This year has been a tough one for security, to say the least. From the RSA security breach and the subsequent attacks on defense contractors Lockheed Martin, Northrop Grumman, and L-3 Communications, to the ongoing attacks by Anonymous and the certificate authority breaches, it’s been one downer after another for the industry.
But more negative news isn’t the focus here. Our focus is on the positive: An industry filled with a lot of dedicated, super-smart and creative people. Each fall, we choose outstanding information security professionals in seven vertical markets to receive our Security 7 Awards. After seven years, the honor roll of winners is filled with industry leaders and luminaries, including Gene Spafford, Dorothy Denning, Dave Dittrich, Mark Weatherford, Melissa Hathaway, and Chris Hoff.
This year’s winners represent a diverse mix of talent, including an educator, a congressman, and a trio of security pros who created a new venue for industry collaboration. The winners have individual focuses, whether it’s securing the payment ecosystem, expanding data security education to the masses or improving private-public information sharing, but they all share a common trait: tireless dedication to cybersecurity.
Beginning on page 20, you can hear about their projects, passions and ideas for meeting today’s security challenges. We’re pleased to add to our Security 7 honor roll: Steven Elefant, formerly of Heartland Payment Systems, Douglas Jacobson of Iowa State University, Rep. Jim Langevin (D-R.I.), Christopher Paidhrin of PeaceHealth Southwest Medical Center, Matthew Todd of Financial Engines, Brian Wishnousky of Rogers Communications, and Mike Dahn, Jack Daniel, and Chris Nickerson of Security B-Sides Conferences.
Four years ago, we began inviting our winners to write an essay on an information security topic they felt deeply about. This has proven to be a winning formula, producing one of my favorite issues each year. It’s a treat to hear from security leaders in their own words, and one we value highly. You should too.
This year marks the first time we’ve given a Security 7 to an elected official, a departure from the ranks of security professionals. Over the years, information security professionals have been frustrated with the spotty attention paid to cybersecurity in Washington D.C. Every so often, we hear a lot of bluster from federal officials about the need to improve cybersecurity, but see little action. Rep. Langevin, on the other hand, has proven his continued dedication over the years, with his work on the Congressional Cybersecurity Caucus (which he created in 2008 with Rep. Michael McCaul R-TX), holding multiple cybersecurity hearings as chairman of the Subcommittee on Emerging threats, Cybersecurity and Science and Technology, and introducing legislation such as the Homeland Security Network Defense and Accountability Act. Langevin has worked hard to keep information security on the national agenda and deserves industry recognition.
2011 also is the first time we’ve awarded Security 7 to a group effort. Two years ago, Mike Dahn, Jack Daniel, and Chris Nickerson created an alternative to mainstream security conferences with Security B-Sides. Since the first event in Las Vegas, B-Sides has grown spectacularly, with an astonishing 40 events worldwide. By providing a way for security professsionals to come together minus the vendor booths, B-Sides has fostered invaluable industry collaboration and innovation.
Other winners are tackling core enterprise security issues of security awareness, vulnerability management and crisis planning. Their essays are illuminating and instructive.
The energy, drive and creativity of our Security 7 winners are a shining example of what’s right in an industry that gets more than its fair share of negative attention.
Marcia Savage is editor of Information Security. Send comments on this column to firstname.lastname@example.org