective is that nobody is dying—that’s the first thought to calm down. The room is not on fire and we’re going to survive this. Having that perspective helps put the folks that are part of your team at ease, so you’re able to move forward and make decisive decisions.
We’re taught to make decisions and stand by them in the military. If it’s not the right decision, then you course correct and you move on. In the commercial world I see people tend to be hesitant about making decisions. So I ended up owning a lot of decisions, because at the end of the day it’s all about the mission and it has to be completed. There’s a difference between doing something random that could potentially cause a disruption, and something where you looked at the pros and cons and decided to make a decision based on the best knowledge that you have at that time. I tell my team, if you can justify the reason for that decision and it makes sense, I’ll back you 110%.
I think taking a steadfast approach and being confident that you know those types of things definitely bodes well. And then you can start to showcase more of the military skills that you’ve learned—traits like justice, judgment, dependability, tact, initiative, and endurance. Folks with the technical chops are high achievers when they get out of the military. And a lot of IT organizations want doers who have that background that can go to the next level. When you’re in enlisted ranks, you learn balancing leadership and also the technical side of it. You bring more to the table.
If someone enjoys (or doesn’t enjoy) the structure of the military, which career path in security would they be most comfortable with?
When you look at all the disciplines in cybersecurity, it’s very hard to narrow it down. But if you like the structure of the military, I think structured jobs like policies would be a good fit, because policies have to be followed and there is a uniform approach to it. There are certain rules that you have to follow in the military. When I think about rules, I think about things like incident response or forensics, where you are looking at rules and signatures that require that uniform approach.
If you don’t like that structure, and you like to think outside the box, a threat analysis or ethical hacking role could be ideal—a cyber-field that allows you openness to think. When you’re coming from an ethical hacker standpoint, you have to think like the bad guys. So I would say jobs that are similar to that would allow you free thinking. For instance, let me take this black box and see how I can get into it. You know you’re not going to have a structured approach. You’re going to be following a stream of thought that may not necessarily lead you in the right direction. There are jobs in cyber that allow you to approach things from different angles and ethical hacking is one of those. When you do penetration testing, you have a broad take on how you can approach that specific target.
How should veterans approach employment opportunities out of the military?
When I was going through my transition assistance training, we did mock interviews. And the interviewer that was hosting it said, “When you go for your interview, don’t always think about you. You know you’re a good fit for that company. Is that company a good fit for you?” And I actually went into my first couple of interviews not caring whether I got that job or not. It was more so to get a feel for what it was like to be in an interview. So I would recommend doing a few interviews as you transition. See if you can get your foot in the door to hear the questions that they’re asking, what type of answers they’re looking for, how they structure their questions, or who you’re speaking to—get your feet wet. Don’t go in with the idea that you have to have this job.
When you do find a job that interests you, don’t go in thinking that it’s going to be your next four-year, six-year, or in my case 20-year job that you’re going to have. I went in with no expectations except for one. I always said I would give every company at least one year. And I’ve held to that, because you’re not going to necessarily find that your first job is the one that you want to stick with forever. So be honest with yourself and don’t be in a rush to take a job that doesn’t meet your needs. If it doesn’t meet your needs, you’re not going to stay there, and you’re going to do the company and your resume a disservice, as you jump from job to job.
Think long and hard, and look for the jobs that really resonate with you and you feel a passion for. Those are the ones that you apply for. And when you go in and interview with them, do some research on the back end to see if that company offers what would make you want to stay with that company. If it doesn’t, walk away—there are other jobs out there. Especially when in the cyber field, there is no shortage of jobs – there is a shortage of people. You have that edge and that’s something that you should take with you.
