博文
2007信息安全界59牛人[转]
|
转自:http://fjwzp.bokee.com/viewdiary.15246378.html
BLOGGERS
9. The Converging Network
http://theconvergingnetwork.com/
Mitchell Ashley, the CTO and GM of emerging products at StillSecure, blogs at CTN. His blog focuses on the convergent nature of today’s IT world, where networking issues and security issues have become intertwined. Network security, Mitchell says, “has moved from the perimeter to the interior of the network.”
10. Andy Willingham
http://andyitguy.blogspot.com/
Andy has been in IT for about 10 years, starting in the world of OS2 and Novell. About 6 years ago he became interested in security and became a CISSP - a certified information systems security professional. His March 7, 2007 post talks about the internet’s “original sin” - the fact that from its creation, it was never intended to be a secure network. This metaphor makes Andy and his fellow CISSPs priests in the church of IT security.
11. Martin McKeay
http://www.mckeay.net/
Martin McKeay, a certified information systems security professional, has been called an IT security “guru,” a “security A lister,” and a “blog evangelist” by his peers. All the other IT security bloggers read McKeay’s blog, so you should too. As of February 2007, McKeay had been hired by StillSecure, where he will be working on the Alpha testing of Cobia, an open source unified network platform that includes routing, core network services and security, all in the same software application.
12. Brian Krebs
http://blog.washingtonpost.com/securityfix/
Brian Krebs joined the Washington Post in 1995, started covering the technology and computer security in 2000, and began blogging at washingtonpost.com March 2005. While other bloggers focus on the detailed minutiae of IT network security, Krebs’ Security Fix blog is aimed at average internet users, helping them fight viruses, worms and identity theft. Think of Security Fix as a daily “weather update” for your computer’s internet security.
13. Rebecca Herold
http://www.realtime-itcompliance.com/index.html
Rebecca Herold has over 16 years of experience as an information security professional. Rebecca created the Information Protection program at Principal Financial Group where she worked for 12 years. She now writes for Realtimepublishers.com. On her blog, she writes about identity theft, information security, and the government’s role in business computing.
14. Thomas Ptacek, et al
http://www.matasano.com/log/
Matasana Chargen is a high output team blog that covers several beats under the network security umbrella, including chronicling the “oft predicted demise” of the security industry; disclosing security flaws and vulnerabilities; security issues related to Apple’s OS X operating system; and its “Peabody Award winning series,” This Old Vulnerability.
15. Michael J. Santarcangelo
http://www.securitycatalyst.com/
Michael Santarcangelo, the self-proclaimed “bald security expert,” has a confession to make: he loves to reduce the jargon-infused tech speak of programming nerds and security professionals, into easy to understand language that users will understand. Yes, users - that group of dim witted monkeys that computer geeks typically view with scorn and derision. But for Michael Santarcangelo, his passion is explaining difficult concepts in simple terms to inspire users to change their behaviors.
16. Michael R. Farnum
http://securityplace.blogspot.com/
Like Michael Santarcangelo, Michael Farnum is also a bald security expert. The difference? Farnum sports a goatee. Farnum has been in the information security field since 2000, and currently works for Accuvant in Houston. He blogs about real world manifestations of information security issues, like the Texas governor’s emails, and flying without identification in a post 9/11 world.
17. Michael Dahn
http://pcianswers.com/
Michael Dahn administers an impersonal blog crammed with information about the Payment Card Industry (PCI) and its Data Security Standard (DSS). Anyone can get author status on his blog by demonstrating knowledge of PCI in the comments. Smooth and efficient credit card purchasing is the cornerstone of the online economy. Dahn’s blog covers everything from PCI compliance in Europe to regulatory issues in America.
18. Adam Shostack
http://www.emergentchaos.com/
Emergent Chaos is a group blog on security, privacy, liberty and economics - a self-declared “Emergent Chaos jazz combo of the blogosphere. ” While the EC bloggers tend to drift off topic with political posts, they shine at the nexus of politics and IT security, like their March 1, 2007 posts on banking security and the fine print issues surrounding the National ID card legislation.
19. Security Bloggers Network
http://networks.feedburner.com/Security-Bloggers-Network
Your first and last stop for all things security related in the blogosphere. SBN hosts a comprehensive blogroll of all the major IT security blogs and an instant RSS feed of all recent posts by member blogs.
20. Mike Murray
http://www.episteme.ca/
A member of the Security Bloggers Network, Murray focuses his blog on the career aspects of the security industry - hiring and recruiting, time and life management, and career skills, including a sadly true posting from early March 2007 that telling you that due to the changing nature of online job hunting, your resume is junk mail.
21. More Bloggers In Our Feed Reader
Scott J. Roberts http://blog.vulnerableminds.com/
Pete Lindstrom http://spiresecurity.typepad.com/
Raffael Marty http://www.raffy.ch/blog/
Alex Hutton http://riskanalysis.riskmanagementinsight.com/
George Ou http://blogs.zdnet.com/Ou/
Alan Shimel http://www.stillsecureafteralltheseyears.com/
Samuel Van Ryder http://www.stillsecureafteralltheseyears.com/ashimmy/
Ron Gula http://blog.tenablesecurity.com/
Cutaway http://www.cutawaysecurity.com/
Ross Brown http://technobabylon.typepad.com/
Alex Eckleberry http://sunbeltblog.blogspot.com/
Ryan Russell http://ryanlrussell.blogspot.com/index.html
Angela Gunn http://www.computerworld.com/blogs/gunn
Garrett Gee http://ggee.org/blog/
Misha Govshteyn http://blog.alertlogic.net/
Jeremiah Grossman http://jeremiahgrossman.blogspot.com/
Chris Harrington http://infosecpodcast.com/
Ron Woerner http://www.securitycatalyst.com/
Andrew Lark http://andylark.blogs.com/
Andrew Storms http://blog.ncircle.com/blogs/sync/
Micheal Wright http://mcwresearch.com/
Jordan Wiens http://psifertex.com/
Autumn Haynes http://www.rsa.com/blog/
Michelle McLean http://consentry.typepad.com/blog/
Lori MacVittie http://devcentral.f5.com/weblogs/macvittie/
Chris Boyd http://www.vitalsecurity.org/
Wayne Porter http://blog.spywareguide.com/
Robert Graham http://erratasec.blogspot.com/
Eric Green http://www.larstanpodcasting.com/
Ryan Singel http://blog.wired.com/27bstroke6/
Andreas Antonopolous http://www.nemertes.com/blog/andreas_m_antonopoulos
David Kanter http://www.realworldtech.com/
Christopher Hoff http://rationalsecurity.typepad.com/
Ryan Naraine http://securitywatch.eweek.com/
CORPORATE SECURITY OFFICERS
22. W. M. Coughran
Jr. Vice President, Engineering, Google
Bill Coughran has a Ph.D. in Computer Science from Stanford, an MS in mathematics from Caltech, and is Google's VP of Engineering for Systems Infrastructure, where he's responsible for securing the large-scale distributed programs that underlie Google's web presence. Google’s security strategy parallels its operating philosophy - pairing first rate geniuses with common users, specifically a user subset that Google calls “external security enthusiasts,” who keep Coughran’s team on its toes by exposing security errors and notifying Google of weaknesses through responsible disclosure. It's a process critical to the “ecology of the Internet,” according to Google’s security team.
