The information security industry has always attracted unique personalities with eclectic skill sets. Information security is not simply about solving mathematical problems, focusing on bandwidth, maximizing storage capacity or answering other questions with objective certainties. Information security is art and science, technology and strategy, thoughtful design, quick reflexes, and matching wits with a skilled adversary. From software programming and finance to marketing and heavy doses of the Art of War, the typical information security skill sets are in fact atypical in the IT industry.
Ron Knode represented the prototypical information security professional of the future: He accomplished much in his career to advance the cause of the industry while relying upon a diverse skill set. Ron’s background as a military officer, scientist and professor allowed him to design sophisticated security systems, advocate for key structural changes in IT, and mentor many experts. Ron conducted himself with great energy and an even greater sense of humor.
Ron Knode 1946-2012
Served as a consulting Trust Architect for CSC’s cloud services, supporting the security and trust services operation
Adjust associate professor, Towson University
Member of the leadership team of the CSA and a co-chair of the CSA Governance, Risk, and Compliance (GRC) stack initiative. Author of the CSA’s Cloud Trust Protocol (CTP), and head of the CTP initiative.
In Ron’s memory, the Cloud Security Alliance instituted the annual Ron Knode Service Award, recognizing excellence in volunteerism for three honorees from the Americas, Asia-Pacific and EMEA.
A graduate of the U.S. Naval Academy, Ron developed security systems for the U.S. Department of Defense and the intelligence agencies, many of which are still in use today. Ron variously held roles as a chief scientist and systems architect before capping his career as consulting director for security and trust architectures and service for Computer Sciences Corporation (CSC). Ron was most passionate about his role as an educator as an associate professor at Towson University.
Ron’s impact upon the Cloud Security Alliance was significant. While at CSC, Ron invented a technical specification called Cloud Trust Protocol (CTP) for cloud transparency. CTP is a specification to automate the capability to query any type of cloud provider in order to understand the provider’s ability to meet customer requirements, including but not limited to security, governance, risk and compliance. The requirements to be evaluated are based on a concept of elements of transparency.
CSA discovered Ron and his CTP project and prevailed upon him and his employer to let CSA take over the development of CTP and incorporate it into the CSA Governance, Risk and Compliance (GRC) Stack. Ron joined CSA as part of the GRC leadership team and took an active role in the development of our research roadmap and GRC training. Ron’s fervent evangelism around the necessity of transparency on the part of providers was ahead of its time and quite influential in CSA’s strategy around GRC, including the development of the CSA Security, Trust and Assurance Registry (STAR). CSA volunteers will be working over the course of the next two years to fulfill Ron’s vision of robust security requirements, continuous monitoring and accountability on the part of cloud providers via transparency.
Beyond Ron’s tremendous technical prowess and business savvy, he was one of the most genuine and likeable people in our industry. Quick with a joke, caring about his co-workers, and dedicated to his family, Ron Knode was a one-of-a-kind security warrior who influenced many and left the world a better place.
Jim Reavis is co-founder and executive director of the Cloud Security Alliance.
Information Security's 2012 Security 7 winners:
- Cloud Content Security: Understanding SaaS data protection –SearchSecurity.com
- Six Email Security Best Practices for Email SaaS –SearchSecurity.com
- Sound application development rests with secure APIs in the cloud –SearchCloudApplications
- Legacy Application Migration to the Cloud and Security –SearchSecurity.com