When security hits the headlines, it’s not usually for positive reasons. Whether it’s the latest data breach, or privacy scandal, you’re left feeling that nothing is going right. It doesn’t help that large business and governments around the world are continually undermining your security and privacy. However, behind all the headlines are security experts, researchers, and hobbyists working hard to make the world a safer place.
1. Malware Tech
Marcus Hutchins, who goes by the pseudonym MalwareTech, found his life flipped upside down in just a single day in May 2017. He had been paying close attention to the WannaCry ransomware attack which was crippling public services around the world. After registering the control server domain, the ransomware was stopped in its tracks.
Hutchins gained international infamy after British tabloids published his real name in the wake of the attack. A UK-native, he now resides in the US after his arrest while visiting the security conference DEF CON on hacking-related federal charges.
2. Sophie Daniel
Securing software is all well and good, but it overlooks one major security flaw: people. Social engineering is the use of deception to manipulate others into divulging personal or confidential information. In many cases, victims aren’t even aware of the attack, which makes it difficult to defend against. Your workplace has probably tried to educate you against these attacks by not holding the door open for someone, for example.
Sophie Daniel, under the name Jek Hyde, is among the most notable penetration testers, having live-tweeted a physical pen-test in 2017. Organizations hire Sophie, and others like her, to break into their company and report back their findings. This work is usually shrouded in secrecy, but Sophie, a former journalist, writes about her experiences offering a fascinating insight into this hidden world.
3. Elliot Alderson
If you’ve watched USA Network’s Mr Robot, then you might have shrugged this account off as guerrilla marketing for the well-received show. However, the name and Twitter handle (a reference to the show’s fictional hacking collective) are just a homage. Instead, this account belongs to a French security researcher. The anonymity is necessary as they often publicly shame companies into acknowledging and fixing security flaws.
This is known as grey hat hacking, where the methods are questionable but the intent isn’t malicious. Their efforts have yielded high profile results. After publicizing flaws in the Indian messaging app Kimbho, the story was picked up by international media including the BBC, and the app withdrawn.
4. Kimber Dowsett
Governments have a reputation for technological ineptitude. Bureaucracy and a lack of investment tend to stifle innovation, creating over-budget, under-supported, and insecure products. The problem hasn’t gone unnoticed, leading the US General Services Administration (GSA) to launch 18F, a digital services agency for government organizations.
Kimberly Dowsett is a Security Architect and Incident Responder for 18F. Preventing attacks on government services is a vital part of her work. Alongside that, she developed a Vulnerability Disclosure Policy for the GSA, which guides researchers on how to report vulnerabilities to the US government.
5. Jeff Moss
These days, security and hacking conventions are a dime a dozen, but that wasn’t always the case. Back in 1993, Criminal Justice graduate Jeff Moss planned a leaving party for a friend. However, when his friend couldn’t make it, instead of calling it quits, Jeff invited his hacker friends along to Las Vegas.
He was coerced into hosting a meetup the following year, eventually turning DEF CON into an annual event. DEF CON has gone on to become a staple of the technology world with 22,000 people attending DEF CON 24 in 2016.
6. Whitney Merrill
Unsurprisingly, DEF CON has often held a less-than-favorable view of federal employees—this is the same event that used to organize a “Spot The Fed” contest after all. This began to change when FTC lawyer Whitney Merrill co-founded DEF CON’s Crypto & Privacy Village. The village hosts interactive events and presentations around cryptography and privacy alongside the main event.
Sometimes Facebook does a thing and I ask myself, "do they really have a Privacy team or are they androids?" pic.twitter.com/XpXvqlVYyw
— Whitney Merrill (@wbm312) June 4, 2018
Her involvement with the Crypto Village isn’t without precedent—Merrill’s work led to her receiving the 2017 Women in Security award, and recognized as one of the top women in security by CyberScoop. Her contributions while at the FTC helped secure a $24 million fine from Publishers Business Services for deceptive trade practices. She can now be found at Electronic Arts (EA) as their Privacy, eCommerce & Consumer Protection Counsel.