23. Stephen Toulouse
Product Manager, Security Technology Unit, Microsoft
Before moving into his current job, Stephen Toulouse was the communications manager for security response at Microsoft from 2002 to 2006, where he worked to solve reported vulnerabilities in Microsoft software. Now he is a senior product manager in the Security Technology Unit, currently working with security features of Windows new operating system, Vista. He blogs and posts pictures on his personal web page, http://www.stepto.com/.
24. Christopher Hoff
Chief Security Strategist, Crossbeam Systems, Inc.
Christopher Hoff is the Chief Security Strategist for Crossbeam Systems, Inc., the leader in unified threat management (UTM) for the world's largest networks. Hoff is responsible for developing the company's global security strategy. Before joining the Crossbeam team, Hoff served as chief information security officer, and director of enterprise security services at WesCorp, a $25 billion financial services cooperative.
25. Ron Gula
CEO & CTO, Tenable Network Security
Tenable Network Security, Inc. provides security management solutions for large and small networks. Tenable offers products which perform vulnerability scanning, passive network monitoring, log analysis, security event management and remediation workflow. Ron Gula, Tenable’s CEO and CTO, began his career in information security while working at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research.
26. Michael Barrett
Chief Information Security Officer, PayPal
More than three quarters of all phishing e-mails are targeted to the users of eBay and its PayPal subsidiary. Despite the pending launch of the next generation of PayPal security, Michael Barrett, the company's chief information security officer, admits the online payment leader will still be troubled by phishing and other attacks in the near future. The fraudulent emails most often attempt to gather personal information including credit card numbers and passwords to rip off legit users. Of these emails, 54.3 percent attempt to steal information from users of PayPal.
27. Mark Ford
Partner/Principal, Deloitte & Touche
Mark Ford is a partner in D&T’s Security Services group, leading teams responsible for implementing technical security products to solve complex access management issues. Mark has developed information security architecture programs including platform and network security baseline configurations, user awareness programs, legal and regulatory compliance, and classification methodologies. He has served as the engagement partner for the implementation of identity management and web single sign on solutions at many of D&Ts key clients. Currently, Mark leads Deloitte's Identity Management Practice within the U.S. Central Sector. He also serves as the national partner relationship manager between Deloitte & Touche and IBM regarding the SecureWay product line.
28. Dr. Selim Aissi
Chief Architect, Mobile Manageability & Security, Intel
Dr. Selim Aissi has been working in the computer industry for over 14 years and has been involved in the development of safety critical, embedded systems, information technology, and wireless platforms in the R&D sector and military, automotive, and commercial environments. Before joining Intel in 2000, he worked at the University of Michigan, General Dynamics' M1A2 Abrams battlefield tank division, General Motors' embedded controller excellence center, and Applied Dynamics International. At Intel, he played several management and senior architecture roles, and he is currently the chief architect for manageability and security at Intel’s mobile platform architecture division (Centrino). Dr. Aissi has over 15 patents submitted and is the co-author of the recent book "Security in Mobile Networks and Platforms" (Artech House).
29. Anthony Nadalin
Distinguished Engineer, CSA, IBM
Anthony Nadalin is the chief security architect for IBM SWG, and also serves as the primary security liaison to Sun Microsystems' JavaSoft Division for Java security design and development collaboration. In his 20 year career with IBM, Anthony has been lead security architect for VM/SP, security architect for AS/400, and security architect for OS/2. Anthony has authored and coauthored over thirty technical journals and conference articles, and has published a book on Java security and the Internet.
30. Nico Popp
VP and General Manager of Authentication and Email Security, Verisign
Nico Popp is the vice president and general manager of VeriSign Authentication and Email Security Services within the security services business unit. In this role, Nico is responsible for managing VeriSign unified strong authentication, client PKI and anti-spam products. Nico is also head of the research & advanced products group that leads VeriSign's efforts developing new products and services. In 1990, together with Professor Ilan Kroo from Stanford University, Nico designed and built a semi-rigid asymmetric windsurfing sail that performed the world's fourth fastest run (30.1 knots) at the Windsurfing Speed Championship in Saintes Marie de la Mer, France.
31. Toffer Winslow
VP Product Management and Product Marketing, RSA Security
Toffer Winslow leads RSA Security’s product management, product marketing, partner development and strategic planning for the company’s identity and access management solutions. Toffer is a frequent speaker at industry conferences including Digital ID World, RSA Conference and eWorld Financial Expo. He is also a graduate of the Harvard University Graduate School of Business Administration, and an honors graduate in political science from the University of British Columbia.
32. Patrick O'Kane
Chief Identity and Access Management Architect, Unisys Corporation
Mr. Pat O'Kane is chief architect for the Identity and Access Management (IAM) practice at Unisys Corporation, who recently acquired his former employer, ePresence. ePresence was a professional services firm focused on Security and Identity Management solutions for large corporate and government enterprises where he served at CTO. Well known for his expertise in the design of large scale projects in the IAM environment, Mr. O'Kane works closely with the Unisys professional services teams to design, build and manage complete end-to-end solutions. He also works with clients as a Solution Architect and Project Manager for complex IAM projects.
