These professionals have done everything from cryptography to founding an influential security conference.
Joshua Corman, chief technology officer, Sonatype
The most popular phrase to come out of the Spider-Man stories – “With great power, comes great responsibility” – hit close to home for Joshua Corman, CTO at Sonatype, who longed to be a superhero at a young age, but settled for being a protector in the IT security world. Corman believes that great power comes from protecting technology. Exposed to technologies at a young age by his father – whom he cites as an inspiration – Corman's interest grew into a successful career where he is considered a respected innovator. Prior to joining Sonatype he held prominent positions at Akamai Technologies, The 451 Group and IBM Internet Security Systems. In addition to his work at Sonatype, he's on the adjunct faculty for Carnegie Mellon's Heinz College, IANS Research and he is a fellow at the Ponemon Institute. Most recently, one of Corman's proudest achievements is co-founding I Am The Cavalry, a cyber safety advocacy group that focuses on issues where technologies may impact public safety, such as the automotive industry's increasing move to make cars more connected. “As a father and citizen of the world, I am doing my best to cause these conversations and innovations with the public, public policy and the affected industries to ensure that this dependence we place on technology remains worthy of that trust,” Corman says. “I founded I Am The Cavalry because as our statement says, ‘Our dependence on connected technology is growing faster than our ability to secure it.'”
Jack Daniel, strategist, Tenable Network Security
Considered one of the industry's leading voices, Tenable Network Security Strategist Jack Daniel is a figure widely known and respected. With more than two decades of experience in network and system administration and security, it's fair to say that Daniel has seen his fair share of security scenarios, but when he started out it was really about just getting the job done. “The fundamentally unsecure systems of the 1990s and my inexperience led to problems and mistakes which I could not afford to repeat,” Daniel says. “Once I began to focus on security issues I realized that I really enjoyed the challenges and began to focus on security as more than just a job.” That focus has spawned into a successful and prominent career that frequently has him speaking at conferences – such as Shmoocon, DefCon, DerbyCon and the RSA Conference – where security professionals are always eager to hear his take on pressing topics. In addition to being the co-host of Security Weekly and creating updates on his notable “Uncommon Sense Security” blog, he constantly works to maintain and expand the Security BSides community, an industry framework he co-founded that organizes and hosts security conferences around the world.
Mikko Hyppönen, chief research officer, F-Secure
Most young adults don't take too keenly to their parents' career advice. While many urge their kids to pursue traditional careers – such as lawyers, doctors and even politicians – Mikko Hyppönen's mother saw a future in telecommunications that she urged her son to pursue, far before the web came to fruition. Hypponen took the advice and ran with it, carving a path that has led him to where he is today: chief research officer at Helsinki, Finland-based F-Secure and one of the top malware researchers on the planet. After a short stint as a radio DJ and forklift driver for an X-ray factory, he became the sixth employee at F-Secure, where he would grow to transition into the role responsible for the future threat research for the firm. With more than 25 years of experience in the industry, Hyppönen has battled massive malware outbreaks, as well as tracked down the authors of the first PC virus. He's accomplished well-regarded research in cyberwarfare and online espionage, and has penned articles on these topics for outlets like Wired and The New York Times. Considered one of the most influential professionals in the technology space, Hyppönen's accolades include being inducted into the Infosecurity Europe Hall of Fame, earning a Virus Bulletin Award for “Best Educator in the Anti-Malware Industry,” and being named one of the “50 Most Important People on the Web” by PC World.
Chris Wysopal, co-founder and CTO, Veracode
Perhaps one of the most respected thought leaders in information security, Chris Wysopal boasts a scroll of achievements in his 20+ years in the industry. Prior to co-founding Veracode in 2006 along with Christian Rioux – where he serves as CTO today – Wysopal kick-started his career by joining L0pht Heavy Industries, the hacker think tank that testified before a Senate committee in 1998 stating that they could shut down the internet in 30 minutes. During his time with L0pht he conducted some of the first vulnerability research on software. Once L0pht was acquired by @stake in 1999, Wysopal would become the company's vice president of research and development and be an integral part in inventing binary static analysis technology, which allowed for applications to be scanned for bugs without needing access to proprietary source code. His work with vulnerabilities while at @stake led to his involvement in developing industry guidelines for responsible vulnerability disclosure. He would later become a founder of the Organization for Internet Safety, whose foundation is built on the “Responsible Vulnerability Disclosure Process,” which he was instrumental in developing. Wysopal is a regular speaker at industry events, such as the RSA Conference and Black Hat, is a member of the Black Hat Conference Review Board, and is the co-author of L0phtCrack, a password auditing and recovery application used by thousands of government, military and corporate organizations around the world.
Amit Yoran, president, RSA
From the government to the private sector, Amit Yoran's career has thus far taken various courses within the industry. His military background exposed him to information security where he began to carve a path that led to his current post as the recently appointed president of RSA. Being a part of the early stages of the Department of Defense's CERT team, where he was a founding member, exposed Yoran to some of the first nation-state hacking cases, such as Moonlight Maze and Solar Sunrise. “I got to get in on the ground floor and be involved as the DoD was introduced to these new cyberadversaries,” Yoran says. Following his stint in the military, where he was an officer in the Air Force, Yoran became the vice president of worldwide managed security services at Symantec before becoming the director of the National Cyber Security Division and US-CERT at the Department of Homeland Security. In 2006, he founded NetWitness, which produced network security analytic tools (and was acquired by RSA in 2011). In October, Yoran was promoted to president of RSA. “Looking down the road, I'm excited to work on raising awareness across the industry of what key topics and issues we need to be addressing, not only within the security industry, but also across the larger IT community,” Yoran says.