The Security Industry All-Stars

From Bruce Schneier to Moxie Marlinspike, these folks are the ones to listen to for security insight.


Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to.

Inside ICS-CERT's War Room


Dillon Beresford, independent security research and contributor to NSS Labs

Beresfords work to identify vulnerabilities in industrial control systems has meant from time to time hes stepping on the toes of some industry giants like Siemens. But with systems for controlling energy production and management at stake, it's a good thing industry systems are getting a close look.


Dan Kaminsky, independent researcher

In 2008, Kaminsky discovered a flaw in the Domain Name System (DNS) protocol which could have led to mass exploitation of the Internet if exploited. His discretion in helping coordinate a global fix with software and service providers alleviated that. Last year, the Internet Corp. for Assigned Names and Numbers (ICANN) made Kaminsky one of seven individuals around the world who each hold a key that would be used to re-start the Internet in the event of an extreme disaster. You might say its Kaminsky's key to the kingdom.


Paul Kocher, president and chief scientist, Cryptography Research

Elected to the National Academy of Engineering in 2009, Kochers expertise in encryption research has earned him the trust of many manufacturers. His achievements are many, from co-authoring SSL v.3.0 to discovering timing attack cryptanalysis, and Kocher keeps cooking in the crypto kitchen.


David Litchfield, founder v3rity Software (acquired Oct. 2011 by Accuvant Labs)

Litchfield is tops in database security, discovering vulnerability after vulnerability, year after year, in Oracle, SQL Server, IBM DB2, in addition to writing several books on security and forensics. When Oracle's Larry Ellison 10 years ago proclaimed his database software "unbreakable," the feisty Litchfield punched a hole through that one again and again.


Neil MacDonald, Gartner analyst

Virtualization is changing the IT software and hardware business, and there to keep the industry honest about the security impact of it all is MacDonald, combining both wit and wisdom to prod the sometimes unwilling vendors along. They get mad&but most seem to respect him.


Moxie Marlinspike, chief technical officer Whisper Systems

Marlinspike is the take-the-road-less-travelled type, questioning every twist and turn. And in questioning the baseline for security in the SSL server certificate industry today, and coming up with an alternative -- still experimental -- called "Convergence," he shows the kind of moxie it takes to go against conventional thinking to try to improve things. Will his ideas be able to go the distance? Time will tell.


Charlie Miller, computer security researcher Accuvant Labs

Given to public displays of his hacking prowess, Miller, who previously worked for the National Security Agency, is an expert in deconstructing Apple products, such as the MacBook, Safari browser and iPhone, for security weaknesses. Watch out, he has a good time with Android, too.


Bruce Schneier, chief technology officer of BT managed security solutions

With his skill in cryptography and security acumen, Schneier would be welcome on any All-Stars Security team. But it's his ability to write candidly about social and political forces, as well the psychological aspects of security, that increasingly make him a philosopher in a world of technicians. His next book? He says it's about "trust" and how a society does or does not foster it.


Sherri Sparks, president of Clear Hat Consulting

In the security firm she founded with fellow researcher Shawn Embleton, Sparks has made her mark in discovering how rootkits can be used to subvert and compromise computer networks, with a growing focus on virtualization. Rootkits are designed to hide their presence on compromised systems, but Sparks' specialty is finding them.


Joe Stewart, director malware research for the counter threat unit at Dell SecureWorks

Over the years, Stewart has gone into the darker corners of the Internet to track cybercriminals and the malware and botnets they use to plunder bank accounts or to steal intellectual property. He and his staff are often the first to uncover dangerous new code specimens and analyze intent.

Gartner: 16 long-held IT business practices you need to kill

25 tech touchstones of the past 25 years

DARPA offers $50,000 prize if you can figure out these shredded puzzles

Copyright © 2011 IDG Communications, Inc.

Related Slideshows