33. Vadim Lander
Chief Security Architect, CA
As Chief Security Architect, Vadim Lander advises CA on key security technology trends and works with the engineering teams to implement CA’s technical direction. Previously, Lander was CTO at Netegrity, which was acquired by CA in November 2004. Lander joined Netegrity in 1996 as a senior software engineer, bringing with him over ten years of development experience at a number of high tech companies. Throughout his tenure at Netegrity he held a number of successive growth positions in engineering, and has been instrumental in the definition and development of the company’s identity and access management products.
34. Amit Jasuja
VP Development Security & Identity Managment, Oracle
Mr. Jasuja is responsible for driving Oracle’s go-to market strategy for its identity management business. This responsibility encompasses security solution development, partner and sales enablement as well as product management. Prior to joining Oracle, Jasuja was a vice president of product management at Netegrity. During his five years at Netegrity, Jasuja's team was responsible for product planning and strategy for the company’s entire product line.
35. John W. Thompson
CEO Symantec - Norton Utilities
John W. Thompson is chairman of the board of directors and chief executive officer of Symantec Corporation. Under Thompson's leadership, Symantec has grown from a small consumer software publisher to the market leader for security solutions with the ubiquitous security software package, Norton Utilities. In September 2002, President George W. Bush appointed Thompson to the National Infrastructure Advisory Committee (NIAC), to make recommendations regarding security of the critical infrastructure of the United States.
36. Thomas E. Noonan
General Manager, IBM Internet Security Systems
Following the October 2006 merger of IBM and Internet Security Systems, Thomas Noonan became the General Manager of IBM Internet Security Systems. Prior to the merger, Mr. Noonan was the Chairman, President and Chief Executive Officer of Internet Security Systems, Inc. (ISS), a leading global provider of information protection solutions that secures IT infrastructure and defends key online assets from attack and misuse. Prior to co-founding ISS, Mr. Noonan held senior management positions while at Dun and Bradstreet Software. Mr. Noonan holds a bachelor's degree in Mechanical Engineering from Georgia Tech and a Master's of Business Administration from Harvard University.
37. Brett Childress
Director of IT Infrastructure, NI
Before becoming NI’s Director of IT Infrastructure, Childress was an MIS Supervisor at San Jose, CA-based Cypress Semiconductor. Prior to joining Cypress, he worked as a lead software engineer for NASA at their Johnson Space Center Engineering Directorate. At NASA, Childress was a Group Lead for the JSC Mission Operations Directorate.
WHITE HAT HACKERS
38. Fydor
Fydor, the hacker pseudonym of Gordon Lyon, is known as the maker of Nmap ("Network Mapper") - a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine the security characteristics of the computer system it’s running on. Thousands of people download Nmap every day. It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository.
39. Honeynet Project
The Honeynet Project, led by Lance Spitzner, is a project to develop and analyze computer honeynet and honeypot data, and to further research into how malicious hackers act. A honeypot is a trap set to detect, deflect or in some manner counteract hacker attempts to break into information systems - as valuable as a surveillance and early warning tool.
40. Mark Russinovich
Mark Russinovich is an expert on Windows architecture and programming; noted for identifying the limited differences between Windows NT Server and Workstation, and discovering the 2005 Sony Rootkit software. As a copy protection measure, Sony BMG included the Extended Copy Protection on music CDs, which was automatically installed on desktop computers when customers played the CDs, opening security holes that allowed viruses to break in.
41. Kevin Mitnick
Mitnick is a ex-convict, having served time for crimes involving his black hat hacking activities including identity theft, phone phreaking and social engineering. Since his release from prison, Mitnick has donned a white hat and started his own security firm, Mitnick Security Consulting, LLC.
42. Tsutomu Shimomura
Tsutomu Shimomura is a computer security expert who gained fame when he, together with computer journalist John Markoff, tracked down and helped the FBI arrest hacker Kevin Mitnick. "Takedown," his 1996 book on the subject, was later adapted for the screen in Takedown.
43. Solar Designer
Alexander Peslyak (aka Solar Designer) is a Russian security expert know for his exploitation techniques and security audit tools. He is the founder of the Openwall Project, which has designed a security rich operating system for servers.
44. Michal Zalewski
A Polish born security expert, Zalewski has been white hat hacking since the mid 1990s, when he started posting on BugTraq. He has written software for Unix systems and recently wrote a book, "Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks."
45. Kevin Poulsen
Wired News editor/blogger and former hacker, Poulen wrote a wrote a 1,000 line Perl script that checked MySpace for registered sex offenders. Sifting through the results, he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress that it didn't have this capability. The script is now available for free.
46. H.D. Moore
Moore founded the Metasploit Project in 2003, which helps white hat hackers who perform penetration testing and exploit research. The Metasploit Framework, a product of the project, helps security developers test exploit code.
47. David Maynor
Maynor is a senior researcher at SecureWorks where his duties include vulnerability development, developing and evaluating new evasion techniques, and development of protection for customers. In 2006, he demonstrated how to hack into Apple’s MacBook via a weakness in the laptop’s wireless internet connection. He also blogs about security at http://erratasec.blogspot.com/
48. SANS Internet Storm Center
Today the Internet Storm Center gathers millions of intrusion detection log entries every day, from sensors covering over 500,000 IP addresses in over 50 countries. The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with internet service providers to fight back against the most malicious attackers.
THE DOT GOVS AND DOT MILS
49. John G. Grimes
Assistant Secretary of Defense for Networks and Information Integration, and Department of Defense, Chief Information Officer
John Grimes was nominated by President Bush for the position of assistant secretary of defense for networks and information integration (ASD NII) / Department of Defense chief information officer (CIO) - perhaps one of the few Bush appointees with actual experience in his appointed position, yet who also donated $2,100 between 2003 and 2004 to a PAC operated by Raytheon, an American weapons manufacturer, whose PAC contributes to campaigns of both parties.
