The SC Most Influential is a new programme conducted in association with (ISC)2 to identify the most influential people in information security. Some names on our top ten list you will recognise – and others you won't. You may disagree with the judges' decisions, but it is important to point out that ‘influence' wasn't just measured on the size of company that individuals worked for, nor even their seniority within those businesses. Influence was also measured on reputation and activity within the wider information security arena – and how far these ten individuals had managed to progress the art and science of information security, particularly its new-found alignment with the enterprise. We think you will be impressed...
1. Stephen Bonner
Managing director, information risk management, Barclays
We have chosen Stephen Bonner as the most influential person in information security in 2010. Why is that? If influence is measured by being known and respected beyond your own department's doors, then Bonner surely qualifies. His reputation extends well beyond his day job and into numerous conference appearances, summits and other events.
He doesn't use these simply to promote himself, but to further what he genuinely believes in: extending good practice and professionalism to his peers. He is active in the BCS and is a founder associate member of the IISP.
Bonner continues to drive the team at Barclays, whose output, particularly in the realm of security awareness, is influencing practice in other businesses in the financial sector and beyond. He helped form the Privacy Consortium – a collection of cross-industry organisations that are developing the ‘Think privacy' work that he originated at Barclays, attempting – and achieving – wider distribution for the concept.
Bonner has an eye on the future of his profession by providing time and money to start the UK Cyber Security Challenge (www.cybersecuritychallenge.org.uk), to attract the IT security stars of tomorrow.
Bonner is quick to grasp the potential of new technology trends, being a total advocate of the advantages of social networking tools – and is a highly active user himself.
In light of the economic conditions of the past two years, many senior people in the banking sector have opted to keep their heads down. Bonner has however risen above this, maintaining his profile on the circuit, spreading the gospel of business-led information risk management with candour and charm.
Bonner's work with NSPCC ChildLine has taken the information security sector's chosen charity to new levels of recognition nationally.
2. Colin Whittaker
Vice president payment system risk, Visa Europe
Colin Whittaker may not be as well known as Stephen Bonner, but his influential work in a crucial area deserves wider recognition. Whittaker was the impetus behind the organisation of the annual UK Payments Conferences – closed-group, invitation-only events developed to enhance the banks' ability to co-operate. These meetings have always attracted high-profile participants from around the world and boosted the sector's ability to take its own co-operative action. Indeed, industry commentators believe this proactive work forestalled the regulators stepping in and doing it for them. Whittaker's role has an impact on everyday lives.
He is now bringing this experience to Visa, which has even more influence over its membership, sorting out issues with PCI and enhancing adoption.
3. Ray Stanton
Global head of business continuity, security and governance, BT
Ray Stanton is another figure who transcends the dividing line between doing an excellent job for his employer and reaching out to the wider community. In Stanton's case, this is largely achieved by sheer weight of personality.
Stanton's commitment to information security is undimmed after a quarter of a century in the business, across such diverse companies as Unisys, Airbus and British Aerospace.
However, it is with his current employer, BT, that he has probably had his most influential period. He has used it to promote the message of ‘good security = good business' and Stanton uses his personality to get that message across. He can command a room and the room tends to listen.
Stanton has also been a driving force behind the BT UK Information Security Journalism Awards, the first of their kind in the world. The success of these – now in their fourth year – has raised the profile of information security within the mainstream media.
4. Neira Jones
Head of payment security, global payment acceptance, Barclaycard
The name of Neira Jones has become synonymous with payment card security. To achieve such acknowledgement takes a level of passion and commitment to one's subject that is far more than a formal role within an organisation. It also requires vision, clarity and drive. Jones is changing the IS landscape in payment security within the UK and beyond.
She has been most effective in enabling smaller merchants to adopt PCI – going beyond the call of duty in making herself available to even the smallest. As a result, she is considered to be the leading figure on PCI in the UK. This is true influence.
Her style is described as a mixture of knowledge, enthusiasm, quiet determination and confidence.
5. Dr Robert Nowill
Director, security consulting and information assurance, BT
Dr Robert Nowill created the security consulting and information assurance practice within BT Security, combining security teams from across BT into an effective single unit.
With BT being part of the Critical National Infrastructure of the UK, Nowill has played a significant role in managing the relationship between BT and central government.
Nowill is also joint lead for the Security Professional Community within BT, a ‘family' for security people in BT to learn from each other. He acts as a role model to those joining the community leadership team – by being an active leader.
