As part of SC Media’s year-long celebration of our 30th anniversary, we wanted to honor cybersecurity leaders who have shaped the industry these last three decades, as well as call out contributions made by others who may just be beginning their journey and likely will have influence over the next 30 years. Of course, we also sought to highlight the various organzations that have played much needed roles in advancing this vibrant marketplace, to. As such, we decided to add an ancillary program to our annual SC Awards called the SC Media 30th Anniversary Awards to call out the companies, non-profits, executives, thought leaders and others who have helped the infosec industry continue to evolve and flourish.
With our call for nominations at the start of the year, SC Media saw countless professionals and organizations enter each of the nine categories. After the entry period was closed, SC Media’s editorial team and our SC Awards 2019 co-chairs Chris Painter of the Global Commission on the Stability of Cyberspace at The Hague and VJ Viswanathan of Keurig/Dr. Pepper proceeded to the judging phase. After decisions were rendered, we revealed the list of winners during our SC Awards Gala at the RSA Conference on March 5.
Since the event took place during the RSA Conference, a few of SC Media’s team leaders were able to hit the show floor to hand out some of the trophies in person to those winners who were at the show, while others had their trophies waiting for them at their offices. We congratulate all the winners and look forward to calling out still other industry players throughout the year in our continuing 30th Anniversary special coverage.
Executive Leaders of the Last 30 Years (Vendor)
- Jay Chaudhry, CEO, ZScaler — Hard work and the willingness to take a chance are the hallmarks of Jay’s 20 plus year career in cybersecurity. Beginning from very humble roots growing up in a rural village at the foot of the Himalayas, Jay Chaudhry took several major league gambles on his way to becoming a cybersecurity industry leader. First he left his home village of 800 people to pursue the American dream starting to pursue a master’s of science in electrical and computer engineering at the University of Cincinnati. Then he again tossed the dice with his family’s life savings to start his first company SecureIT in 1996 and followed that by founding several others, including Zscaler in 2008.
- George Kurtz, CEO & Co-Founder, CrowdStrike — Whether it is founding one of the world’s major cybersecurity firms or creating a foundation to encourage young people to enter the profession, George Kurtz left his mark on the information security industry. George founded CrowdStrike in 2011 and after building it into a $3 billion venture he helped start The CrowdStrike Foundation in 2017 to help further budding cybersecurity pros through scholarships.
- John Petrie, CEO Americas, NTT Security (Americas) — John Petrie, CEO Americas, NTT Security (Americas) — From the U.S. Marine Corps to his latest role at NTT, John has done and seen it all during his 26 years in the manufacturing, financial services, defense, technology, security, telecommunications, education and healthcare industries. John believes “Information Security is Everyone’s Responsibility” as the company’s front line of defense supported by using behavior analytics and threat intelligence along with implementing deception technology and combining it with endpoint protection and response on the backend to improve reaction time.
- Stu Sjouwerman, CEO, KnowBe4 — Some teachers work in a classroom, some work in the trenches teaching those on the front lines how to best defend themselves. Stu Sjouwerman is the latter. Having realized early on that the human element was of supreme importance when it came to protecting an organization he founded Knowbe4 in 2010 to teach social engineering tactics through new-school security awareness training. The company Stu founded directly reflects his own personality. It has been described as full of happy people, positivity and fun.
- Aaron Turner, CEO & Co-Founder, Hotshot Technologies, Inc. — Computers run on a multitude of “languages” so it should be no surprise a person with a knack for foreign languages would fit right in and succeed in the cybersecurity industry. And fit in is something Aaron Turner, CEO & Co-Founder, Hotshot Technologies, has done since he first dabbled in cybersecurity in 1994 when a server he put online at college was hacked kicking off his first battle against a hacker. Detouring from his studies of linguistics to focus on cybersecurity led Aaron to Microsoft in 1999 and then the U.S. government where he started one of the first dedicated cybersecurity research facilities for the Department of Energy.
