Key Facts
- The article profiles 20 influential figures in cybersecurity over the past two decades, including CISOs, hackers, researchers, and policymakers.
- Key highlights include Steve Katz as the first CISO, Albert Gonzalez as a notorious cybercriminal, and Katie Moussouris pioneering vulnerability disclosure.
- Many profiles feature individuals who transformed security from a technical function into a board-level risk.
- The list includes controversial figures like Edward Snowden and Joe Sullivan, highlighting complex ethics in cybersecurity.
20 Leaders Who Built the CISO Era: 2 Decades of Change
Twenty years after the dawn of the modern cybersecurity era, the role of the chief information security officer (CISO) is no longer emerging—it is well-established. But as the saying goes, we stand on the shoulders of giants.
It began with pioneers like Steve Katz formalizing the role at Citicorp and Howard Schmidt elevating cybersecurity to an administration-level hire in federal government. Now, cybersecurity has become a board‑level risk, and the CISO's job has expanded from block-and-tackle cyber defense into business resilience, national security, brand protection, compliance, and corporate trust.
This special 20th anniversary retrospective traces a rich history of how a diverse set of voices reset the playbook for adversaries and defenders alike, and architected today’s CISO-led world. The 20 newsmakers profiled include Dan Kaminsky, Barnaby Jack, Katie Moussouris, Troy Hunt, Window Snyder, Kevin Mandia, and others. Some tarnished haloes appear too—Edward Snowden, Kevin Mitnick, Marcus Hutchins, Albert Gonzalez, and Joe Sullivan—all of whom have been at the center of hard conversations about accountability, offense/defense dynamics, and redemption narratives.
The list is not exhaustive but representative. Each profile contributes to a practical roadmap for modern cyber defense: align cyber with business outcomes, modernize disclosure and crisis communications, bridge gaps between public and private sectors, pressure‑test third‑party risk, and ready organizations for AI‑accelerated threats.
Albert Gonzalez & Cybercrime's Tipping Point
In 2008, federal authorities arrested 26-year-old Albert Gonzalez, mastermind behind a massive hacking operation targeting retailers and card processor Heartland Systems. His 'Get Rich or Die Tryin'' spree represented the largest cybercrime and identity theft case at the time. He stole 160 million payment-card accounts while working as a Secret Service informant. This case shifted the conversation: cybercrime had become a profit-driven business. Gonzalez was released in 2023 after serving 15 years.
Jennifer Granick: Cyber Law Frontlines
Jennifer Granick has been at the forefront of digital law and privacy battles for over two decades. She helped create the Stanford Law School Center for Internet and Society, led civil liberties efforts at EFF, and defended security researchers like Aaron Swartz. Her 2017 book 'American Spies' critiques modern surveillance. She remains a rigorous advocate for hacker rights.
Troy Hunt Brings Breach Data to the Masses
Troy Hunt founded Have I Been Pwned? in 2013, a database allowing users to check if their email was compromised in a breach. With 17.5 billion accounts indexed, it became essential infrastructure for password managers and browsers. Hunt democratized breach awareness long before SEC disclosure rules.
Marcus Hutchins: WannaCry Hero
In 2017, Marcus Hutchins (MalwareTech) accidentally triggered a kill switch for the WannaCry ransomware by registering a domain. He later plead guilty to creating the Kronos banking Trojan as a teenager, but the cybersecurity community widely supported his rehabilitation. He now works as a principal threat researcher at Expel.
Barnaby Jack: Device Security Pioneer
Barnaby Jack’s dramatic demonstrations of ATM jackpotting and remote insulin pump hacks made physical device security tangible. His work forced medical device manufacturers to adopt cybersecurity standards, laying groundwork for IoT security. Jack died in 2013 at age 35.
Dan Kaminsky: Saved the Internet
Dan Kaminsky discovered the DNS cache poisoning vulnerability in 2008 and coordinated a massive multi‑vendor patch effort. He also exposed Sony BMG’s rootkit and developed the DanKam AR tool for his colorblind friend. Kaminsky died in 2021 but left a legacy of collaboration and good‑guy hacking.
