Search for blog posts, documentation, or pages

For those in the information security community, opportunities to interact with amazing security researchers we respect and admire have become common. With frequent conferences around the world and availability of researchers on Twitter, the days of once-a-year interactions or the occasional mailing list conversation have quickly disappeared.

While this is a positive development, it may have allowed many of us to become jaded with just how special some of the people in this community truly are. One person who I think many would consider beyond this reality, however, is Barnaby Jack.

With news of his passing, a collective gasp and release of sorrow fell upon those who had a chance to see him present a talk, consider him a friend, or just said hello at a conference. While my personal knowledge of Barnaby was minimal relative to so many others, I had never been anything but impressed by his efforts and heard nothing but praise for him as a person.

It’s a fine time to reflect on someone who at 36 had given not just smiles to friends and some interesting hacks to his fans, but truly important research that could prevent actual crime and potential bodily harm. The style of Barnaby as a presenter and his personality may have overshadowed the real-world contributions he was in constant process of making for not just hackers, but for everyone.

With the content of his BlackHat presentation foreshadowed, it’s very clear that the implications of his research weren’t just for the sake of a funny demo, but for preventing serious harm (whether by accident or intentionally) to the people who put their trust in manufacturer’s hands everyday so willingly.

What I hope manifests from this tragedy is that the general public will hear about this and gain even further knowledge about Barnaby, his contributions to all of our lives, and the fantastic way in which what he spent his time doing made a real, lasting impact on the direction of information security.

To me, hearing people arguing Tesla vs. Edison is one of the greatest representations that people care about those who have paved roads that we can only wish to take a few steps down ourselves one day. What if, at some point, people are arguing the merits of Barnaby against another of our contemporaries? Whose face wouldn’t that abruptly put a smile on for the very fact that conversation was even occurring at all?

I’d charge us all to remember that between the flame wars, complaints about PCI DSS, arguments over rounds of cryptographic operations, and CISSP jokes, we consider that many of the people we are arguing with have made a real difference for us, our friends, our family, and our future. Information security isn’t just what we love to do, it’s what we need to do. We need to break, understand, and fix to be happy. The altruism often gets lost in the noise, but the results speak for themselves.

Don’t forget to say “hi” to your friends, “thanks” to your mentors, and high-five the new guys at BlackHat, DEFCON, and B-Sides Las Vegas this year. There are going to be some pretty heavy moments, but we’re a community, and as long as we keep thinking of ourselves as such, it’s going to be alright. Mostly.

@markstanislav

Mark Stanislav
Security Evangelist

Mark Stanislav is the Security Evangelist for Duo Security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development. Mark has spoken internationally at over 75 events including including RSA, DEF CON, ShmooCon, SOURCE Boston, and THOTCON. He earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University.

Categories

Free Guide

Two-Factor Authentication Evaluation Guide

This guide walks through some of the key areas of differentiation between two-factor authentication solutions and provides some concrete criteria for evaluating technologies and vendors.

Tags

phishing (20)  security news (17)  passwords (15)  healthcare security (15)  two-factor-authentication (15)  weekly ink (13)  federal cybersecurity (10)  cloud security (9)  malware (9)  infosec-evolution (9)  retail data breaches (8)  banking security (8)  rsac2015 (8)  duo mobile (7)  data breaches (7)  financial data breach (7)  stolen-passwords (7)  pci dss (6)  stolen credentials (6)  2fa (6)  financial institutions (6)  ooba (6)  transaction-level 2fa (5)  remote access security (5)  atms (5)  encryption (5)  webinar (5)  mobile security (5)  data breach notification (4)  security threats (4)  healthit (4)  bank security (4)  hipaa (4)  third-party security (4)  pos malware (4)  financial data security (4)  vulnerability (4)  defcon-23 (4)  retail (4)  platform edition (4)  remote access attacks (4)  2-factor-authentication (4)  retail data security (4)  rig exploit kit (4)  healthcare cybersecurity (4)  blackhat 2015 (4)  google (4)  medical identity theft (4)  hipaa security rule (3)  ssl (3)  ffiec (3)  two-factor (3)  strong-authentication (3)  law firm security (3)  home depot (3)  car security (3)  higher education (3)  media security (3)  anthem (3)  e-prescriptions (3)  retail data risks (3)  twitter (3)  duo-security-summit (3)  security research (3)  uk security (3)  health it (3)  manufacturing security (3)  end-user authentication (3)  payment card breach (3)  retail ebook (3)  otp bypass (3)  target (3)  critical infrastructure security (3)  iot security (3)  dyre trojan (3)  defense in depth (3)  defcon (3)  social engineering (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.