Adds Jensen: “Do I know where my resume is? What is in there?” Even the division name and location where you worked could point to classified activities, and (as net-savvy journalists know) it's not unknown for an undisclosed program name to pop up in a resume or profile.

“The cybertraining that we do,” says Rhodes, “turns it into a personal protection process. People make distinctions between their home and work connections,” he says, but spearphishers do not. Nor, he adds, are they concerned if an individual is a chief scientist or high-level engineer. “They are just trying to figure out if you have access.”

“I have seen training work,” Rhodes adds. “Well-educated personnel will defeat opponents. People were aware of something going on and told somebody. What we want is to bring people over to the side of responsibility.” One sign that the message has been heard: “When people ask us if we can tell the same things to their kids.”

A quarter of the cybersecurity incidents reported to the U.S. Computer Emergency Readiness Team in fiscal 2011 involved malicious code. To learn more about the cybersecurity challenge facing the government, check out the digital edition of AW&ST on leading tablets and smartphones or go to AviationWeek.com/cyber