Steve Katz: The First CISO
After Citibank was hacked in 1995, Steve Katz became the first chief information security officer. He emphasized that cybersecurity is about business risk, not just technology. He changed how boards discuss security until his death in 2023.
Chris Krebs: Election Security Under Fire
As CISA’s first director, Chris Krebs built collaboration between government and private sector. He famously debunked election fraud claims, leading to his firing by President Trump in 2020. He later faced political fallout but his legacy of partnership remains.
Kevin Mandia: Incident Response Defined
Kevin Mandia founded Mandiant in 2004, pioneering external incident response. His 2013 APT1 report exposed Chinese state‑sponsored hacking, changing threat intelligence. Mandiant sold to Google for $5.4 billion. Mandia later founded Armadin, an AI red‑teaming firm.
Charlie Miller & Chris Valasek: Car Hacking
In 2015, they famously hacked a Jeep Cherokee on a highway, demonstrating remote control of steering, brakes, and engine. This led to a Chrysler recall, new legislation, and a wave of automotive security research, setting the stage for autonomous vehicle safety.
Kevin Mitnick: Household Name Hacker
After years on the run and five years in prison, Kevin Mitnick became a leading authority on social engineering. He founded Mitnick Security, wrote 'Ghost in the Wires', and served as KnowBe4’s chief hacking officer until his death from cancer in 2023.
HD Moore: Metasploit Creator
HD Moore released the Metasploit framework in 2003, revolutionizing penetration testing. His Month of Browser Bugs and Project Sonar advanced vulnerability research. He later founded runZero to tackle network visibility. Moore remains a legendary figure for his technical contributions and humility.
Jeff Moss: DEF CON & Black Hat
Jeff Moss founded DEF CON in 1993 and Black Hat in 1997, creating the premier security conferences. He pioneered the Voting Machine Village, influencing election security policy. Moss continues to bridge the hacker community with lawmakers.
Katie Moussouris: Vulnerability Disclosure
Katie Moussouris launched Symantec Vulnerability Research, Microsoft Vulnerability Research, and the U.S. government’s Hack the Pentagon bug bounty program. Her work legitimized ethical hacking and helped create liability‑free vulnerability disclosure frameworks.
Howard Schmidt: Public‑Private Bridge
Howard Schmidt served as White House cybersecurity coordinator under Obama, developing the National Strategy to Secure Cyberspace. He later became Microsoft’s CSO, implementing the Security Development Lifecycle. He died in 2015 but his collaborative model endures.
Bruce Schneier: Cybersecurity to Real Life
Bruce Schneier transformed cybersecurity from a technical niche into a broader conversation about trust, privacy, and economics. His book 'Applied Cryptography' remains a classic. He now lectures at Harvard and warns about AI’s impact on democracy.
Edward Snowden: The Ultimate Insider Threat
Edward Snowden leaked NSA surveillance programs in 2013, sparking global debate. He sought asylum in Russia and gained citizenship in 2022. His leaks forced reexamination of government oversight and insider threat protections.
Window Snyder: Proactive Security
Window Snyder pioneered the Security Development Lifecycle at Microsoft and later at Apple, Mozilla, and Intel. She now runs Thistle Technologies, focusing on IoT security. Her work made software and device security more systematic.
Joe Sullivan: CISO Accountability
Joe Sullivan, former CSO of Uber, was convicted in 2022 for covering up a breach involving 57 million users. His case highlighted personal liability for CISOs. He continues to speak about decision‑making under pressure.
Chenxi Wang: Multi‑Hatted Leader
Dr. Chenxi Wang has been an analyst, executive, entrepreneur, and investor. She defined cloud‑native security at Forrester and Twistlock, and now invests at Rain Capital. She champions identity as the new perimeter and multi‑cloud strategies.
Source: Dark Reading News