50. Gary Forsee
Chairman, National Security Telecommunications Advisory Committee (NSTAC)
NSTAC provides industry based advice and expertise to the President on issues and problems related to implementing national security and emergency preparedness (NS/EP) communications policy. NSTAC has identified the need for the government to consider how the convergence of traditional circuit switched telecommunications systems with the Internet might affect existing priority communications systems. They recommended that the government determine how it could obtain priority services in the next generation packet based networks. Forsee, the committee’s chairman, is CEO of Sprint Nextel.
51. Committee on National Security Systems (CNSS)
Under an executive order issued in the wake of 9/11, President Bush renamed the National Security Telecommunications and Information Systems Security Committee (NSTISSC) as the Committee on National Security Systems (CNSS). The Department of Defense continues to chair the Ccommittee, but certain functions were transferred to the secretary of homeland Security in 2003. The CNSS provides guidance for the security of national security systems, which contain classified information that involves intelligence activities; cryptographic activities related to national security; command and control of military forces; and/or involves equipment that is an integral part of a weapon or weapons systems.
52. Computer Incident Advisory Capability, U.S. Department of Energy
CIAC has been providing the U.S. Department of Energy with incident response, reporting, and tracking, along with other computer security support since 1989. CIAC is a founding member of GFIRST, the Government Forum of Incident Responders and Security Teams and FIRST, an international incident response and security organization. CIAC’s mission is to identify emerging safeguard issues relative to information security and privacy; to advise other agencies on information security and privacy issues pertaining to Federal Government information systems.
53. National Safety Information Exchange
In 1991, the NSTAC, working with the NCS, recommended establishing a Government industry partnership to reduce the vulnerability of the Nation's telecommunications systems to electronic intrusion. The National Safety Information Exchange (NSIE) was established as a forum where government and industry could share information in a trusted and confidential environment. The NSIE process continues to function today, demonstrating that industry and government will share sensitive security information if they find value in doing so. NSIE’s web site, slated for launch in late 2006, is not yet operational.
54. Anthony Russo
Contract Project Manager, NASA Incident Response Center (NASIRC)
The NASIRC, located at Goddard Space Flight Center in Building 28, researches, coordinates, and responds to all reported NASA computer and network security incidents resulting from unauthorized probes, intrusions, and system compromises. In a typical week it is not unusual for NASIRC to receive over one thousand security incident reports of IT security activities involving NASA Field Centers. NASIRC's day to day operations are staffed by Allied Technology Group, Inc., which includes the following people: Anthony Russo, contract project manager; Tom Baxter, lead incident response coordinator; Michael Brice, incident response coordinator; Jacob Whiting, incident response coordinator; Patti Johnson, security analyst; Eric Scanlan, system administration UNIX/NT; Nathan Bagby, applications development; and Frank Husson, who serves as the Allied Technology group director.
55. Howard Schmidt
Former Vice Chair, Critical Infrastructure Protection Board, US Government
Schmidt has years of experience in the information security industry, including vice chair of the Critical Infrastructure Protection Board, receiving his appointment from President George W. Bush. Schmidt served as vice president and chief information security officer for eBay, Inc. and has also been chief security officer for Microsoft Corp., overseeing the Security Strategies Group. Prior to joining Microsoft, Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI), Computer Forensic Lab and Computer Crime and Information Warfare Division. The AFOSI mandate is to investigate intrusions in government and military systems by persons in counterintelligence organizations and criminals. Schmidt recently released a book called "Patrolling Cyberspace: Lessons Learned from a Lifetime in Data Security."
56. National Computer Security Center (NCSC)
The Department of Defense Computer Security Center was established in 1981 to encourage the widespread availability of trusted computer systems for use by facilities processing classified or other sensitive information. In August 1985 the name of the organization was changed to the National Computer Security Center (NCSC).
57. Collaborations in Internet Security (CIS )
In recognition of the need for heightened security awareness and security capabilities on the Internet, the Federal Networking Council's (FNC) Privacy & Security Working Group (PSWG) has been awarded a National Performance Review (NPR) Innovation Fund grant to compare and validate agency approaches to security, and to test the strength of these technologies beyond closed agency networking environments toward both a more global inter-agency and agency/commercial sector environment.
58. Federal Information Systems Security Educators' Association
The Federal Information Systems Security Educators' Association (FISSEA), founded in 1987, is an organization run by and for federal information systems security professionals. FISSEA assists federal agencies in meeting their computer security training responsibilities.
THE IT SECURITY TEAM
59. Ask the Experts
Last but not least, a special thanks to the ITSecurity.com experts - another A-List of 30 security pros who’ve never been stumped by a security question from our readers.
https://blog.sciencenet.cn/blog-43726-23302.html
CHIEF BLOGGING OFFICERS
1. Amrit Williams
http://techbuddha.wordpress.com/
Amrit Williams, the man behind TechBuddha, changed jobs in late 2006, from an analyst at Gartner to the CTO of BigFix. On his blog, Amrit champions the need for the IT security industry to respond to the new threat environment facing network defenses, changing business models that include more telecommuters and mobile workers, and increasing regulatory compliance.
2. Alan Shimel
http://www.stillsecureafteralltheseyears.com/
Shimel is the Chief Strategy Officer of StillSecure, where he has worked to build StillSecure into a leading provider of network security solutions since 2001. He blogs about web and tech issues, security tips, and security outsourcing, as well as out-of-office concerns like books, current affairs and family.
3.Richard Stiennon
http://blogs.zdnet.com/threatchaos/
Richard Stiennon is Chief Marketing Officer for Fortinet, Inc. Most recently he was Chief Research Analyst at IT Harvest. Prior to joining IT Harvest, he was VP of threat research for Webroot Software, Inc. the leading commercial anti-spyware solution. He blogs for ZDNet about cybercrime and security.
4. Dr. Anton Chuvakin
http://chuvakin.blogspot.com/
Dr. Chuvakin is a recognized security expert and book author. In his current role as a Director of Product Management with LogLogic, a log management and intelligence company, he is involved with defining and executing a product vision and strategy, driving the product roadmap, conducting research, as well as assisting key customers with their LogLogic implementations. He blogs about security issues, log management, industry trends and computer tips.
