Scott Kveton? Blake Caldwell? Here are some people you probably don't know who will shape IT in the coming year.
Security On Principle
Mike Lynn was barely out of diapers in 1984 when a group of Stanford computer scientists founded Cisco Systems. Despite his age, or perhaps because of it, Lynn this summer took on the networking giant, exposing a flaw in its Internetwork Operating System that could let attackers take over Cisco routers and switches, which operate in about 80% of large corporate IT environments.
Lynn dispelled the widely held notion that it's impossible to overflow IOS's buffers and exploit these overflows, revealing that hackers could gain control of network traffic, remotely examine packet content, modify traffic, and break weakly authenticated encryption.
The gutsy move won the 24-year-old accolades in the IT-security community, but it cost him his job and made him the subject of a lawsuit filed by Cisco and his former employer, Internet Security Systems Inc., a security products and services provider. The suit has been settled, and Lynn now works for Cisco rival Juniper Networks Inc.
In addition to technical prowess, Lynn has a sense of priorities. He had no intention of letting people write exploits based on his work or any information he revealed at the Black Hat conference where he first spoke about the vulnerabilities, says Dan Kaminsky, senior security researcher at security research firm Doxpara Research. "He didn't build his slides in a way where people could reproduce his work."
The presentation did provide security pros with evidence that they needed. "That crowd ... wanted to know how their networks were at risk," Kaminsky says. "Mike didn't do what Cisco wanted; he did what Cisco customers wanted." Cisco has since issued patches for versions of IOS Lynn identified as vulnerable.
Lynn's work on IOS demonstrates his ability to take security research in new directions and stand behind his findings, regardless of how controversial. "He's principled, which is refreshing," says Jeff Moss, founder and president of Black Hat, an IT-security training and consulting group.
Lynn had a huge impact at Black Hat, but he isn't a publicity hound. He agreed to be interviewed for this article only if Juniper acquiesced, which it didn't. The company even declined to describe Lynn's job.
Whether Lynn works for Juniper as a researcher or a security consultant, the IT world is better for it. "If Juniper was looking to put together a consulting business, then they've got a great guy," Moss says. "Even if they just have him working on their own products, then their products will be that much more secure. He's also got a lot of knowledge of Cisco technology, so it won't take much time to get him up to speed."
Lynn has a standing invitation to speak at future Black Hat events. If he does, count on a packed house.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.