In the run-up to Black Hat, Defcon, and BsidesLV, we thought it pertinent to highlight some of the best and brightest infosec pros in the business – some of whom are long-standing veterans who deserve more attention, and some are emerging influencers we should all be paying attention to.
We privately surveyed a broad spectrum of thought leaders in the field of security and risk management and asked them to recommend candidates in three general areas – Defenders, Educators, and Hackers – and will present the findings in this and two subsequent articles.
The following were identified as being leading Defenders in the field of infosec – those who tirelessly work day in and day out to protect networks and the sensitive data they contain in both the private and public sectors.
Please note that this is not an attempt at ranking these individuals, as the finalists are simply presented here in alphabetical order, and we realize the list is far from being all-inclusive.
With the caveats aside, let’s give kudos to the Defenders!
Jitender Arora, Global Programme Manager at Deutsche Bank
Arora is recognized as one of the leading defenders in the field of infosec because of his depth of maturity and experience that covers both the technical and pragmatic sides of security, coupled with a great enthusiasm and ability to express concepts well, which makes him an effective translator between business and those within security.
Ken Bailey, Deputy Director of CyberSecurity (Federal Agency, undisclosed)
Bailey is acknowledged to be one of the hardest working and innovative security professionals in the government sphere with experience as a security engineer for both Exodus and General Dynamics, a Senior Security Consultant for Booz Allen Hamilton, and as a former Congressional Research Service professional. Given the sensitive nature of his work for the Federal Government, we can’t too much about what Bailey does, but he certainly does it well according to his admirers.
Dominick Birolin, Sr. Network Engineer and Cyber Security at Essential Power, LLC
Birolin has been described as a “one-man band,” simultaneously holding together IT, telecom and ICS environments while handling both day-to-day security efforts and regulatory compliance requirements. It has been said that many key electric power generation elements in the N.E. region of the U.S are”always on” simply because he is “always on.”
Vince Crisler, Senior Vice President at ZRA and President at Washington OSINT Roundtable, Inc.
(LinkedIn) (Personal Website)
Crisler is former USAF officer who has served in two leadership roles at the White House’s Office of Administration as the Director of Customer Advocacy and the Director of Information Assurance. In the latter role, Crisler led a significant modernization program overhauling IT Security to include a major set of enhancements enabling the 24x7x365 Security Operations Center for the Executive Office of the President. Crisler’s efforts also included significant work with the Department of Homeland Security, the National Security Council, the Homeland Security Counsel, the National Security Agency and the Defense Information Systems Agency.
James DeLuccia IV , Senior security Advisor at Ernst and Young
DeLuccia has his work as an infosec professional cut out for him, leading his company’s efforts to secure their global payment card industry services as well as their and ISO 27001 Americas division. DeLuccia is an avid speaker and writer on risk and operational strategies, and manages “global knowledge” for the firm’s more than 1000 security practitioners, earning him the reputation as a true thought leader in the field.
Brian Engle, Chief Information Security Officer at State of Texas
With over twenty years of experience in IT and security across multiple industry verticals including retail, financial, telecom, healthcare, government, and manufacturing, Engle is said to be one of the hardest working defenders today, regularly demonstrating agility in an ever-changing threat landscape and an ability to span the void between attitudes regarding risk abatement and the actions needed to foster real security.
J. Wolfgang Goerlich, Information Systems and Security Manager at Munder Capital Management
Goerlich is described as a superb leader who mixes his deep interest and knowledge of technology and security with his management experience and business understanding, as evidenced by his 2012 InfoWorld Technology Leadership and his 2008 IDG Best Practices in Infrastructure Management awards. Goerlic is also a well known podcaster, avid Twitterer, and a co-organizer for events like the BSidesDetroit.
Mary Jane Kelly, Computer Security Consultant at Casaba Security
Kelly has extensive experience in security data analytics and anti-fraud strategies for online gaming interests, and she brings her diverse background in programming, strategy consulting and applied statistics to the security field. Kelly helps to advance the role of women in the security field and technology in general as founder of the Seattle chapter of Girls In Tech, as well as having organized the 2007 Northwest Security Symposium, and continues to donate her time and expertise to educational security events such as the local security meet-ups like UW Agora. Kelly is definitely one to keep your eye on.
Thom Langford , Director, Global Security Office at Sapient
Langford has been in the security biz for quite soem time now, but his many advocates believe he still doesn’t get the recognition he deserves for being an extremely articulate and seasoned professional heading the security for a large corporation. He is also known for his blog, which was named Best Personal Blog in the EU Security Bloggers Awards earlier this year, his talks at RSAC Europe and his RANT Forums. Of Langford’s many strengths, noteworthy is his ability to effectively collaborate on projects with multiple stakeholders within his organization, key to any successful security program.
Neil Matatall, Security Automation Engineer at Twitter
Matatall’s position at Twitter obviously means he is no slouch, as being one of the biggest social networking platforms, the company is often the target of unwarranted activities. Matatall was formerly the Orange County Chapter Leader for OWASP, a Technical Consultant at FishNet Security, and an Information Security Engineer at AT&T Interactive. At Twitter he focuses on security automation, integrating static and dynamic tools to ensure a continuous delivery environment. Being that Twitter has become a primary communication’s tool for infosec pros, we should all applaud Matatall for his efforts.
Allison Miller, Senior Director, Operations (Digital Platform) at Electronic Arts
Miller is renowned in the security world for her groundbreaking work in applied risk analysis and data protection, having lent her skills to such mega-companies as Visa International, PayPal, and Tagged, She now resides at Electronic Arts, where she designs efficient, sustainable, and intelligent systems that work to improve security while cutting costs. Her MBA provides her with a strong background in understanding what is most important to the business, and is understandably of great value in her work is strategy/policy development for payment processing infrastructures. Miller is also an accomplished speaker and Director of Research for the Society of Information Risk Analysts, of which she is a member of the Board of Directors.
Tiffany Strauchs Rad, GReAT Team (Global Research & Analysis Team) at Kaspersky Lab
Rad is another leading female in the field of security, with a background in the practice of law and and formerly a cyber security engineer for Battelle Institute at the Center for Advanced Vehicle Engineering (CAVE). Aside from her work as a researcher at Kaspersky, Rad also teaches a computer security, law and ethics class in the computer science department as an adjunct professor at the University of Southern Maine. If that’s not enought to get her on this list, note also that she speaks at numerous security events and has done groundbreaking research on SCADA & PLC Vulnerabilities in Correctional Facilities.
Robb Reck, Director of Risk Management at Harland Financial Solutions
Reck has over 14 years of experience in IT security, systems and networking, working with both enterprises and small businesses, and is skilled in implementing risk-based security systems that support overall business objectives by reducing risks to an acceptable level while controlling costs. That’s connecting security to the business. And Reck also has demonstrated a unique ability to translate these efforts for the business class in simple to understand terms, a skill more infosec pros need to work on, and surely a sign that Reck will attain the rank of CISO at a major enterprise before too long.
Joseph Sokoly, Vulnerability Engineer at MAD Security
Sokoly personifies the emerging security thought leader: He writes on compelling subject matter, and offers valuable mindshare to the rest of us in the field; he speaks not just a major vendor-driven events, but also at the more important community-based gatherings like Security BSides; and, he utilizes social networking – particularly Twitter – to spur and foster conversations on subjects of the day. If you are an aspiring young infosec pro who wants to make a name for yourself in the industry, Sokoly would be a good role model to emulate.
James Wickett, Senior DevOps Engineer at Mentor Graphics
Wickett is said to be a highly motivated and talented player in the security field, with experience in the cloud, scripting, operations, networking, and just about everything else – including having been the Chapter Leader for OWASP in Austin, Texas. Most notably, Wickett is a major player in pioneering the DevOps movement, and received accolades for making AppSecUSA a huge success last year. Those who have worked with Wickett say he is a team player with a passion for both security and the people who make it happen.
We know there are many, many more out there – so who would you suggest? Make your recommendations in a comment below, or shoot me an email at afreed at tripwire dot com and we can include them in a subsequent article. Cheers all!
Follow the Top Defenders list on Twitter HERE.
Editor’s Note: Next week we present the Educators. A special thanks to the many infosec pros – and you know who you are – who helped us identify these fine defenders and put this list together – we appreciate your time, input, and above all else your candor. Additional data gleaned from publicly available LinkedIn profiles.
- Infosec Gurus on Positioning Security as a Business Enabler
- Top 25 Influencers in Security You Should Be Following
- 25 Infosec Gurus Admit to their Mistakes…and What They Learned from Them
- Debunking 15 of the Biggest Information Security Myths
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock