Business & Finance
11:40 AM

Change Agents

Scott Kveton? Blake Caldwell? Here are some people you probably don't know who will shape IT in the coming year.

Security On Principle

Mike LynnMike Lynn was barely out of diapers in 1984 when a group of Stanford computer scientists founded Cisco Systems. Despite his age, or perhaps because of it, Lynn this summer took on the networking giant, exposing a flaw in its Internetwork Operating System that could let attackers take over Cisco routers and switches, which operate in about 80% of large corporate IT environments.

Lynn dispelled the widely held notion that it's impossible to overflow IOS's buffers and exploit these overflows, revealing that hackers could gain control of network traffic, remotely examine packet content, modify traffic, and break weakly authenticated encryption.

The gutsy move won the 24-year-old accolades in the IT-security community, but it cost him his job and made him the subject of a lawsuit filed by Cisco and his former employer, Internet Security Systems Inc., a security products and services provider. The suit has been settled, and Lynn now works for Cisco rival Juniper Networks Inc.

In addition to technical prowess, Lynn has a sense of priorities. He had no intention of letting people write exploits based on his work or any information he revealed at the Black Hat conference where he first spoke about the vulnerabilities, says Dan Kaminsky, senior security researcher at security research firm Doxpara Research. "He didn't build his slides in a way where people could reproduce his work."

The presentation did provide security pros with evidence that they needed. "That crowd ... wanted to know how their networks were at risk," Kaminsky says. "Mike didn't do what Cisco wanted; he did what Cisco customers wanted." Cisco has since issued patches for versions of IOS Lynn identified as vulnerable.

Lynn's work on IOS demonstrates his ability to take security research in new directions and stand behind his findings, regardless of how controversial. "He's principled, which is refreshing," says Jeff Moss, founder and president of Black Hat, an IT-security training and consulting group.

Lynn had a huge impact at Black Hat, but he isn't a publicity hound. He agreed to be interviewed for this article only if Juniper acquiesced, which it didn't. The company even declined to describe Lynn's job.

Whether Lynn works for Juniper as a researcher or a security consultant, the IT world is better for it. "If Juniper was looking to put together a consulting business, then they've got a great guy," Moss says. "Even if they just have him working on their own products, then their products will be that much more secure. He's also got a lot of knowledge of Cisco technology, so it won't take much time to get him up to speed."

Lynn has a standing invitation to speak at future Black Hat events. If he does, count on a packed house.

--Larry Greenemeier

3 of 8
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest August 03, 2015
The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.