10 security industry All-Stars From Bruce Schneier to Moxie Marlinspike, these folks are the ones to isten to for security insight Ellen Messme November 2, 2011 Network World US Share Twitter Facebook LinkedIn Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialised skills that make them worth listening to. 1. 10 security industry All-Stars Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to. 2. Dillon Beresford, independent security research and contributor to NSS Labs Beresfordundefineds work to identify vulnerabilities in industrial control systems has meant from time to time heundefineds stepping on the toes of some industry giants like Siemens. But with systems for controlling energy production and management at stake, it's a good thing industry systems are getting a close look. 3. Dan Kaminsky, independent researcher In 2008, Kaminsky discovered a flaw in the Domain Name System (DNS) protocol which could have led to mass exploitation of the internet if exploited. His discretion in helping coordinate a global fix with software and service providers alleviated that. Last year, the Internet Corp. for Assigned Names and Numbers (ICANN) made Kaminsky one of seven individuals around the world who each hold a key that would be used to re-start the internet in the event of an extreme disaster. You might say itundefineds Kaminsky's key to the kingdom. 4. Paul Kocher, president and chief scientist, Cryptography Research Elected to the National Academy of Engineering in 2009, Kocherundefineds expertise in encryption research has earned him the trust of many manufacturers. His achievements are many, from co-authoring SSL v.3.0 to discovering timing attack cryptanalysis, and Kocher keeps cooking in the crypto kitchen. 5. David Litchfield, founder v3rity Software (acquired October 2011 by Accuvant Labs) Litchfield is tops in database security, discovering vulnerability after vulnerability, year after year, in Oracle, SQL Server, IBM DB2, in addition to writing several books on security and forensics. When Oracle's Larry Ellison 10 years ago proclaimed his database software "unbreakable," the feisty Litchfield punched a hole through that one again and again. 6. Neil MacDonald, Gartner analyst Virtualisation is changing the IT software and hardware business, and there to keep the industry honest about the security impact of it all is MacDonald, combining both wit and wisdom to prod the sometimes unwilling vendors along. They get mad... but most seem to respect him. 7. Moxie Marlinspike, chief technical officer Whisper Systems Marlinspike is the take-the-road-less-travelled type, questioning every twist and turn. And in questioning the baseline for security in the SSL server certificate industry today, and coming up with an alternative undefined still experimental - called "Convergence," he shows the kind of moxie it takes to go against conventional thinking to try to improve things. Will his ideas be able to go the distance? Time will tell. 8. Charlie Miller, computer security researcher Accuvant Labs Given to public displays of his hacking prowess, Miller, who previously worked for the National Security Agency, is an expert in deconstructing Apple products, such as the MacBook, Safari browser and iPhone, for security weaknesses. Watch out, he has a good time with Android, too. 9. Bruce Schneier, chief technology officer of BT managed security solutions With his skill in cryptography and security acumen, Schneier would be welcome on any All-Stars Security team. But it's his ability to write candidly about social and political forces, as well the psychological aspects of security, that increasingly make him a philosopher in a world of technicians. His next book? He says it's about "trust" and how a society does or does not foster it. 10. Sherri Sparks, president of Clear Hat Consulting In the security firm she founded with fellow researcher Shawn Embleton, Sparks has made her mark in discovering how rootkits can be used to subvert and compromise computer networks, with a growing focus on virtualisation. Rootkits are designed to hide their presence on compromised systems, but Sparks' specialty is finding them. 11. Joe Stewart, director malware research for the counter threat unit at Dell SecureWorks Over the years, Stewart has gone into the darker corners of the internet to track cybercriminals and the malware and botnets they use to plunder bank accounts or to steal intellectual property. He and his staff are often the first to uncover dangerous new code specimens and analyse intent.