7. Matt Tait
The Edward Snowden leaks proved that national security, online security, and politics are heavily intertwined. The documents uncovered the NSA’s audacious surveillance programs and forced security and privacy into the mainstream. It’s surprising then that Matt Tait, a former security specialist for the UK’s NSA equivalent GCHQ, has become a prominent security expert.
Tait, better known as Pwn All The Things, who also worked for Google’s Project Zero, is now a senior cybersecurity fellow at the University of Texas. His research explores the intersection between politics and security. After describing the time he was approached to cooperate with Russia to influence the 2016 US election, he was interviewed by the FBI’s Robert Muller.
Taylor Swift is best known as the multi-million selling pop icon, famed for her singles Shake It Off and Look What You Made Me Do. But in security circles, she is best known by her Twitter alter-ego SwiftOnSecurity (SOS). The infosec parody account, opened in 2014, struck a chord with security professionals around the world. As of June 2018, SOS has amassed 229,000 followers.
If you see a phishing message, innumerable machines have failed. Human intervention is required. YOUR intervention. Someone with your skills has to stand up and do something. Thousands, maybe tens of thousands more WILL click. I’ve seen it. Please submit @ https://t.co/FBfRXCs9S9 pic.twitter.com/cbrdHJ27Ua
— SwiftOnSecurity (@SwiftOnSecurity) May 5, 2018
The success and longevity of SOS are because the person behind the account knows what they are talking about. Combining humor, security advice, and industry commentary SOS has managed to be still relevant four years later. Not much is known about the account’s operator, and what little we do know is from their About page. However, their Twitter threads are often quoted and heavily shared, prompting a lot of discussions and educating readers around the world.
9. Damien Desfontaines
The privacy debate is often framed as a battle between absolutes; advocates on one side, tech companies on the other. What gets lost in that narrative is the many individuals working for the tech companies who passionately care about their work. Surprisingly, this is also the case at Google.
I wanted to see what the tech industry was like, then do a PhD in computability. Somehow, I got into Google, in the YouTube Analytics team (they count views on cat videos).
I planned to stay there 1-2 years, but my project got cancelled, almost immediately after I joined o/
— Ted (@TedOnPrivacy) June 5, 2018
After obtaining a Master’s degree in Mathematical Logic and Theoretical Computer Science, Damien Desfontaines was hired by YouTube’s analytics team. However, the project was canceled, so Desfontaines shifted over to the Privacy team. Alongside the day job at Google, he is working towards a PhD on anonymization and writes as TedOnPrivacy.
10. Sophia McCall
One of the most daunting experiences is to be new at something. Whether that’s meeting new people, or getting a new job, you may feel like you have no idea what you are doing. It’s a shared experience, but not one that people often talk about. Cyber Security Management undergraduate Sophia McCall is bucking that trend. Her blog recently won the title of “Best new security blog in Europe” at the European Cyber Security Blogger Awards.
Having an amazing time at #BSidesLDN2018! ? Was shaking like a leaf delivering my talk, a massive thank you to everyone that came! If you didn't manage to catch me out in the halls and had any questions I will also be at the after-party – grab me then! ? pic.twitter.com/JJP6agv5GN
— Sophia ? (@spookphia) June 6, 2018
The blog is a “log [of her] journey from wannabe script kiddie, to information security professional.” She acknowledges that before her degree she “didn’t know how to install Kali – let alone banner grab or SQL Inject.” In just a few short years, a lot seems to have changed, and in June 2018 she delivered her first conference talk at BSides London.
Which Security Experts Do You Follow?
Security can be intimidating, especially for newcomers. However, beginners needn’t be worried, as taking these six free online courses will guide you through cybersecurity basics. Thankfully, there is a passionate community of security experts who not only want to make the world safer but share their knowledge too. This list only scratches the surface, but following these ten experts is a great place to start.
Of course, if you want to learn specific skills like ethical hacking, then you’ll want to take one of these five courses. If it’s advice you’re after, then you should make these seven security forums part of your online life. Feel like you’re ready for the next step? Maybe it’s time you visited these ten resources for researching information security jobs.
Image Credit: Gorodenkoff/Depositphotos