5. Bruce Schneier
http://www.schneier.com/blog/
Bruce Schneier is the founder and CTO of the pioneering security firm BT Counterpane. The author of eight books on security, Schneier has testified before Congress on national network security issues. His first bestseller, “Applied Cryptography,” was described by Wired magazine as “the book the National Security Agency wanted never to be published.” He blogs about business security solutions, personal computer protection, and IT security in the era of terrorism, with a penchant for catching all the instances when police departments blow things up that they think are bombs, but really aren’t.
6. Richard Bejtlich
http://taosecurity.blogspot.com/
Richard Bejtlich, President and CEO of TaoSecurity, has written several books on network security, including specific topics like internal network intrusion and digital forensics. In his book, “Hacking Exposed,” Bejtlich was the first to publish the term “network security monitoring.” He blogs about network security, naturally, with a penchant for including all the code and computer feedback, which transforms his blog posts into helpful how-to guides.
7. Mike Rothman
http://securityincite.com/
Security Incite is an industry analyst firm specializing in the information security market. Their mission is to “Help subscribers protect their information assets more effectively by making better decisions.” SI provides analysis on information security topics and publishes detailed reports to ensure that high profile projects are executed successfully.
8. Kenneth F. Belva
http://www.bloginfosec.com/
Kenneth F. Belva manages an information technology risk management program for a bank whose assets are in the billions of dollars. He reports directly to the senior vice president and deputy general manager (CFO). He is currently on the board of directors for the New York Metro chapter of the Information Systems Security Association (ISSA) as the chair of the public relations committee. He blogs about exploit code, technical work arounds, security breaches, and virtual trust.
BLOGGERS
9. The Converging Network
http://theconvergingnetwork.com/
Mitchell Ashley, the CTO and GM of emerging products at StillSecure, blogs at CTN. His blog focuses on the convergent nature of today’s IT world, where networking issues and security issues have become intertwined. Network security, Mitchell says, “has moved from the perimeter to the interior of the network.”
10. Andy Willingham
http://andyitguy.blogspot.com/
Andy has been in IT for about 10 years, starting in the world of OS2 and Novell. About 6 years ago he became interested in security and became a CISSP - a certified information systems security professional. His March 7, 2007 post talks about the internet’s “original sin” - the fact that from its creation, it was never intended to be a secure network. This metaphor makes Andy and his fellow CISSPs priests in the church of IT security.
11. Martin McKeay
http://www.mckeay.net/
Martin McKeay, a certified information systems security professional, has been called an IT security “guru,” a “security A lister,” and a “blog evangelist” by his peers. All the other IT security bloggers read McKeay’s blog, so you should too. As of February 2007, McKeay had been hired by StillSecure, where he will be working on the Alpha testing of Cobia, an open source unified network platform that includes routing, core network services and security, all in the same software application.
12. Brian Krebs
http://blog.washingtonpost.com/securityfix/
Brian Krebs joined the Washington Post in 1995, started covering the technology and computer security in 2000, and began blogging at washingtonpost.com March 2005. While other bloggers focus on the detailed minutiae of IT network security, Krebs’ Security Fix blog is aimed at average internet users, helping them fight viruses, worms and identity theft. Think of Security Fix as a daily “weather update” for your computer’s internet security.
13. Rebecca Herold
http://www.realtime-itcompliance.com/index.html
Rebecca Herold has over 16 years of experience as an information security professional. Rebecca created the Information Protection program at Principal Financial Group where she worked for 12 years. She now writes for Realtimepublishers.com. On her blog, she writes about identity theft, information security, and the government’s role in business computing.
14. Thomas Ptacek, et al
http://www.matasano.com/log/
Matasana Chargen is a high output team blog that covers several beats under the network security umbrella, including chronicling the “oft predicted demise” of the security industry; disclosing security flaws and vulnerabilities; security issues related to Apple’s OS X operating system; and its “Peabody Award winning series,” This Old Vulnerability.
15. Michael J. Santarcangelo
http://www.securitycatalyst.com/
Michael Santarcangelo, the self-proclaimed “bald security expert,” has a confession to make: he loves to reduce the jargon-infused tech speak of programming nerds and security professionals, into easy to understand language that users will understand. Yes, users - that group of dim witted monkeys that computer geeks typically view with scorn and derision. But for Michael Santarcangelo, his passion is explaining difficult concepts in simple terms to inspire users to change their behaviors.
16. Michael R. Farnum
http://securityplace.blogspot.com/
Like Michael Santarcangelo, Michael Farnum is also a bald security expert. The difference? Farnum sports a goatee. Farnum has been in the information security field since 2000, and currently works for Accuvant in Houston. He blogs about real world manifestations of information security issues, like the Texas governor’s emails, and flying without identification in a post 9/11 world.
17. Michael Dahn
http://pcianswers.com/
Michael Dahn administers an impersonal blog crammed with information about the Payment Card Industry (PCI) and its Data Security Standard (DSS). Anyone can get author status on his blog by demonstrating knowledge of PCI in the comments. Smooth and efficient credit card purchasing is the cornerstone of the online economy. Dahn’s blog covers everything from PCI compliance in Europe to regulatory issues in America.
18. Adam Shostack
http://www.emergentchaos.com/
Emergent Chaos is a group blog on security, privacy, liberty and economics - a self-declared “Emergent Chaos jazz combo of the blogosphere. ” While the EC bloggers tend to drift off topic with political posts, they shine at the nexus of politics and IT security, like their March 1, 2007 posts on banking security and the fine print issues surrounding the National ID card legislation.
19. Security Bloggers Network
http://networks.feedburner.com/Security-Bloggers-Network
Your first and last stop for all things security related in the blogosphere. SBN hosts a comprehensive blogroll of all the major IT security blogs and an instant RSS feed of all recent posts by member blogs.
20. Mike Murray
http://www.episteme.ca/
A member of the Security Bloggers Network, Murray focuses his blog on the career aspects of the security industry - hiring and recruiting, time and life management, and career skills, including a sadly true posting from early March 2007 that telling you that due to the changing nature of online job hunting, your resume is junk mail.
