I happened upon an interesting article last night that talked about the unconventional methods needed to recruit ‘cyberwarriors’. According to the article Lynn Dugle, president of Raytheon’s intelligence and information systems division, isn’t chasing down the traditional recruiting path of visiting Universities and enticing high-GPA holding students to come over to her team. Instead she states that, of the last three premier cyber-related hires her company has made, none had a college degree. One was a high-school dropout who stuffed pills into bottles at a pharmaceutical plant by day and dominated hacking competitions at night.

Take that mom, dad and liberal arts students working at Starbucks! I guess University really isn’t the best path for everyone.

Something else that I found interesting was that at Northrop Grumman, employees are expected to have a basic understanding of cybersecurity issues. According to Robert Brammer, vice president for advanced technology, the firm runs an internal cyber academy and about 1,000 employees are expected to complete the course this year – with more scheduled to attend in future years.

These activities are aimed at turning cybersecurity work from a niche to a mainstream career path. I think this is a great idea and I’m glad to see the effort that Northrup Grumman is investing in its resources. Very few of us started in this business as ‘security people’ so I think it’s important for the defense industrial base to see who has a real talent for security – even if it isn’t what they planned on doing when they grew up.

P.S. If you don’t understand the title, take a trip down memory lane here: http://www.youtube.com/watch?v=9wo1-sI7MOQ

Photo: Flickr/goulao

Check out my latest blog post on Dark Reading’s Security Monitoring Tech Center entitled ““:

It is fairly common to see router, firewall and intrusion-detection system logs in addition to server, workstation and application logs consolidated within an enterprise security information management (ESIM) system. Logs generated from network-based devices are generally responsible for the bulk of logs monitored by an ESIM, with the remainder consisting of logs from the various endpoints and software deployed throughout the infrastructure. Perhaps one of the most overlooked sources of data to monitor, however, is that of the physical security controls deployed within an enterprise organization.

Read the full blog entry here: http://www.darkreading.com/security_monitoring/blog/archives/2010/10/dragging_physic.html