From Bruce Schneier to Moxie Marlinspike, these folks are the ones to isten to for security insight
Neil MacDonald, Gartner analyst
Virtualization is changing the IT software and hardware business, and there to keep the industry honest about the security impact of it all is MacDonald, combining both wit and wisdom to prod the sometimes unwilling vendors along. They get mad…but most seem to respect him.
Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to.
Charlie Miller, computer security researcher Accuvant Labs
Given to public displays of his hacking prowess, Miller, who previously worked for the National Security Agency, is an expert in deconstructing Apple products, such as the MacBook, Safari browser and iPhone, for security weaknesses. Watch out, he has a good time with Android, too
Moxie Marlinspike, chief technical officer Whisper Systems
Marlinspike is the take-the-road-less-travelled type, questioning every twist and turn. And in questioning the baseline for security in the SSL server certificate industry today, and coming up with an alternative — still experimental -- called "Convergence," he shows the kind of moxie it takes to go against conventional thinking to try to improve things. Will his ideas be able to go the distance? Time will tell.
Sherri Sparks, president of Clear Hat Consulting
In the security firm she founded with fellow researcher Shawn Embleton, Sparks has made her mark in discovering how rootkits can be used to subvert and compromise computer networks, with a growing focus on virtualization. Rootkits are designed to hide their presence on compromised systems, but Sparks' specialty is finding them.
Paul Kocher, president and chief scientist, Cryptography Research
Elected to the National Academy of Engineering in 2009, Kocher’s expertise in encryption research has earned him the trust of many manufacturers. His achievements are many, from co-authoring SSL v.3.0 to discovering timing attack cryptanalysis, and Kocher keeps cooking in the crypto kitchen.
David Litchfield, founder v3rity Software (acquired Oct. 2011 by Accuvant Labs)
Litchfield is tops in database security, discovering vulnerability after vulnerability, year after year, in Oracle, SQL Server, IBM DB2, in addition to writing several books on security and forensics. When Oracle's Larry Ellison 10 years ago proclaimed his database software "unbreakable," the feisty Litchfield punched a hole through that one again and again.
Dillon Beresford, independent security research and contributor to NSS Labs
Beresford’s work to identify vulnerabilities in industrial control systems has meant from time to time he’s stepping on the toes of some industry giants like Siemens. But with systems for controlling energy production and management at stake, it's a good thing industry systems are getting a close look.
Joe Stewart, director malware research for the counter threat unit at Dell SecureWorks
Over the years, Stewart has gone into the darker corners of the Internet to track cybercriminals and the malware and botnets they use to plunder bank accounts or to steal intellectual property. He and his staff are often the first to uncover dangerous new code specimens and analyze intent.
Dan Kaminsky, independent researcher
In 2008, Kaminsky discovered a flaw in the Domain Name System (DNS) protocol which could have led to mass exploitation of the Internet if exploited. His discretion in helping coordinate a global fix with software and service providers alleviated that. Last year, the Internet Corp. for Assigned Names and Numbers (ICANN) made Kaminsky one of seven individuals around the world who each hold a key that would be used to re-start the Internet in the event of an extreme disaster. You might say it’s Kaminsky's key to the kingdom.
Bruce Schneier, chief technology officer of BT managed security solutions
With his skill in cryptography and security acumen, Schneier would be welcome on any All-Stars Security team. But it's his ability to write candidly about social and political forces, as well the psychological aspects of security, that increasingly make him a philosopher in a world of technicians. His next book? He says it's about "trust" and how a society does or does not foster it.