21. More Bloggers In Our Feed Reader
Scott J. Roberts http://blog.vulnerableminds.com/
Pete Lindstrom http://spiresecurity.typepad.com/
Raffael Marty http://www.raffy.ch/blog/
Alex Hutton http://riskanalysis.riskmanagementinsight.com/
George Ou http://blogs.zdnet.com/Ou/
Alan Shimel http://www.stillsecureafteralltheseyears.com/
Samuel Van Ryder http://www.stillsecureafteralltheseyears.com/ashimmy/
Ron Gula http://blog.tenablesecurity.com/
Cutaway http://www.cutawaysecurity.com/
Ross Brown http://technobabylon.typepad.com/
Alex Eckleberry http://sunbeltblog.blogspot.com/
Ryan Russell http://ryanlrussell.blogspot.com/index.html
Angela Gunn http://www.computerworld.com/blogs/gunn
Garrett Gee http://ggee.org/blog/
Misha Govshteyn http://blog.alertlogic.net/
Jeremiah Grossman http://jeremiahgrossman.blogspot.com/
Chris Harrington http://infosecpodcast.com/
Ron Woerner http://www.securitycatalyst.com/
Andrew Lark http://andylark.blogs.com/
Andrew Storms http://blog.ncircle.com/blogs/sync/
Micheal Wright http://mcwresearch.com/
Jordan Wiens http://psifertex.com/
Autumn Haynes http://www.rsa.com/blog/
Michelle McLean http://consentry.typepad.com/blog/
Lori MacVittie http://devcentral.f5.com/weblogs/macvittie/
Chris Boyd http://www.vitalsecurity.org/
Wayne Porter http://blog.spywareguide.com/
Robert Graham http://erratasec.blogspot.com/
Eric Green http://www.larstanpodcasting.com/
Ryan Singel http://blog.wired.com/27bstroke6/
Andreas Antonopolous http://www.nemertes.com/blog/andreas_m_antonopoulos
David Kanter http://www.realworldtech.com/
Christopher Hoff http://rationalsecurity.typepad.com/
Ryan Naraine http://securitywatch.eweek.com/
CORPORATE SECURITY OFFICERS
22. W. M. Coughran
Jr. Vice President, Engineering, Google
Bill Coughran has a Ph.D. in Computer Science from Stanford, an MS in mathematics from Caltech, and is Google's VP of Engineering for Systems Infrastructure, where he's responsible for securing the large-scale distributed programs that underlie Google's web presence. Google’s security strategy parallels its operating philosophy - pairing first rate geniuses with common users, specifically a user subset that Google calls “external security enthusiasts,” who keep Coughran’s team on its toes by exposing security errors and notifying Google of weaknesses through responsible disclosure. It's a process critical to the “ecology of the Internet,” according to Google’s security team.
23. Stephen Toulouse
Product Manager, Security Technology Unit, Microsoft
Before moving into his current job, Stephen Toulouse was the communications manager for security response at Microsoft from 2002 to 2006, where he worked to solve reported vulnerabilities in Microsoft software. Now he is a senior product manager in the Security Technology Unit, currently working with security features of Windows new operating system, Vista. He blogs and posts pictures on his personal web page, http://www.stepto.com/.
24. Christopher Hoff
Chief Security Strategist, Crossbeam Systems, Inc.
Christopher Hoff is the Chief Security Strategist for Crossbeam Systems, Inc., the leader in unified threat management (UTM) for the world's largest networks. Hoff is responsible for developing the company's global security strategy. Before joining the Crossbeam team, Hoff served as chief information security officer, and director of enterprise security services at WesCorp, a $25 billion financial services cooperative.
25. Ron Gula
CEO & CTO, Tenable Network Security
Tenable Network Security, Inc. provides security management solutions for large and small networks. Tenable offers products which perform vulnerability scanning, passive network monitoring, log analysis, security event management and remediation workflow. Ron Gula, Tenable’s CEO and CTO, began his career in information security while working at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research.
26. Michael Barrett
Chief Information Security Officer, PayPal
More than three quarters of all phishing e-mails are targeted to the users of eBay and its PayPal subsidiary. Despite the pending launch of the next generation of PayPal security, Michael Barrett, the company's chief information security officer, admits the online payment leader will still be troubled by phishing and other attacks in the near future. The fraudulent emails most often attempt to gather personal information including credit card numbers and passwords to rip off legit users. Of these emails, 54.3 percent attempt to steal information from users of PayPal.
27. Mark Ford
Partner/Principal, Deloitte & Touche
Mark Ford is a partner in D&T’s Security Services group, leading teams responsible for implementing technical security products to solve complex access management issues. Mark has developed information security architecture programs including platform and network security baseline configurations, user awareness programs, legal and regulatory compliance, and classification methodologies. He has served as the engagement partner for the implementation of identity management and web single sign on solutions at many of D&Ts key clients. Currently, Mark leads Deloitte's Identity Management Practice within the U.S. Central Sector. He also serves as the national partner relationship manager between Deloitte & Touche and IBM regarding the SecureWay product line.
28. Dr. Selim Aissi
Chief Architect, Mobile Manageability & Security, Intel
Dr. Selim Aissi has been working in the computer industry for over 14 years and has been involved in the development of safety critical, embedded systems, information technology, and wireless platforms in the R&D sector and military, automotive, and commercial environments. Before joining Intel in 2000, he worked at the University of Michigan, General Dynamics' M1A2 Abrams battlefield tank division, General Motors' embedded controller excellence center, and Applied Dynamics International. At Intel, he played several management and senior architecture roles, and he is currently the chief architect for manageability and security at Intel’s mobile platform architecture division (Centrino). Dr. Aissi has over 15 patents submitted and is the co-author of the recent book "Security in Mobile Networks and Platforms" (Artech House).
29. Anthony Nadalin
Distinguished Engineer, CSA, IBM
Anthony Nadalin is the chief security architect for IBM SWG, and also serves as the primary security liaison to Sun Microsystems' JavaSoft Division for Java security design and development collaboration. In his 20 year career with IBM, Anthony has been lead security architect for VM/SP, security architect for AS/400, and security architect for OS/2. Anthony has authored and coauthored over thirty technical journals and conference articles, and has published a book on Java security and the Internet.