Information Security Executives of the Last 30 Years (End-user companies)
- Tim Callahan, SVP, Global Security Officer, AFLAC — Getting the C-Suite on board with a company’s cybersecurity needs is the Holy Grail searched for by all infosec professionals. And Tim Callahan, SVP, Global Security Officer, AFLAC has taken great strides toward this goal by successfully positioning information security to senior leadership as a business imperative, not just another IT function. He has done this by constantly communicating what is taking place in his shop. Tim also has a broad voice in the cybersecurity community as chairman of the board of the National Technology Security Coalition where he works with public policy makers, members of congress, and agencies to protect the nation, public and private industries from malicious cyber activity.
- Gene Fredriksen, Chief Security Strategist, PSCU — When it comes to leveling the playing field against malicious actors Gene Fredriksen, Chief Security Strategist, PSCU, knows it takes more than protecting one entity. So Gene, in addition to his day job at PSCU and before that Tyco, he is the Founder/CEO of the National Credit Union Information Sharing & Analysis Organization (NCU-ISAO) and serves on the Board of Directors of the International Association of Certified ISAOs. Then there are the numerous other outreach efforts, including The R&D committee for the Financial Services Sector Steering Committee of DHS, Board of Advisors for the Howard University’s cybersecurity program and the Board of advisors for the St. Petersburg College Technology Management Degree program.
- Steve Katz, Owner, Security Risk Solutions, LLC — Being the head of information security at an international bank was not easy in 1984, if for no other reason the computers in use tended to be within major corporations or universities, personal computers were not networked and the internet did not exist in the manner it does today. However, Steve Katz, Owner, Security Risk Solutions, has held the title of “The World’s First CISO” since he was Head Information Security at JP Morgan from 1985-95. Steve’s accomplishment are almost too long to list, but one of his first is still as important today as it was when it was rolled out in the 1970s by his consulting group. The creation of a password module for Cobol and Fortran. Later Steve was instrumental in helping set up the first Information Sharing and Analysis Center (ISAC) in 1997 when he was part of a team created by President Clinton to look at the security of the critical infrastructures within the United States.
Most Critical Products/Services in the Last 30 Years
- RSA SecurID Access from RSA Security
- Nessus from Tenable
- NuDetect from NuData Security, a Mastercard Company
- SecurDPS Enterprise from comforte AG
- AlienVault USM Anywhere from AT&T Cybersecurity
Most Important Companies in the Last 30 Years
- Proofpoint, Inc.
- RSA Security
Most Important Cybersecurity Discoveries by a Company Research Team
- Cisco Talos Threat Research Team
- Kaspersky Lab’s Global Research & Analysis Team
Most Important Industry Organizations of the Last 30 Years
- The FAIR Institute
- Shared Assessments
Most Important Researchers of the Last 30 Years
- Cesar Cerrudo, CTO, IOActive — Sometimes it’s easy to have tunnel vision and only worry about the well-known or established cyberthreats, but often problems can be found on the cutting edge of technology. That is where Cesar Cerrudo, CTO, IOActive, spends his time. Cesar was among the first security researchers to investigate robots finding threats and vulnerabilities in their operating systems and software leaving them open to potentially harming those in the area. He has also looked for vulnerabilities in smart cities and founded Securing Smart Cities, a nonprofit initiative to make cities around the world safer. These projects don’t mean Cesar has taken his eyes off other threats. During his 20 years in the industry he has eliminate dozens of vulnerabilities in leading applications and found more than 50 vulnerabilities in Microsoft products.
- Allison Nixon, Director of Research, Flashpoint — The Mirai botnet DDoS attack that struck in October 2016 is no longer in the headlines, but those who were at the forefront of deciphering what was happening are still there behind the scenes helping defend us all. Chief among them is Allison Nixon, Director of Research, Flashpoint — Allison Nixon who would work tirelessly as she undertook leading her team of researchers in responding to the attack along with security researchers from Akamai, Cloudflare and others. And they are all still on the job. Allison has also helped lead the way in dealing with other malicious activities like combating threats such as swatting, booters, and the malicious communities and individuals that surround them.
