In his mid-20s, Tom Donahue was faced with a choice. He had a steady job in software consulting. But he was also a gigging musician. It was the mid-'90s—the computer space was burgeoning at the time as more people began to connect their machines to networks. So Donahue would work his nine-to-five consulting job, then drive over an hour to some Colorado bar in the Rocky Mountains, play until 1 a.m., drive home to nap a few hours, and go to work again. The music gigs were steady enough, but so were the computer ones. One year he found himself playing music for 50 weeks, yet neither opportunity was drying up.
"I had to pick music or technology," he says. "And I picked technology."
This wholly unglamorous story illustrates more than just the sad realities of adulthood. It elucidates the tie between music and computer work. Many of us learned to play an instrument in elementary or high school, but good musicians went beyond marching bands and sight reading. They understand the underlying theory of a composition and are able to find and riff off sonic patterns, skills that could translate to computer development. Donahue is now the principal security engineer at the telecommunications services firm Level 3. He says that the skills he picked up as a quasi-professional band member helped him become the successful security authority he is today.
Cybersecurity is a hot industry right now. Nearly every big company has had some breach or network scare, and companies are doubling down on how to protect themselves. The industry is according to ISACA’s Cybersecurity Advisory Council, is that so few workers have the necessary expertise beyond the security basics typically required by corporate compliance standards.
The crisis for companies is that they need to hire people who don’t yet exist. "Finding the right talent has been a challenge," says Level 3’s chief security officer Dale Drew. "We’ve had to become much more creative in our talent assessment process." So it makes sense that he’s been looking at the patterns of the most successful people in the job to see if he can source new talent from people who wouldn’t otherwise be interested. While Drew isn't going to open-mic nights and telling musicians to drop a line, he does keep an eye out for music skills when he scans resumes.
Drew has been working as a computer security professional for decades and finds that the best people to hire are the malleable ones. "We tend to focus on the technical expertise of the person first, and then train them." Which is to say that a lot of his underlings knew nothing about security, but instead had a solid grasp of the technical underpinnings of computers.
Over the years Drew has seen a "huge contingent of people" who understood the basics of security, but "didn’t know the purpose those things served in the overall business." The best employees are the ones that understood what a company does at a holistic level and could see beyond the tasks they did every day.
With this, Drew has noticed that a great deal of the people on his team have some music background. "Those personalities are more creative," he says. They’re able to "think outside the box; able to think on demand, or construct complex elements into patterns."
Donahue agrees that his music skills helped him excel in the technical world; "Particularly security," he adds. "The guys that are good at jazz improv tend to be good at technology."
Michael Belton, vice president of research and development at the cybersecurity company Optiv, has a theory why. "You’re talking about languages," says Belton, "Mathematics and languages are intertwined." A musician who’s able to adeptly compose a song has a grasp of musical language. They’re able to apply the concepts they learned to manipulate something new. And this skill is exactly what security professionals do. "If you’re trying to write an exploit," Belton says, "you’re stepping back and thinking, ‘Here’s a piece of software and here’s what it does.’"
Belton, it should be noted, is also a musician. He’s played everything from orchestra trumpet to guitar and keyboards. And he’s observed the cognitive connection between music and technology. "If you have a musician background, it comes to you more easily," he says. "It’s certainly not a primary or deciding factor."
For Rob Dixon, a principal security consultant at Optiv, it’s not only the mastery of a system but the understanding of how networks work. He’s worked as a security researcher for longer than a decade, and before that, not only played guitar but also learned how to set up large band rigs. Learning how to wire huge systems lends itself beyond 50-foot stage setups to computer software. "At the root, we‘re gear heads," he says.
Level 3's Drew says that his casting net is wide, and it doesn’t need to be just for computer science aficionados. "We’ve also been looking for people who have expertise in critical thinking skills," he says. That can mean anything from music to art to literature. If people are able to grasp the larger concepts, they have no trouble adapting to a security environment. "We’ve been finding people that we believe are more adaptable to the security industry, even though they have no security background." So far, says Drew, more musicians and creative thinkers have been taking up roles in cybersecurity.
This has not only helped expand recruiting, but livened up the work atmosphere. Level 3 now has an in-house band that plays at company events. Courtney Tray, a newcomer at Level 3, is part of the band. She plays flute (although she has plans to pick up the saxophone for upcoming work performances). At the most recent company picnic, Tray played her flute along with others, and they banged out a set list of what she described as "all classic rock." She says, "Music gives you a lot of creativity and allows you to use that right side of your brain."
Beyond the in-house performance opportunities, it could even shift the security industry’s culture. "The field is traditionally very introverted," says Drew, "but the music majors are not." This has shaken things up a bit. "It’s become a much livelier place as a result . . . [they're] not afraid of performing in large crowds, not afraid of experimenting and creating," he says. "It’s infectious."