30. Nico Popp
VP and General Manager of Authentication and Email Security, Verisign
Nico Popp is the vice president and general manager of VeriSign Authentication and Email Security Services within the security services business unit. In this role, Nico is responsible for managing VeriSign unified strong authentication, client PKI and anti-spam products. Nico is also head of the research & advanced products group that leads VeriSign's efforts developing new products and services. In 1990, together with Professor Ilan Kroo from Stanford University, Nico designed and built a semi-rigid asymmetric windsurfing sail that performed the world's fourth fastest run (30.1 knots) at the Windsurfing Speed Championship in Saintes Marie de la Mer, France.
31. Toffer Winslow
VP Product Management and Product Marketing, RSA Security
Toffer Winslow leads RSA Security’s product management, product marketing, partner development and strategic planning for the company’s identity and access management solutions. Toffer is a frequent speaker at industry conferences including Digital ID World, RSA Conference and eWorld Financial Expo. He is also a graduate of the Harvard University Graduate School of Business Administration, and an honors graduate in political science from the University of British Columbia.
32. Patrick O'Kane
Chief Identity and Access Management Architect, Unisys Corporation
Mr. Pat O'Kane is chief architect for the Identity and Access Management (IAM) practice at Unisys Corporation, who recently acquired his former employer, ePresence. ePresence was a professional services firm focused on Security and Identity Management solutions for large corporate and government enterprises where he served at CTO. Well known for his expertise in the design of large scale projects in the IAM environment, Mr. O'Kane works closely with the Unisys professional services teams to design, build and manage complete end-to-end solutions. He also works with clients as a Solution Architect and Project Manager for complex IAM projects.
33. Vadim Lander
Chief Security Architect, CA
As Chief Security Architect, Vadim Lander advises CA on key security technology trends and works with the engineering teams to implement CA’s technical direction. Previously, Lander was CTO at Netegrity, which was acquired by CA in November 2004. Lander joined Netegrity in 1996 as a senior software engineer, bringing with him over ten years of development experience at a number of high tech companies. Throughout his tenure at Netegrity he held a number of successive growth positions in engineering, and has been instrumental in the definition and development of the company’s identity and access management products.
34. Amit Jasuja
VP Development Security & Identity Managment, Oracle
Mr. Jasuja is responsible for driving Oracle’s go-to market strategy for its identity management business. This responsibility encompasses security solution development, partner and sales enablement as well as product management. Prior to joining Oracle, Jasuja was a vice president of product management at Netegrity. During his five years at Netegrity, Jasuja's team was responsible for product planning and strategy for the company’s entire product line.
35. John W. Thompson
CEO Symantec - Norton Utilities
John W. Thompson is chairman of the board of directors and chief executive officer of Symantec Corporation. Under Thompson's leadership, Symantec has grown from a small consumer software publisher to the market leader for security solutions with the ubiquitous security software package, Norton Utilities. In September 2002, President George W. Bush appointed Thompson to the National Infrastructure Advisory Committee (NIAC), to make recommendations regarding security of the critical infrastructure of the United States.
36. Thomas E. Noonan
General Manager, IBM Internet Security Systems
Following the October 2006 merger of IBM and Internet Security Systems, Thomas Noonan became the General Manager of IBM Internet Security Systems. Prior to the merger, Mr. Noonan was the Chairman, President and Chief Executive Officer of Internet Security Systems, Inc. (ISS), a leading global provider of information protection solutions that secures IT infrastructure and defends key online assets from attack and misuse. Prior to co-founding ISS, Mr. Noonan held senior management positions while at Dun and Bradstreet Software. Mr. Noonan holds a bachelor's degree in Mechanical Engineering from Georgia Tech and a Master's of Business Administration from Harvard University.
37. Brett Childress
Director of IT Infrastructure, NI
Before becoming NI’s Director of IT Infrastructure, Childress was an MIS Supervisor at San Jose, CA-based Cypress Semiconductor. Prior to joining Cypress, he worked as a lead software engineer for NASA at their Johnson Space Center Engineering Directorate. At NASA, Childress was a Group Lead for the JSC Mission Operations Directorate.
WHITE HAT HACKERS
38. Fydor
Fydor, the hacker pseudonym of Gordon Lyon, is known as the maker of Nmap ("Network Mapper") - a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine the security characteristics of the computer system it’s running on. Thousands of people download Nmap every day. It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository.
39. Honeynet Project
The Honeynet Project, led by Lance Spitzner, is a project to develop and analyze computer honeynet and honeypot data, and to further research into how malicious hackers act. A honeypot is a trap set to detect, deflect or in some manner counteract hacker attempts to break into information systems - as valuable as a surveillance and early warning tool.
40. Mark Russinovich
Mark Russinovich is an expert on Windows architecture and programming; noted for identifying the limited differences between Windows NT Server and Workstation, and discovering the 2005 Sony Rootkit software. As a copy protection measure, Sony BMG included the Extended Copy Protection on music CDs, which was automatically installed on desktop computers when customers played the CDs, opening security holes that allowed viruses to break in.
41. Kevin Mitnick
Mitnick is a ex-convict, having served time for crimes involving his black hat hacking activities including identity theft, phone phreaking and social engineering. Since his release from prison, Mitnick has donned a white hat and started his own security firm, Mitnick Security Consulting, LLC.
42. Tsutomu Shimomura
Tsutomu Shimomura is a computer security expert who gained fame when he, together with computer journalist John Markoff, tracked down and helped the FBI arrest hacker Kevin Mitnick. "Takedown," his 1996 book on the subject, was later adapted for the screen in Takedown.
43. Solar Designer
Alexander Peslyak (aka Solar Designer) is a Russian security expert know for his exploitation techniques and security audit tools. He is the founder of the Openwall Project, which has designed a security rich operating system for servers.
44. Michal Zalewski
A Polish born security expert, Zalewski has been white hat hacking since the mid 1990s, when he started posting on BugTraq. He has written software for Unix systems and recently wrote a book, "Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks."