- Ruben Santamarta, Principal Security Consultant, IOActive — There are vulnerabilities that if exploited might cause a minor problem for a few people, then there are those that could threaten millions. These are the flaws Ruben Santamarta, Principal Security Consultant, IOActive, has spent a great deal of time tracking down. Ruben’s breaking research on satellite communications systems (SATCOM), industrial controls systems (ICS), supervisory control and data acquisition (SCADA) vulnerabilities and nuclear power plants, resulting in finding multiple issues in radiation monitoring devices. During his 20-plus year career he has discovered 50 CVEs.
Visionaries of the Last 30 Years
- Catherine Allen, Chairman & CEO, Shared Assessments — Cybrerattacks through third-party vendors are now an almost daily occurrence so the need to properly vet any company before bringing it into an organization is of paramount importance. Today, that is what Catherine Allen, Chairman & CEO, Shared Assessments is all about, making sure companies have all the tools in hand to properly take the cybersecurity-measure of a potential third-party vendor before signing a contract. But this aspect of her now 30-year career just scratches the surface of how Catherine spends her time. She also chairs the Santa Fe Group, consulting company providing risk management guidance to C-level executives and boards of directors at financial institutions and other critical infrastructure companies and was as appointed to President Obama’s Economic Development and Small Business Committees.
- Sam Curry, CSO, Cybereason — The are professional athletes who are synonymous with one team, while others are known for being a star with many teams. Sam Curry, CSO, Cybereason falls into the latter category. Sam’s resume features a Who’s Who of big time corporate names where he has gone to work each day trying to keep the world safe from malicious actors. Some of the names include Network Associates, McAfee, Computer Associates, RSA, MicroStraty and many others and now his locker is at Cybereason. In addition to his duties here, Sam is on several board, including being a founding board member for Coalition for Cybersecurity Policy and Law, Sequitur Labs and SSH Communications Security.
- Renaud Deraison, Co-Founder & CTO, Tenable — Some cybersecurity stars start young. Renaud Deraison, Co-Founder & CTO, Tenable, dipped his toes into the security pond in a big way at just 17 years old in 1998 when he authored the Nessus vulnerability scanner to create a security tool that was easy to use. Twenty-one years later, Nessus is one of the most widely deployed security technologies in the world and has stood the test of time and remains a core component of security teams’ arsenals. Renaud co-founded Tenable in 2002, but his efforts go far beyond his company. He is a member of the editorial board for the Common Vulnerabilities and Exposures Organization and recently, Renaud spoke at the Cyber Future Dialogue Conference in Davos about how cyber issues have a profound impact on the nature of trade today.
- Dr. Tom Leighton, CEO & Co-Founder, Akamai Technologies — When Dr. Tom Leighton, CEO and co-Founder, Akamai Technologies, first started on his journey in the early 1990s the internet was a far different animal from what is available today. He was there at MIT when he and Tim Berners-Lee watched the nascent World Wide Web start to become overwhelmed. So Tom’s ideas for content distribution and cloud industries helped set the table for what we have today. Tom holds more than 50 patents and was enshrined in the National Inventors Hall of Fame in 2017. He has served on the President’s American Technology Council, and from 2003 to 2005, he served on the President’s Information Technology Advisory Committee and chaired its Subcommittee on Cybersecurity. He is also a member the National Academy of Sciences, the National Academy of Engineering, and the American Academy of Arts and Sciences.
- Dug Song, Co-Founder & CEO, Duo Security — Making excellent cybersecurity available to all is a lofty goal and one Dug Song, Co-Founder & CEO, Duo Security, was what he had in mind when he founded Duo Security in 2010. Calling the approach “democratize security” Dug believes cybersecurity doesn’t have to be intimidating, complicated or difficult. But it does have to be accessible to all. Song kicked off some interesting businesses in his Ann Arbor, Mich. neighborhood, including Tech Brewery. This is less about beer then being a start-up incubator, although it is housed in an old brewery. Dug is also behind A2Geeks, a non-profit that supports tech and entrepreneurship, in the Ann Arbor metropolitan region.