By Roger A. Grimes
June 7, 2017
The people who hack the hackers
The people who fight hackers and their malware creations cover the gambit of computer security jobs, including penetration testers, fixers, policy makers, educators, product developers, security reviewers, writers, cryptographers, privacy advocates, securers, threat modelers, and other computer security wonks in all fields.
Here are some of the interesting computer security defenders I cover in my latest book, Hacking the Hackers:
Krebs is a long-time investigative journalist who is famous for bringing down some of the web’s most notorious criminal gangs. He routinely identifies previously anonymous malicious hackers by name, often leading to their arrest. Krebs learned to speak and read Russian so he could track and report on Russian cybercrime companies and syndicates. He is so successful that hackers routinely try to have him arrested by SWAT teams by sending drugs, fake currency and false hostage reports. His best-selling book Spam Nation was a takedown of the Russian spam industry and revealed that sometimes our own legitimate industries are intentionally allowing more cybercrime to occur because it benefits them financially. Anything Brian Krebs writes is worth reading.
As the creator of multiple trusted encryption ciphers, Schneier is considered the father of modern computer cryptography. He is the top industry luminary in the computer security field and regularly speaks to Congress and to the biggest media outlets. Today, Schneier is mostly concerned with human issues behind computer security failures. I consider reading anything Schneier writes a mandatory part of any computer security education.
Dr. Dorothy Denning
Professor emeritus at the Naval Postgraduate School, Denning was an early computer security pioneer, creating seminal works on computer encryption, intrusion detection, cyberwarfare and access control. She invented the Lattice security model, which underlies many modern access control models. She was concerned about (and writing about) cyberwarfare before there was cyberwarfare.
The world’s most famous hacker, once prevented from even using a phone, Mitnick has long been out of prison and gone legit. Today, he is the CEO of his own computer security defense company and regularly writes about the threats of social engineering and privacy invasions. Many former malicious hackers can’t be trusted, but Mitnick is an exception.
Howard, and friends, created a secure software programming method known as the Security Development Lifecycle (SDL), which is now used by hundreds of companies around the world to decrease the number of bugs in their software that can be exploited by hackers. Most early SDL critics now use it after years of seeing how well it worked.