He said what's holding up hiring IT security professionals can be found in the thinking of human resources departments that frown on conditions such as attention deficit disorder and autism, or obsessive-compulsive personalities which are typical of computer geeks willing to focus on an issue through the night. And although hiring rules in place tend to go the extra mile to accept alcoholism, the slightest type of illegal drug infraction makes it tough for job applicants. "We've got to start getting politically incorrect if we want to get the job done," said Schwartau.

If there are tests that need to be done to probe the basic trustworthiness of job applicants for sensitive network security jobs in government or industry, said Schwartau, it would be better to try industrial psychological profiling, making it clear that anyone that passed it and got hired would be subject to it over and over again during the time they were in their job.

Computer geeks could be asked something like, "If your wife and daughter were kidnapped, will you turn against my company?" he suggested. The answer would likely need to be "yes," because "anything else is deceptive."

"Do you need a secret clearance to defend a network? They say you do," said Schwartau, alluding to government rules. But the government is competing against private industry and, yes, the criminal world, for the kind of talent held by those who really know about network weaknesses.

"HR's job is to find something wrong so they don't have to hire you," said Schwartau. It could be money you owe, or your age if you're older, or personality traits seen as either too meek or too aggressive. But he says some of these rules should be tossed out to find the right IT security skills. Computer geeks are often socially awkward, they may be accustomed to blurting out whatever they're feeling with brutal honesty, and they "won't kiss ass," said Schwartau.