We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

10 security industry All-Stars

From Bruce Schneier to Moxie Marlinspike, these folks are the ones to isten to for security insight

10 security industry All-Stars

Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to.

Dillon Beresford, independent security research and contributor to NSS Labs

Beresfordundefineds work to identify vulnerabilities in industrial control systems has meant from time to time heundefineds stepping on the toes of some industry giants like Siemens. But with systems for controlling energy production and management at stake, it's a good thing industry systems are getting a close look.

Dan Kaminsky, independent researcher

In 2008, Kaminsky discovered a flaw in the Domain Name System (DNS) protocol which could have led to mass exploitation of the internet if exploited. His discretion in helping coordinate a global fix with software and service providers alleviated that. Last year, the Internet Corp. for Assigned Names and Numbers (ICANN) made Kaminsky one of seven individuals around the world who each hold a key that would be used to re-start the internet in the event of an extreme disaster. You might say itundefineds Kaminsky's key to the kingdom.

Paul Kocher, president and chief scientist, Cryptography Research

Elected to the National Academy of Engineering in 2009, Kocherundefineds expertise in encryption research has earned him the trust of many manufacturers. His achievements are many, from co-authoring SSL v.3.0 to discovering timing attack cryptanalysis, and Kocher keeps cooking in the crypto kitchen.

David Litchfield, founder v3rity Software (acquired October 2011 by Accuvant Labs)

Litchfield is tops in database security, discovering vulnerability after vulnerability, year after year, in Oracle, SQL Server, IBM DB2, in addition to writing several books on security and forensics. When Oracle's Larry Ellison 10 years ago proclaimed his database software "unbreakable," the feisty Litchfield punched a hole through that one again and again.

Neil MacDonald, Gartner analyst

Virtualisation is changing the IT software and hardware business, and there to keep the industry honest about the security impact of it all is MacDonald, combining both wit and wisdom to prod the sometimes unwilling vendors along. They get mad... but most seem to respect him.

Moxie Marlinspike, chief technical officer Whisper Systems

Marlinspike is the take-the-road-less-travelled type, questioning every twist and turn. And in questioning the baseline for security in the SSL server certificate industry today, and coming up with an alternative undefined still experimental - called "Convergence," he shows the kind of moxie it takes to go against conventional thinking to try to improve things. Will his ideas be able to go the distance? Time will tell.

Charlie Miller, computer security researcher Accuvant Labs

Given to public displays of his hacking prowess, Miller, who previously worked for the National Security Agency, is an expert in deconstructing Apple products, such as the MacBook, Safari browser and iPhone, for security weaknesses. Watch out, he has a good time with Android, too.

Bruce Schneier, chief technology officer of BT managed security solutions

With his skill in cryptography and security acumen, Schneier would be welcome on any All-Stars Security team. But it's his ability to write candidly about social and political forces, as well the psychological aspects of security, that increasingly make him a philosopher in a world of technicians. His next book? He says it's about "trust" and how a society does or does not foster it.

Sherri Sparks, president of Clear Hat Consulting

In the security firm she founded with fellow researcher Shawn Embleton, Sparks has made her mark in discovering how rootkits can be used to subvert and compromise computer networks, with a growing focus on virtualisation. Rootkits are designed to hide their presence on compromised systems, but Sparks' specialty is finding them.

Joe Stewart, director malware research for the counter threat unit at Dell SecureWorks

Over the years, Stewart has gone into the darker corners of the internet to track cybercriminals and the malware and botnets they use to plunder bank accounts or to steal intellectual property. He and his staff are often the first to uncover dangerous new code specimens and analyse intent.

  • 10 security industry All-Stars
  • Dillon Beresford, independent security research and contributor to NSS Labs
  • Dan Kaminsky, independent researcher
  • Paul Kocher, president and chief scientist, Cryptography Research
  • David Litchfield, founder v3rity Software (acquired October 2011 by Accuvant Labs)
  • Neil MacDonald, Gartner analyst
  • Moxie Marlinspike, chief technical officer Whisper Systems
  • Charlie Miller, computer security researcher Accuvant Labs
  • Bruce Schneier, chief technology officer of BT managed security solutions
  • Sherri Sparks, president of Clear Hat Consulting
  • Joe Stewart, director malware research for the counter threat unit at Dell SecureWorks
  • Play
  • Play
  • Backward
  • Forward

David Litchfield, founder v3rity Software (acquired October 2011 by Accuvant Labs)

Litchfield is tops in database security, discovering vulnerability after vulnerability, year after year, in Oracle, SQL Server, IBM DB2, in addition to writing several books on security and forensics. When Oracle's Larry Ellison 10 years ago proclaimed his database software "unbreakable," the feisty Litchfield punched a hole through that one again and again.

Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *