![The Edge Logo The Edge Logo](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt530eb1f4e672eb44/653a71690e92cc040a3e9d6d/Dark_Reading_Logo_TheEdge_0.png?width=700&auto=webp&quality=80&disable=upscale)
Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
In Memoriam: Remembering Those Who Passed
Security stands on the shoulders of giants. We take a moment to remember their contributions toward keeping people, data, and systems safe.
January 6, 2023
![bouquet of yellow flowers tied to a park bench. bouquet of yellow flowers tied to a park bench.](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt858111920c133a87/64f1599c4aa0fc5695f57a12/flowers-Adrian-Turner-alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)
Source: Adrian Turner via Alamy Stock Photo
The beginning of a new year is an interesting moment, as we, like the ancient Roman god Janus, simultaneously look ahead to the future and contemplate the past. The industry is currently awash with predictions on what may happen and resolutions on what to change. Security practitioners are gearing up with new budgets and priorities as they steer their security programs to meet all challenges that come their way.
But it is also a time to review: Many lessons can be learned from the sheer volume of threats and significant breaches of the past year. Our reminiscences should not stop with technology or attacks, however, but should include all of the people who work tirelessly everyday to push the industry to be better.
This transition period is also a time to reflect on those members of the community no longer with us — those pioneers and leaders who made significant contributions to cybersecurity and whose impact continues to reverberate throughout the industry. Here at Dark Reading, we keep in mind the example set by Tim Wilson, our co-founder and former editor-in-chief, who passed away in 2021. Cybersecurity is foundational, as its advancements and innovations are built on prior work of those researchers, practitioners, and educators who believed deeply in protecting people by securing the systems, applications, and data that underpin our modern lives.
Dark Reading takes a moment to remember these individuals.
Vitali Kremez, chairman and CEO of AdvIntel, was a longtime security researcher devoted to ethical hacking, information sharing, and malware research. At AdvIntel, he led a threat intelligence team and guided technology development to support proactive cyber threat disruptions.
Before AdvIntel, Kremez held a range of top-tier positions around the industry, including head of SentinelLabs at SentinelOne and director of advanced research at Flashpoint. He delivered keynote presentations at NATO's 2018 summit and to the United Nations.
As a cybercrime investigative analyst for the New York County District Attorney's Office, Kremez partnered with federal and international law enforcement on a range of cases. He was involved with prosecuting high-profile intrusions at American Express, Goldman Sachs, Saks Fifth Avenue, and StubHub.
"This is an incredibly heart-breaking loss for the world," tweeted Danny Aga, vice president at managed security provider Solis Security. "VK was a superhero and will be missed by many."
Paul Brager, Jr., director of the global OT security program at energy technology company Baker Hughes, was a recognized expert in operational technology security. The longtime security executive had extensive experience in the oil and gas, manufacturing, chemical, and telecommunications sectors and specialized in industrial control system (ICS) security and IT/OT convergence.
"I started working in environments where we were getting requests to connect these assets that were traditionally not designed to be connected to the Internet," Brager said back in 2021. "We had to come up with creative ways to do that while protecting assets that were incapable of protecting themselves."
He was deeply involved in the industry, speaking at Interop and on the Dark Reading News Desk at Black Hat USA, as well as leading mentoring and advocacy initiatives for people of color and for women in cybersecurity.
"When you're trying to mentor someone like that, you're talking to them about the skillset they have to have and all those other things," Brager said during a Dark Reading interview. "But coming at it from a black male perspective, you know, it's like, 'OK, boy, I need to sit you down, right. Because I need to tell you what this is going to feel like for you.'"
Dr. Richard "Drew" Dean held multiple roles at Stanford Research Institute (SRI) over the years, the latest being principal scientist. While at SRI, he assisted the team analyzing the Conficker worm and managed three different programs — PROCEED (on homomorphic encryption), SAFER (safe and resilient Internet), and CSFV (crowdsourced game-playing surreptitously aiding formal verification). He is also known for his work on Java security and the Secure Digital Music Initiative (SDMI) Challenge.
Drew held research and program management positions at Yahoo and Defense Advanced Research Projects Agency (DARPA), and was a member of the research staff at Xerox Palo Alto Research Center (PARC).
Hassen Saidi, Dean's colleague at SRI, wrote about Dean, "When the history of crypto research is written, people will realize the impact of his DARPA years."
Darril Rayburn Gibson authored, co-authored, or contributed to more than 30 books in cybersecurity. He founded the Get Certified Get Ahead brand and authored several books for the CompTIA Security+ certification exam as well as for the CISSP and SSCP exams to help people get certified and get ahead in their jobs and careers.
"[Gibson] will be remembered by the people who changed their lives with his books, videos, etc.," CyberNow Labs' Hasan Eksi wrote on LinkedIn.
Peter Eckersley, founder of Let's Encrypt, was focused on encryption and online privacy. He also founded AI Objectives Institute to monitor the malicious use of artificial intelligence (AI) and machine learning (ML). A collaboration between technology companies, civil society, and academia, the AO Objectives Institute was established to ensure that AI is designed and used to benefit humanity.
Eckersley's Let's Encrypt was responsible for helping to shift the bulk of the Internet from insecure HTTP connections to using the more secure HTTPS. Today, 90% of total webpage visits are over HTTPS, according to estimates by the Electronic Frontier Foundation (EFF).
"The impact of Peter's work on encrypting the web cannot be understated," the EFF said. "Peter's vision, audacity, and commitment made the web, and the world, a better place."
At the EFF, Eckersley also worked on projects such as Panopticlick, HTTPS Everywhere, Switzerland, Certbot, Privacy Badger, and the SSL Observatory. In addition, he was a driving force behind EFF's Technology Projects Team.
Michael Murray, founder and CEO of startup Scope Security, was a pioneer in healthcare cybersecurity and a longtime community contributor. He wrote that he was "on a mission to fix healthcare security" on his LinkedIn profile. Murray launched Scope Security in 2019 to offer specialized cybersecurity expertise for the healthcare industry.
"Generalist security firms are focused solely on IT and lack a fundamental understanding of the healthcare ecosystem from medical devices and clinical systems to EHR to emerging digital health technology," he said in a statement about the company's Series A investment.
Murray joined GE Healthcare in 2014, at a time when medical equipment manufacturers and healthcare organizations were still in the early stages of understanding how cyber threats could imperil patients. Murray's role at GE Healthcare included hacking GE's medical devices and equipment to find vulnerabilities that could disrupt patient care. His other roles included CSO of mobile security firm Lookout, where he headed up research into APTs targeting mobile devices, and a managing partner of consulting firm MAD Security.
Alan Paller, founder of cybersecurity training organization SANS Institute, staunchly believed that the way to achieve better cybersecurity was by expanding opportunities for security professionals to learn and practice their technical skills.
Paller was very concerned about what he saw as gaps in cybersecurity education, both on the university and the K-12 level. Toward that end, he led the effort at SANS to launch CyberStart for all high school students. Getting hands-on experience was the key, Paller believed.
"It turns out that [hands-on-experience] is rare in American colleges. So we have, for the last 10 years, turned off these kinds of kids," Paller told Dark Reading back in 2020. "They love doing hands-on stuff and then get pushed into a lecture hall."
He co-chaired the Department of Homeland Security Advisory Committee's 2012 Task Force on Cyber Skills; led the FCC Communications Security, Reliability, and Interoperability Council's Task Force on Best Practices in Cybersecurity; and served as a member of the NASA Advisory Council. Paller also served as a member of President Bill Clinton's National Infrastructure Assurance Council; under President George W. Bush's administration he received a lifetime achievement award for his work in helping improve federal information technology.
"[Paller's] vision has changed the lives of hundreds of thousands of security practitioners," said Eric Bassel, CEO of SANS Institute. "His contribution to the industry was nothing short of monumental, and even in his last weeks he continued his lifelong drive to make the world secure and to build the next generation of security defenders."
Donn B. Parker was among the first to recognize, research, and document cybercrimes. A longtime consultant at the Stanford Research Institute, Parker published extensively on computer security and computing ethics.
"Donn's name may not be immediately familiar to current practitioners in the field. That's because Donn was working in the area before some of them were born," Eugene "Gene" Spafford wrote at the time of Parker's passing. Parker's first book, Crime by Computer, was published in 1976.
Parker created a model for describing cybersecurity properties (listed on Wikipedia as the Parkerian Hexad): Confidentiality, Possession or Control, Integrity, Authenticity, Availability, Utility. Parker was also the founder of the International Information Integrity Institute (I4), the first global organization of information security leaders.
Parker posted his "Rules of Security" in 2008:
Rule No. 2) Build your security assuming that the enemy knows as much about your security and what you are doing as you do.
Rule No. 3) Keep your security as confidential as you can except when there is an advantage for doing otherwise.
Rule No. 4) Always leave room for a Rule No. 1.
Parker was inducted into the Information Systems Security Association's Hall of Fame in 2000 and the SRI International Hall of Fame in 2002. In 2003, the International Information Systems Security Certification Consortium (ISC)2 presented him with the Harold F. Tipton Lifetime Achievement Award in "recognition of his sustained excellence throughout his Information Security career and his contributions to the industry and support of (ISC)2."
Spafford said Parker was jokingly referred to as "The Great Bald Eagle of Information Security."
Dan Kaminsky was an iconic ethical hacker, industry leader, and innovator. His work spanned network security, Web security, cryptography, and clickjacking defense. As the co-founder of Human Security (formerly WhiteOps), he tackled the challenge of online-ad fraud prevention.
He was passionate about securing the Domain Name System (DNS), giving talks at various security conferences about the ways DNS could be abused. In 2008, he discovered the massive DNS cache poisoning flaw that could be exploited to redirect victims to a malicious website without their knowing and coordinated an emergency patching effort among multiple vendors and service providers around the world.
"We're hackers: we're not afraid to get into how things work. Let's use that knowledge and fearlessness and make things work better," Kaminsky said back in 2015.
For years, he hosted the famous "Black Ops" series of talks at Black Hat USA in Las Vegas, where he shared his latest research and insights. Kaminsky was also the keynote speaker at r00tz Asylum, the kids' conference at DEF CON, in 2016. "Go ahead, break stuff," he said. "That's how I got where I am." He also urged the kids to "question everything."
Kaminsky was intensely curious about everything and was interested in everything, making him a very well-liked figure in the industry. A cybersecurity professional who considered Kaminsky a friend said recently, "I have a Dan-sized hole in my heart."
Dan Kaminsky was an iconic ethical hacker, industry leader, and innovator. His work spanned network security, Web security, cryptography, and clickjacking defense. As the co-founder of Human Security (formerly WhiteOps), he tackled the challenge of online-ad fraud prevention.
He was passionate about securing the Domain Name System (DNS), giving talks at various security conferences about the ways DNS could be abused. In 2008, he discovered the massive DNS cache poisoning flaw that could be exploited to redirect victims to a malicious website without their knowing and coordinated an emergency patching effort among multiple vendors and service providers around the world.
"We're hackers: we're not afraid to get into how things work. Let's use that knowledge and fearlessness and make things work better," Kaminsky said back in 2015.
For years, he hosted the famous "Black Ops" series of talks at Black Hat USA in Las Vegas, where he shared his latest research and insights. Kaminsky was also the keynote speaker at r00tz Asylum, the kids' conference at DEF CON, in 2016. "Go ahead, break stuff," he said. "That's how I got where I am." He also urged the kids to "question everything."
Kaminsky was intensely curious about everything and was interested in everything, making him a very well-liked figure in the industry. A cybersecurity professional who considered Kaminsky a friend said recently, "I have a Dan-sized hole in my heart."
The beginning of a new year is an interesting moment, as we, like the ancient Roman god Janus, simultaneously look ahead to the future and contemplate the past. The industry is currently awash with predictions on what may happen and resolutions on what to change. Security practitioners are gearing up with new budgets and priorities as they steer their security programs to meet all challenges that come their way.
But it is also a time to review: Many lessons can be learned from the sheer volume of threats and significant breaches of the past year. Our reminiscences should not stop with technology or attacks, however, but should include all of the people who work tirelessly everyday to push the industry to be better.
This transition period is also a time to reflect on those members of the community no longer with us — those pioneers and leaders who made significant contributions to cybersecurity and whose impact continues to reverberate throughout the industry. Here at Dark Reading, we keep in mind the example set by Tim Wilson, our co-founder and former editor-in-chief, who passed away in 2021. Cybersecurity is foundational, as its advancements and innovations are built on prior work of those researchers, practitioners, and educators who believed deeply in protecting people by securing the systems, applications, and data that underpin our modern lives.
Dark Reading takes a moment to remember these individuals.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024