Schneier on Security
A blog covering security and security technology.
« Jim Harper Responds to My Comments on Fingerprinting Foreigners at the Border |
| Friday Squid Blogging: Petrified Squid »
December 12, 2008
Influential Security Professionals
I have been named as one of the 25 most influential people in the security industry.
Posted on December 12, 2008 at 12:22 PM
• 45 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
What do you think of the (work of the) other people on the list? I ask because I don't know those people and I saw "terrorist" and "terrorism" about ten times on that web page.
Coming from someone who commonly disagrees with Bruce, his insight and critical analysis are valuable and this is a much deserved recognition.
I can see why Bruce is on the list. I can't see why most of the others are.
Duh! You should be number ONE on the list! Anyone who has read your books/blogs/attended your speaches would know and agree with that.
Anyone know how "Senior Manager Assets Protection, The Cheesecake Factory Inc." made it??? Seriously.
Mr. Schneier, congratulations for your nomination.
Actually I'd like to point out something: 19 of the 20 professionals elected the most influential professionals are americans. 100% belong to North America. What about the great work made by many others all around the world? I don't want to talk about a specific name, but I am sure there are many, many others that deserve to be part of this list.
Who is benefiting from whose brand here?
I admit I was hoping that Jennifer Stoddart, the Privacy Commissioner of Canada, would make the list. Maybe next year.
Applied cryptography certainly is certainly changing the way I think about security and is a big influence on me these days; as far as I'm concerned your blurb was right on the money. Congratulations!
#2 on that list - Norman Bates sure has come a long way since his days managing the Bates Motel. He's looking well, too.
@Thom: keep in mind that this is "the 25 most influential", not "the 25 most important". Unless you work in the field yourself, I wouldn't be so quick to dismiss that these people ARE influential.
Congratulations on the recognition, Bruce. But am I the only one who thinks your photo looks like Frank Zappa's younger brother?
Congrats. I hadn't heard of most (if not all) of the others on the list, so you're behind security through obscurity... until now...
Never heard of any of the other people on the list. Therefore, these influential people have no influence on me.
I simply cannot believe some of the names I'm seeing on here. What is this, an advertiser list? Or self selection?
#1: Oracle physical security. What an oxymoron. Further deponent sayeth not.
#7: Murdered on 5 April 1986.
#18: Your spices are safe.
#24: Truliant Federal Credit Union. How did this tiny credit union contribute more than the major players at the various commercial banks and much larger credit unions nationwide?
Adding insult to injury is Fannie Mae #25. "Enterprise risk management" indeed!
I see some important names here; certainly Bruce is one of them. But I see names on here who blatantly fail the laugh test.
No chance now of you getting through TSA checks without being introduced to the rubber gloves! :)
As a physical security nerd I recognize five other than Bruce (not including Jeanne Clery). None are as interesting, eloquent, or as inclined to upend the boat as Bruce.
I think Bruce is on the list in an attempt to lend credibility to what would otherwise be just a list if corporate management schmucks.
Googling around, it seems like the guy at the credit union implemented a home-brew inter-branch DVR system specifically tailored to financial security requirements because no such system was available in the market. Last year he forked his own company to build and sell similar systems to other companies in the financial sector.
Hard to say if they are selling well, but if he has decent sales, I'd say that would be big step up from the guard in the lobby and simple time-lapse cameras on a 24-hour tape loop. Don't be so quick to diss the little guy, big corps may have enormous resources but they also have enormous waste and innovation-killing stagnation.
From the Article:
#19: Bruce Schneier, Influential Security Technologist
Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru." He is the author of eight books – including the best sellers Beyond Fear: Thinking Sensibly about Security in an Uncertain World; Secrets and Lies; and Applied Cryptography – as well as hundreds of articles and essays in national and international publications, and many more academic papers. His influential newsletter Crypto-Gram, and his blog Schneier on Security, are read by over 250,000 people. “I consider myself a synthesist and a communicator. My biggest accomplishments involve understanding complex ideas and explaining them simply, as well as finding connections and patterns and commonalities among diverse ideas. I write, I speak, I write more. The single thing that fans say to me that makes me the most proud of my work is: ‘You’ve changed the way I think.’ That's what I want to do: change the way people think about security.
“Throughout this all, I have attempted to explain security simply, through words and metaphors and concepts. James Madison once famously said: ‘If men were angels, no government would be necessary.’ Similarly, if all men were honest, no security would be necessary. Most people are honest – otherwise society would collapse – but there will always be dishonest minority. Security is a tax on the honest majority, and I feel my job is to explain how that tax works, and how effective different ways to spend it are.”
Keep in my mind that most of that list is for people that are *in* the security industry. Bruce has a fairly special position in that he directs a lot of what he writes at the general public (i.e. people that *aren't* in the security industry).
I see it as similar to the situation in the sciences where the scientists that try to translate the research into everyday language for the general public often aren't the same people that are actually at the forefront of the actual research activities - instead, they're acting as synthesists and communicators, distilling complex ideas down into something that can be explained to a wider audience.
When that happens, opinions on "most influential" or "most prominent" will depend on whether the person being asked is familiar with the original research or just the popularised distillations.
"Adding insult to injury is Fannie Mae #25. "Enterprise risk management" indeed! "
Well, the list doesn't claim it's about positive influence.
Congrats! Not for the nomination, but the real position you have in the Security Industry. The nomintation just reflect the facts.
Well, I fear that like most, I recognized few names on the list apart from Bruce's. Some of the positions are likely influential (Oracle security chief), but the rest -- yes, a little surprising. Certainly a different part of the industry from the bits I work with.
