| November 2002My Infosec Heros5 living legends and their contributions to our field.BY Jay Heiser
Whitfield Diffie
Whit Diffie's lifelong interest in encryption and
a nagging feeling that one-way functions could be useful resulted in the
brilliant concept that two people could confirm possession of a secret without
actually knowing what that secret was. This is the idea behind all
public-key cryptosystems, and if Diffie and Martin Hellman hadn't publicized
this in their 1975 paper, the digital world as we know it wouldn't exist. After
spending another decade and a half immersed in technology, Diffie took positive
advantage of his fame to enter the public policy debate over privacy, where he
has served as a tireless proponent of the people's right to use encryption
software. Donn Parker
Infosec folks love to speculate about what
cybercriminals are like. Donn Parker doesn't need to hypothesize-he's not only
met more of them than anybody, but he's interviewed them, in the process
developing a sophisticated model of cybercriminal behavior. Parker has also been
a leader in the area of computer ethics, writing Ethical Conflicts in Computer
Science and Technology in 1979 and participating in the creation of the
Association for Computer Machinery (ACM) Code of Ethics. Anyone in the
fourth decade of his career who has pioneered risk analysis and cybercrime
investigation could be excused for a bit of complacency, but that's not Parker.
He continues to challenge us to grow beyond our primitive "witch doctor" roots
and evolve our field into a useful profession. Dorothy Denning
Georgetown University, in Washington, D.C., is
the perfect location to participate in political debates over encryption and
infosec. Dorothy Denning is arguably the most prolific author in the field,
writing the seminal Cryptography and Data Security in 1982. In her 25-year
career, she has served not only as an expert in the use of and legal policy
associated with encryption, but also as an authority on infowar, an area where
she provides much-needed balance and level-headed commentary. It's easy to
find fault with Congress, but they're smart to turn to Denning for advice on
encryption technologies and policy. Bruce Schneier
Six-time author Bruce Schneier literally wrote
the book on encryption. Applied Cryptography, now in its second edition, is the
definitive sourcebook on encryption for people around the world who actually
work for a living, preventing countless programmers from making horrible
mistakes. But after establishing himself as a much-consulted authority on
encryption, Schneier realized that mere algorithms were insufficient, and made a
courageous public leap into the realm of human behavior and organizational
process. Schneier loves to puncture infosec hype balloons, and his regular
commentaries are gems of common sense and clear thinking. Eugene Spafford
As one of his grateful former students told me,
"If you need a job, just ask Spaf." Purdue University's Gene Spafford is a
matchmaker who, in 15 years, has launched or influenced more infosec careers in
academia and private industry than anyone else in the field. Widely respected
for his research skills, dedication to teaching and sense of humor, Spaf was
present at the birth of both the first open-source vulnerability scanning tool
(COPS) and the first host-based IDS (Tripwire). He founded and directs Purdue's
Center for Education and Research in Information Assurance and Security
(CERIAS), one of the nation's premier facilities for infosecurity education. He
is coauthor of the longest-lived book on Unix security-Practical Unix
Security-and wrote the first English-language book on viruses.
JAY HEISER is an
Information Security columnist and editorial board member.
|  |
