While Black History Month honors those who've come before us, I wanted to take a moment to highlight some contemporary leaders in cybersecurity who are creating history today, and have personally inspired me.
Here are 14 remarkable founders, hackers, academics, executives, and investors in security you should know:
Window Snyder: Window's an old friend and older-school hacker (former VAX/VMS hacker who still owns dec.net :-) and now CISO at Fastly, the fast-growing CDN company. Her impact on our industry is hard to overestimate – with courage and uncompromising integrity, she's led Mozilla, Apple, and Microsoft to address security & privacy strategically and architecturally, defending users as much against nation-state attorneys as nation-state attackers.
Ejovi Nuwere: Ejovi was a fellow member of our w00w00 security crew who went on to have his autobiography Hacker Cracker published by Random House (ghostwritten by Ariel Sharon's biographer) when he was 21. Among his other adventures, Ejovi was censored by the Japanese government after his authorized audit of their national ID system, and became the first foreigner to sue the Japanese government for free speech. He now works for Deloitte in their DC-based cyber risk practice.
Corey Thomas: Corey is CEO of Rapid7, the leading vulnerability management company (founded by fellow OpenBSD hacker Chad Loder) which he successfully took public in 2015. Corey worked his way to the top honing his executive leadership and operating skills across every function at Rapid7 after managing products at Microsoft. I'm grateful for the insights and inspiration Corey's shared with me as a first-time CEO.
Dr. Paul Judge: Paul is the epitomy of the security academic turned serial entrepreneur / investor. A Georgia Tech Ph.D., Paul helped put Atlanta tech on the map leading CipherTrust and Purewire, and co-founding Pindrop Security and Luma. But beyond Paul's entrepreneurial prowess, I am inspired by his commitment to community. When I visited his Tech Square Labs near Georgia Tech's downtown campus last year, he was hosting an all-black hackathon called GoodieHack with 100+ people. Amazing.
Larry Whiteside: Larry is VP Healthcare & Critical Infrastructure at Optiv, and was previously CISO at Spectrum Health, Visiting Nurse Service of NY, and Marsh. A former US Air Force cybersecurity officer, Larry's been involved in just about every side of the industry, from advising security vendors to organizing chapters of the Cloud Security Alliance and Infragard. After our diversity in cybersecurity panel during RSAC, he told me he'd hosted 100 schoolkids to tour Bay Area security companies with his International Consortium of Minority Cybersecurity Professionals.
Stephen Ridley: Stephen is founder of Senrio, a Portland-based startup providing enterprise security for IoT, former CISO of Simple Finance, and Matasano alum. Along the way, Stephen got bitten by the hardware hacking bug, which led to int3.cc, a community venture to support the movement with open-source tooling, as well as Xipiter, purveyors of the finest tools and training for organizations like the NSA, Samsung, and HP. Check out his excellent Duo Tech Talk on The Insecurity of Things.
Marcus Carey: Marcus is a former Navy cryptologist turned security entrepreneur, and founder of vThreat, a cyber attack simulation startup. He was formerly the community manager for Metasploit at Rapid7, well-known in Baltimore/DC for starting DojoSec, and a bonafide security celebrity in Austin, where we last caught up speaking at security founder events and at Austin Startup Week supporting veterans in cybersecurity.
John Lee: John is the hacker formerly known as Corrupt, from the legendary Masters of Deception crew from NYC. John was indicted on federal wiretapping charges during their Great Hacker War with the Legion of Doom in the early 90's, and ended up on the cover of Wired, and immortalized in a book. Since then, he's been busy directing music videos, and with MOD founder Eli (acidphreak), plans on producing more media honoring hacker culture (see their nootropic Hacker's Brew coffee)!
Dr. Fabian Monrose: Fabian is a professor of computer science at the University of North Carolina at Chapel Hill, previously at Johns Hopkins University, and a member of technical staff at Bell Labs. I met Fabian after starting the USENIX Workshop on Offensive Technology, which was colocated at USENIX Security (among other conferences he's chaired). Fabian's contributions to the field broadly cover network security, traffic analysis, system security, user authentication, and privacy.
Chris Young: Chris is CEO of the reincarnated McAfee, formerly the security division of Intel. I first met Chris when he was on Rapid7's board, just before leaving VMware to join Cisco, where he led their visionary acquisition of Sourcefire (for nearly 3 Instagrams, as I tell Marty ;-) – the right leader to re-envision McAfee. Chris also ran products at RSA for 6 years, and was co-founder and COO of Cyveillance.
Tyson Clark: Tyson is a venture capital investor at Google Ventures, previously at Andreesen Horowitz, focused on enterprise SaaS, infrastructure, and security. He's a Goldman, McKinsey, and Morgan Stanley alum, and was also a US Navy nuclear propulsion submarine officer. His investments in security include Pindrop Security and Acalvio. Every time I see Tyson, he's introducing someone interesting to me.
Hugh Njemanze: Hugh is CEO of Anomali, and was previously CTO and co-founder of ArcSight. I've only met Hugh once, but we share Google Ventures as an investor, and I've known many of his ArcSight colleagues for some time. He and his former team are legendary – they were the only Silicon Valley company to go public during the Great Recession in 2008, and then went on to be acquired by HP for $1.5 billion in 2010.
Fredrick Lee: Fredrick has led security at some of the world's fastest growing companies, from Betfair to Twilio, to Netsuite and Square. His background as a developer, security researcher, and executive now leading security is the rare combination every SaaS company needs of appsec, corpsec, and secops – both through hypergrowth and at scale.
Kevin Greene: Kevin is a program manager in the cybersecurity division of the US Department of Homeland Security's Science & Technology directorate, focused on software assurance. He's led research and development, as well as evaluation of various binary, static, and dynamic analysis technologies, and has been working not only to advance secure software development best-practices, but also hold software assurance tools to account. See his recent Dark Reading article on Certifying Software.