For those in the information security community, opportunities to interact with amazing security researchers we respect and admire have become common. With frequent conferences around the world and availability of researchers on Twitter, the days of once-a-year interactions or the occasional mailing list conversation have quickly disappeared.

While this is a positive development, it may have allowed many of us to become jaded with just how special some of the people in this community truly are. One person who I think many would consider beyond this reality, however, is Barnaby Jack.

With news of his passing, a collective gasp and release of sorrow fell upon those who had a chance to see him present a talk, consider him a friend, or just said hello at a conference. While my personal knowledge of Barnaby was minimal relative to so many others, I had never been anything but impressed by his efforts and heard nothing but praise for him as a person.

It’s a fine time to reflect on someone who at 36 had given not just smiles to friends and some interesting hacks to his fans, but truly important research that could prevent actual crime and potential bodily harm. The style of Barnaby as a presenter and his personality may have overshadowed the real-world contributions he was in constant process of making for not just hackers, but for everyone.

With the content of his BlackHat presentation foreshadowed, it’s very clear that the implications of his research weren’t just for the sake of a funny demo, but for preventing serious harm (whether by accident or intentionally) to the people who put their trust in manufacturer’s hands everyday so willingly.

What I hope manifests from this tragedy is that the general public will hear about this and gain even further knowledge about Barnaby, his contributions to all of our lives, and the fantastic way in which what he spent his time doing made a real, lasting impact on the direction of information security.

To me, hearing people arguing Tesla vs. Edison is one of the greatest representations that people care about those who have paved roads that we can only wish to take a few steps down ourselves one day. What if, at some point, people are arguing the merits of Barnaby against another of our contemporaries? Whose face wouldn’t that abruptly put a smile on for the very fact that conversation was even occurring at all?

I’d charge us all to remember that between the flame wars, complaints about PCI DSS, arguments over rounds of cryptographic operations, and CISSP jokes, we consider that many of the people we are arguing with have made a real difference for us, our friends, our family, and our future. Information security isn’t just what we love to do, it’s what we need to do. We need to break, understand, and fix to be happy. The altruism often gets lost in the noise, but the results speak for themselves.

Don’t forget to say “hi” to your friends, “thanks” to your mentors, and high-five the new guys at BlackHat, DEFCON, and B-Sides Las Vegas this year. There are going to be some pretty heavy moments, but we’re a community, and as long as we keep thinking of ourselves as such, it’s going to be alright. Mostly.


Mark Stanislav
Security Evangelist

Mark Stanislav is the Security Evangelist for Duo Security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development. Mark has spoken internationally at over 75 events including including RSA, DEF CON, ShmooCon, SOURCE Boston, and THOTCON. He earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University.


Free Guide

Two-Factor Authentication Evaluation Guide

This guide walks through some of the key areas of differentiation between two-factor authentication solutions and provides some concrete criteria for evaluating technologies and vendors.


phishing (16)  two-factor-authentication (15)  passwords (13)  healthcare security (12)  cloud security (8)  malware (7)  financial data breach (6)  security news (6)  ooba (6)  financial institutions (5)  stolen-passwords (5)  federal cybersecurity (5)  atms (5)  transaction-level 2fa (5)  2fa (5)  retail data breaches (5)  encryption (5)  webinar (5)  pci dss (4)  healthcare cybersecurity (4)  data breach notification (4)  healthit (4)  banking security (4)  hipaa (4)  retail (4)  bank security (4)  stolen credentials (4)  data breaches (4)  pos malware (3)  e-prescriptions (3)  weekly ink (3)  twitter (3)  defense in depth (3)  otp bypass (3)  home depot (3)  hipaa security rule (3)  manufacturing security (3)  critical infrastructure security (3)  two-factor (3)  strong-authentication (3)  remote access security (3)  medical devices (3)  iot security (3)  health it (3)  third-party security (3)  anthem (3)  target (3)  retail ebook (3)  vulnerability (3)  mobile security (3)  rig exploit kit (3) 

Duo is hiring!

View our open positions

Follow Us

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.