Problem Solver Tackles Network Security

A knack for sifting through facts to find solutions propelled Stephen Northcutt to the top of the cyber-security field. Formerly the Ballistic Missle Defense Organization’s chief information warfare officer, Northcutt founded the stringent Global Information Assurance Certification and helped launch the SANS Institute and the SANS Technology Institute for graduate students. Photo by Kathy Northcutt.

In 1977, Stephen Northcutt ’81 left his job as a U.S. Navy helicopter search-and-rescue crewman and headed to Mary Washington to study geology. Today, he is a leading expert in cyber security.

The career path wasn’t obvious, but Northcutt excels at seeing − and seizing − opportunities that others don’t. He spent the last 12 years as CEO of the SANS Institute, a cooperative research and education organization he helped launch in 1989. SANS − an acronym for “systems administration, networking, and security” − offers information-security training and certification.

If a professional receives SANS Institute’s rigid Global Information Assurance Certification, it means he has high-level skills in one of more than 20 branches of security and development.

Today, Northcutt’s focus is developing the SANS Technology Institute, a Maryland-based cyber security graduate school that offers master-of-science degrees in information-security engineering and management.

“In my previous position, I was able to help security researchers, authors, and instructors grow and develop. Now I can do the same thing with our students,” the 56-year-old said. “I love to watch their faces as they master concepts and skills that will allow them to make a difference in the field.”

At Mary Washington, Northcutt became fascinated with geodetics, a branch of applied mathematics concerned with determining exact positions of points on Earth; it’s used in navigational systems. Back in the day, geodetics was increasingly dependent on computers.

Ernest Ackermann, UMW professor emeritus of computer science, taught Northcutt, and they have stayed in touch since. “Stephen’s real strong point was being able to analyze the situation and know what to do,” Ackermann said.

In the summer of 1977, Northcutt was aboard the USS John F. Kennedy when he started to think about college. A ship’s officer knew a dean at Mary Washington − why not apply there, he asked the sailor. Born in Hawaii and raised in Alabama, Northcutt hadn’t even heard of the college. But when the aircraft carrier dropped anchor at a port in Italy, he placed an overseas call to the admissions office. “Because I was male and Mary Washington was in transition to being coed, they accepted me,” he said.

After college, Northcutt was the original author of the Shadow Intrusion Detection system before he accepted the position of chief for information warfare at the Ballistic Missile Defense Organization, now the Missile Defense Agency, a branch of the Department of Defense. He has written numerous books on such topics as network security, handling security incidents, and the ethics of information technology. He also has worked as a whitewater raft guide, a chef, a martial arts instructor, a cartographer, and a network designer.

Northcutt and his wife, Kathy, have been living on the road for the past five years, going around the country for Northcutt’s work teaching information security. After serving in the Marine Corps in Iraq, their son, Hunter, is a senior at the University of Richmond.

The couple hopes to wind down their traveling in the next year or so, Northcutt said, and will likely divide their time between Seattle and Kauai, the oldest of the Hawaiian Islands.