In your opinion, which company or person has had the biggest impact on the information security industry within the last 10 years, and why?
Javvad Malik (JM): Ah such a long list of people, technologies and stories to go through. It’s not an easy one to narrow down to just one person or company. If measuring mainstream exposure, someone like Bruce Schneier comes to mind; maybe it’s the NSA or Edward Snowden that has had the biggest impact (albeit not in a totally positive way). Mandiant’s APT1 report was successful in bringing Chinese threat actors into the limelight.
Thinking more broadly, I could suggest Steve Jobs and the iPad, a revelation which single-handedly brought about the BYOD revolution, spinning out industries for MDM, MAM, and ‘now supports iOS’.
There are many other similar candidates, but ultimately, the person and the product that I believe has had one of the biggest impacts on the information security industry during the whole course of the last 10 years through ongoing research, community engagement and providing one of the most comprehensive security tools in the industry has to be HD Moore and Metasploit.
Andrew Agnes (AA): What do you mean this isn’t an easy one? You’ve already given the correct answer! Edward Snowden has had the biggest impact because of the mainstream exposure his actions received. He is a thief, a whistleblower, a hero to some, and a traitor to others – all in one. Executives around the world suddenly perked up and wondered “What does my Sys Admin have access to?” With the amount of threat fatigue businesses go through, Edward Snowden has become a one-man walking global awareness program, receiving attention from a diverse range of audiences in a way which any infosec professional hoping to educate clients should be jealous of.
Thom Langford (TL): I am an Apple fanboy through and through, and yet I think it is Apple as a company that has had one of the biggest negative impacts on the information security industry. For years, almost a generation, they did virtually nothing to counter the myth that “Apple Mac doesn’t get viruses”, leaving people to use their Macs in Starbucks under the false impression that they are secure from nasty viruses and malware. It is unthinkable to have a PC sold without some kind of endpoint protection software, and Microsoft even built their own free version, yet no Mac is bundled with an equivalent, and there is a distinct lack of this software available. It is often an afterthought.
I still love my Mac though.
AA: So the person we’re looking for is a whistle blower / traitor / hero, expertly using Metasploit on their Mac Air in Starbucks? That person is making history and affecting infosec in ways we didn’t anticipate as we ponder the simpler things in life.
JM: Not delving too deep into this, but I am writing this on my Mac, which also has metasploit. This chai latte tastes delicious, by the way… oh, and I prefer “legend”.
Andrew Agnes, Thom Langford & Javvad Malik | @HostUnknownTV
To find out more about our panel members visit the biographies page.