Meet the InfluencersA Look at the People with the Power to Make a Difference
You've seen the stories. You've likely even seen the ads. Now let me tell you a bit about them - the Influencers.
They're thought-leaders. Movers and shakers. VIPs and MVPs within their industry sectors. And their actions weigh heavily on how information security is practiced, taught and tested. These are the Influencers, a select group of individuals chosen and honored by Information Security Media Group for their InfoSec contributions.
This is a critical year for information security leaders. The threats are daunting, the technology solutions are powerful, and there's a huge responsibility to step up and model the behavior that engenders trust and builds partnerships.
There are several sets of Influencers. BankInfoSecurity has its set, while GovInfoSecurity and HealthcareInfoSecurity have their own, and you'll even find an inaugural list now on CareersInfoSecurity. The Influencers program started about five years ago, when my colleague Eric Chabrow first crafted a government-centric list. The program has grown since then, and in 2014 we're honoring more Influencers than ever before.
How are they chosen? We start with our editorial advisers - each site has a distinguished panel of its own - seeking their opinions on prospective nominees. Sometimes their suggestions are obvious. Other times they're from out of left field, but perfect. Ultimately, the final selections are made by ISMG's editors and managers - a group with decades of combined experience in this field.
More important, who are the Influencers? They are CISOs, elected leaders, instructors, researchers and security solutions vendors, among others. They come from all walks of the industry. And while I could tell you about them all day, let me introduce you to a few Influencers now.
Meet Thomas Curry, Comptroller of the Currency
As head of the Office of the Comptroller of the Currency, one of the largest banking regulators in the U.S., of course Curry is an Influencer, right? That's the nature of the job.
But under Curry's leadership, the OCC has stood out among the regulatory bodies. Back in December 2012, the OCC was the first regulatory body to issue a warning about fraud related to the wave of DDoS attacks on U.S. Banks. And last September, Curry put the national spotlight on growing third-party cybersecurity risks. In a speech, he called attention to "increased risk due to our banking system's significant reliance on technology and telecommunications, and the interconnections between these systems." And he pointed out: "Each new relationship and connection provides potential access points to all of the connected networks and introduces different weaknesses into the system."
As we weather the current storm of retail breaches, and as merchants, banks and other stakeholders discuss the future of secure payments and fraud prevention, I expect Curry to continue to be an Influencer.
Meet Jennings Aske, ex-CISO, PartnersHealthcare
After one of Partners' hospitals suffered a breach that resulted in a $1 million federal penalty, Aske played a key role in building a new culture of privacy. His efforts included phishing his own employees to ensure they're not falling for schemes, as well as the rollout of a monitoring system to clamp down on employee record snooping. The Partners breach might have been a warning to other organizations, but Aske's efforts helped provide a good role model, too. He has since moved on to a new role, as CISO of Nuance Communications, where I expect he'll continue to set a fine example.
Meet Adam Sedgewick of NIST
If you've not heard of Sedgewick, you will soon. Very soon. As senior information technology policy adviser with the National Institute of Standards and Technology, Sedgewick is the government official shepherding the Obama administration's new cybersecurity framework - a set of voluntary best practices aimed at securing the nation's critical IT infrastructure. Upon the framework's release within the next few weeks, Sedgewick will be responsible for getting critical infrastructure operators to adopt the framework, a key goal in securing the infrastructure upon which Americans depend. If that's not a position of influence, what is?
Meet Eugene Spafford of Purdue University
Spaf, as he's widely known, isn't just a professor of computer science at Purdue University. He's also a bonafide hall-of-famer, selected in 2013 to the National Cyber Security Hall of Fame. Spaf was honored as "one of the most recognized leaders in the field of computing," and I've had the pleasure of speaking to him many times about information security and education. One of his passions - and it's more appropriate now than ever - is raising the bar on ethics. "If we're really going to develop as a profession, we have to have behavior that's generally agreed upon that allows society at large to place a certain kind of trust in us. ..."
Couldn't have said it better. This is a critical year for information security leaders. The threats are daunting, the technology solutions are powerful, and there's a huge responsibility among security pros to step up and model the behavior that engenders trust and builds partnerships. Those who succeed and rise to the top ... well, they'll be candidates for 2015's Influencers.
Check out the Influencers lists, please. Tell me in the comments section below who's missing and whom you'd like to see honored next year.