45. Kevin Poulsen
Wired News editor/blogger and former hacker, Poulen wrote a wrote a 1,000 line Perl script that checked MySpace for registered sex offenders. Sifting through the results, he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress that it didn't have this capability. The script is now available for free.
46. H.D. Moore
Moore founded the Metasploit Project in 2003, which helps white hat hackers who perform penetration testing and exploit research. The Metasploit Framework, a product of the project, helps security developers test exploit code.
47. David Maynor
Maynor is a senior researcher at SecureWorks where his duties include vulnerability development, developing and evaluating new evasion techniques, and development of protection for customers. In 2006, he demonstrated how to hack into Apple’s MacBook via a weakness in the laptop’s wireless internet connection. He also blogs about security at http://erratasec.blogspot.com/
48. SANS Internet Storm Center
Today the Internet Storm Center gathers millions of intrusion detection log entries every day, from sensors covering over 500,000 IP addresses in over 50 countries. The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with internet service providers to fight back against the most malicious attackers.
THE DOT GOVS AND DOT MILS
49. John G. Grimes
Assistant Secretary of Defense for Networks and Information Integration, and Department of Defense, Chief Information Officer
John Grimes was nominated by President Bush for the position of assistant secretary of defense for networks and information integration (ASD NII) / Department of Defense chief information officer (CIO) - perhaps one of the few Bush appointees with actual experience in his appointed position, yet who also donated $2,100 between 2003 and 2004 to a PAC operated by Raytheon, an American weapons manufacturer, whose PAC contributes to campaigns of both parties.
50. Gary Forsee
Chairman, National Security Telecommunications Advisory Committee (NSTAC)
NSTAC provides industry based advice and expertise to the President on issues and problems related to implementing national security and emergency preparedness (NS/EP) communications policy. NSTAC has identified the need for the government to consider how the convergence of traditional circuit switched telecommunications systems with the Internet might affect existing priority communications systems. They recommended that the government determine how it could obtain priority services in the next generation packet based networks. Forsee, the committee’s chairman, is CEO of Sprint Nextel.
51. Committee on National Security Systems (CNSS)
Under an executive order issued in the wake of 9/11, President Bush renamed the National Security Telecommunications and Information Systems Security Committee (NSTISSC) as the Committee on National Security Systems (CNSS). The Department of Defense continues to chair the Ccommittee, but certain functions were transferred to the secretary of homeland Security in 2003. The CNSS provides guidance for the security of national security systems, which contain classified information that involves intelligence activities; cryptographic activities related to national security; command and control of military forces; and/or involves equipment that is an integral part of a weapon or weapons systems.
52. Computer Incident Advisory Capability, U.S. Department of Energy
CIAC has been providing the U.S. Department of Energy with incident response, reporting, and tracking, along with other computer security support since 1989. CIAC is a founding member of GFIRST, the Government Forum of Incident Responders and Security Teams and FIRST, an international incident response and security organization. CIAC’s mission is to identify emerging safeguard issues relative to information security and privacy; to advise other agencies on information security and privacy issues pertaining to Federal Government information systems.
53. National Safety Information Exchange
In 1991, the NSTAC, working with the NCS, recommended establishing a Government industry partnership to reduce the vulnerability of the Nation's telecommunications systems to electronic intrusion. The National Safety Information Exchange (NSIE) was established as a forum where government and industry could share information in a trusted and confidential environment. The NSIE process continues to function today, demonstrating that industry and government will share sensitive security information if they find value in doing so. NSIE’s web site, slated for launch in late 2006, is not yet operational.
54. Anthony Russo
Contract Project Manager, NASA Incident Response Center (NASIRC)
The NASIRC, located at Goddard Space Flight Center in Building 28, researches, coordinates, and responds to all reported NASA computer and network security incidents resulting from unauthorized probes, intrusions, and system compromises. In a typical week it is not unusual for NASIRC to receive over one thousand security incident reports of IT security activities involving NASA Field Centers. NASIRC's day to day operations are staffed by Allied Technology Group, Inc., which includes the following people: Anthony Russo, contract project manager; Tom Baxter, lead incident response coordinator; Michael Brice, incident response coordinator; Jacob Whiting, incident response coordinator; Patti Johnson, security analyst; Eric Scanlan, system administration UNIX/NT; Nathan Bagby, applications development; and Frank Husson, who serves as the Allied Technology group director.
55. Howard Schmidt
Former Vice Chair, Critical Infrastructure Protection Board, US Government
Schmidt has years of experience in the information security industry, including vice chair of the Critical Infrastructure Protection Board, receiving his appointment from President George W. Bush. Schmidt served as vice president and chief information security officer for eBay, Inc. and has also been chief security officer for Microsoft Corp., overseeing the Security Strategies Group. Prior to joining Microsoft, Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI), Computer Forensic Lab and Computer Crime and Information Warfare Division. The AFOSI mandate is to investigate intrusions in government and military systems by persons in counterintelligence organizations and criminals. Schmidt recently released a book called "Patrolling Cyberspace: Lessons Learned from a Lifetime in Data Security."
56. National Computer Security Center (NCSC)
The Department of Defense Computer Security Center was established in 1981 to encourage the widespread availability of trusted computer systems for use by facilities processing classified or other sensitive information. In August 1985 the name of the organization was changed to the National Computer Security Center (NCSC).
57. Collaborations in Internet Security (CIS )
In recognition of the need for heightened security awareness and security capabilities on the Internet, the Federal Networking Council's (FNC) Privacy & Security Working Group (PSWG) has been awarded a National Performance Review (NPR) Innovation Fund grant to compare and validate agency approaches to security, and to test the strength of these technologies beyond closed agency networking environments toward both a more global inter-agency and agency/commercial sector environment.
58. Federal Information Systems Security Educators' Association
The Federal Information Systems Security Educators' Association (FISSEA), founded in 1987, is an organization run by and for federal information systems security professionals. FISSEA assists federal agencies in meeting their computer security training responsibilities.
THE IT SECURITY TEAM
59. Ask the Experts
Last but not least, a special thanks to the ITSecurity.com experts - another A-List of 30 security pros who’ve never been stumped by a security question from our readers.
https://blog.sciencenet.cn/blog-43726-23302.html