I have no freakin' clue who most of these poeple are, and I'm in the security industry.
I'm in the security industry too and I don't know who most of those people are either. Of course Security Magazine has the hard-hitting journalistic reputation of your average in-flight magazine...
Surely you know William Webster, former director of both the FBI and the CIA (not at the same time, of course)? I'll grant you that I haven't heard of most of these folks, but that was one other name I did recognize.
I don't care what lists you are on good or bad please keep doing exactly what you have been doing.
I'm a Washingtonian, and I notice Rob McKenna is on there (#16). Surprised me... I remember voting for him, but I didn't know that he was as influential in security as the likes of Bruce Schneier!
"....most influential people in the security industry"
...in the US...
Some of the list are influential outside the US, and Bruce certainly is, but realistically - there is a whole lot of the world that isn't the US, so from my 14+ years in this industry I can think of a whole lot of people way more influential.
FTA: #11: Park Dietz, M.D., M.P.H., Ph.D.
The next time I'm called for jury duty, I'll be sure to remember this name. From CNN.com:
A consultant for the television drama "Law and Order," Dietz also testified that, in the weeks before Yates killed her children, an episode had aired in which a mother drowned her children in a bathtub and was later found not guilty by reason of insanity.
In its closing argument, the prosecution seized upon the testimony and suggested that Yates, who was known to watch "Law and Order," caught the episode and replicated the events as a "way out."
After Yates was convicted, her lawyers discovered that no such episode existed, and appealed to the state's highest court.
Justices on the Texas State Court of Appeals sided with the argument that Dietz's testimony constituted a grave bias that wrongly influenced the jury's verdict, and ordered a new trial.
"Andrea Yates gets a second chance - Jun 23, 2006"
Well done Bruce. Have a good Christmas.
And with regards to Park Dietz, you should watch his interview with Richard "The Iceman" Kuklinski on Youtube.
While what you say is generally true, Bruce is one the worlds foremost cryptologists, along with being the most well known.
Bruce - congrats! But where's Ross Anderson??
Perhaps the most influencial name of all world wide is not on this list.
He was both a security and political visonary.
His best work was done some 60 years before his vison became a world wide reality.
He is so influential his words are on the lips of billions almost every day and his influence has inspired films, and modern entertainment.
I offer up for nomination George Orwell.
Congrats, like others here I don't know any others, except for Winn and Bratton.
I think a lot of these magazines try to home-grow security celebrities (Cheesecake Factory guy for example) in an effort to trump up the events they throw. Expect some of these no-namers to be on magazine-sponsored speaking engagements with their bios claiming "Honored among innovative leaders such as Bruce Schneier and Bill Bratton as a top security visionary..."
It's almost like the "security glitterati" is a separate career path outside of security. Meanwhile the ones who actually contribute to the field, like Ross Anderson, Bill Cheswick, and Matt Bishop go unnoticed.
Ribono shel olam, who are these rich old white guys? I've been working in security for 12 years and the only one I know is Bruce.
Where's Diffie? Where's Shamir?
Good point, scientists and others who distill complex topics in lay terms to a general audience are often perceived by the laity as the "influencers" and not the "communicators."
The problem is this is a trade magazine that does not appeal to the general public. This is really akin to having the ACM name "The Mac Guy" as one of the most influential computer scientists while leaving Don Knuth and Alan Turing off the list.
While Bruce is a good choice, the list isn't very credible.
Bruce Schneier is surely all 25 of the 25 most influential security professionals.
Except for Bruce, none of them really deserve to be on top-25 list (IMHO)
Washington must be a very peculiar state. In Michigan, only the legislature and Governor can pass laws.
... Yes another one of the vast, vast majority of those in (information) security i.e. outside of that outback corner of the world called USofA: Only a handful are even known outside their country, let alone be influential. 99,99% of the ideas around the world re infosec are NOT from the listed. Shameless plug of cronies ..? (Hi Bruce, you're in there as well ..?)
Bruce instead of a "Movie Plot" competition, how about running a "hall of fame" where people can nominate a person (and say why).
Then you get an OpEd or two out of it being the "community saying for the community".
An excellent idea, and dare I suggest that there be some judging based on overall contribution to the field of security, such as new concepts, crypto protocols, and research contributions.
Nothing is more patronizing when the security media caters to the "lecture circuit" crowd, none of which have contributed anything to this field other than platitudes. I was at the SC Magazine show last week, and it was nauseating - "It's all about the business," "Measure first, then cut," "Your company isn't in business to do security, it's in business to make money," etc etc ad infinitum.
I agree with "Thom at December 12, 2008 1:11 PM". Yes, there are a few other "greats" on the list. Too much credit is given to the "suits"!! Corporate babble or position does not mean they know anything. If you support a large organization you know what I mean.
@csrster "Bruce Schneier is surely all 25 of the 25 most influential security professionals."
I can't wait to see some Bruce Schneier jokes, a la Chuck Norris.
"Bruce can break a [insert crypto here] by staring it down."
"TSA hired Bruce to consult for them for one day. Yesterday."
"Bruce can secure a network with a padlock, bubble gum and a frayed USB cable."
"Bruce was going to present a crypto paper in France, but they surrendered first."
"Oracle hired Bruce to do a security audit. They then paid him ten times as much to never, ever tell anyone about the results -- including them."
"Colombian drug lords choose Bruce for all of their security needs."
"Bruce: not just President of ThinkGeek.com, but also a client."
"Why can't Bruce's girlfriend use birth control? Because there is no such thing as protection from Bruce."
"Bruce once had over two million credit card numbers on his hard drive. By accident. You see, he'd had lunch in the VISA cafeteria that day . . ."
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.