Scott Kveton? Blake Caldwell? Here are some people you probably don't know who will shape IT in the coming year.
Security On Principle
Mike Lynn was barely out of diapers in 1984 when a group of Stanford computer scientists founded Cisco Systems. Despite his age, or perhaps because of it, Lynn this summer took on the networking giant, exposing a flaw in its Internetwork Operating System that could let attackers take over Cisco routers and switches, which operate in about 80% of large corporate IT environments.
Lynn dispelled the widely held notion that it's impossible to overflow IOS's buffers and exploit these overflows, revealing that hackers could gain control of network traffic, remotely examine packet content, modify traffic, and break weakly authenticated encryption.
The gutsy move won the 24-year-old accolades in the IT-security community, but it cost him his job and made him the subject of a lawsuit filed by Cisco and his former employer, Internet Security Systems Inc., a security products and services provider. The suit has been settled, and Lynn now works for Cisco rival Juniper Networks Inc.
In addition to technical prowess, Lynn has a sense of priorities. He had no intention of letting people write exploits based on his work or any information he revealed at the Black Hat conference where he first spoke about the vulnerabilities, says Dan Kaminsky, senior security researcher at security research firm Doxpara Research. "He didn't build his slides in a way where people could reproduce his work."
The presentation did provide security pros with evidence that they needed. "That crowd ... wanted to know how their networks were at risk," Kaminsky says. "Mike didn't do what Cisco wanted; he did what Cisco customers wanted." Cisco has since issued patches for versions of IOS Lynn identified as vulnerable.
Lynn's work on IOS demonstrates his ability to take security research in new directions and stand behind his findings, regardless of how controversial. "He's principled, which is refreshing," says Jeff Moss, founder and president of Black Hat, an IT-security training and consulting group.
Lynn had a huge impact at Black Hat, but he isn't a publicity hound. He agreed to be interviewed for this article only if Juniper acquiesced, which it didn't. The company even declined to describe Lynn's job.
Whether Lynn works for Juniper as a researcher or a security consultant, the IT world is better for it. "If Juniper was looking to put together a consulting business, then they've got a great guy," Moss says. "Even if they just have him working on their own products, then their products will be that much more secure. He's also got a lot of knowledge of Cisco technology, so it won't take much time to get him up to speed."
Lynn has a standing invitation to speak at future Black Hat events. If he does, count on a packed house.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.