Nowill has been credited with shifting perceptions of security from a technology matter into a business enabler. One admirer says: “Without his knowledge, leadership and vision, security in BT would be in a much poorer position.”
6. Dr Robert Coles
CISO/head of risk and security, National Grid
Dr Robert Coles is not perhaps a great self-publicist and his activities don't always burst onto the stage in a glorious blaze of floodlights, but he has certainly been instrumental in guiding debate. He is that rarity at his level – influential and modest.
Now he sits at the helm of one of the most exciting security projects around. As CISO of National Grid, he will help navigate its transformation to a ‘smart grid' infrastructure, where consumers will be able to use the web to self-service into the heart of their critical infrastructure.
Arguably, this could become a useful template for all in the industry. There are many unsolved mysteries in layering security – mobile, thin client, self service, critical data on the back end, consumer citizen awareness etc. Coles confronts them all simultaneously – unlike most organisations, which do it piecemeal.
So thanks to his being quietly selective over the years, and well connected, he has landed himself a very influential job. This will unwittingly place him at the forefront of security design for ‘the cloud'.
7. Martyn Croft
Chief information officer, Salvation Army
Until a few years ago, charities were poorly represented in IT and especially in information security. Martyn Croft has done a lot to change this state of affairs.
The Charities Consortium IT Directors Group (CCitDG) is a membership group representing around 100 large charities. Croft's involvement underlined the need for IS professionals working in charities to establish a peer group. That led to the co-founding three years ago of the Charities Security Forum (CSF), which has recruited over 70 members and regularly meets privately to share, discuss and debate IS questions within the sector.
A seat on the board of the Charities IT Resource Alliance (CITRA), which supports IT professionals in the third sector, and has now merged with Socitm, has led to the wider representation of IS interests throughout the sector.
On top of this, Croft is widely admired for his commitment to Salvation Army values and structures – to which he sees the efficient and secure management of information by himself and his team making a valuable contribution.
8. Paul Wood MBE
Group chief security officer/group business protection officer, Aviva
Paul Wood has true assurance influence across one of the UK's most important firms, an influence that traverses information protection, physical security and health & safety. He has defined and integrated the business protection strategy across the Aviva group, delegated by the board to set strategy and policies and identify synergies and efficiencies. Wood has created a template for the business-led security professional for others to follow.
He has delivered on his vision of setting direction from the top, inspiring the boardroom to debate and lead on IS risk debates and putting plans into action. Wood's influence can be seen and heard elsewhere across the boardrooms of UK business. Like others on the list, his personality ensures that people want to listen to what he says.
9. Eamonn McCoy
Senior information risk manager, Barclaycard Global Chief Operating Office
Eamonn McCoy may be seen as the ‘outsider' on this list, but those who know him will tell you that his blend of business, people and community-focus skills makes him one of the most influential security professionals – and one to watch. After a long stint with Allied Irish Bank, most recently as divisional information security manager, he has moved to Barclaycard in the UK.
He took over his role at the Irish bank in 2002 as a one-man band and promptly pushed IS to be integrated into every part of the business – ending up leading an information assurance team of six.
McCoy was also energetic in bringing information security into the public domain outside of AIB. He has been a regular interviewee in the Irish media, reinforcing the public's awareness of identity theft and security issues.
An example of this was his initiative to run ‘community shredding events' in local towns in Northern Ireland, to increase awareness of the need for securely destroying personal information. He engages with the local media to raise the awareness of the threat landscape and to encourage security good practice.
In his new role, McCoy will no doubt continue to spread the gospel of security.
10. Dr Gerhard Knecht
Head of global security services and compliance, Unisys
Dr Gerhard Knecht's leadership style has been described as ‘managed risk-taking'. Given his place at the heart of one of the world's leading IT organisations, leading all its security services worldwide, this attitude gives Knecht much clout – and, in the eyes of admirers, makes him something of a maverick.
He fosters a no-blame culture and the notion that major progress only comes with new thinking and personal risk-taking. Those who work at the leading edge in the company are encouraged to make mistakes – not blamed for them. His influence has led to changes in the culture of Unisys itself.
Because of Knecht, the India-based Unisys Security Centre of Excellence is leading the way, rather than merely executing top-down instructions. This is a major change: historically, Indian staff were not allowed to make global strategic decisions and often were not even tempted to make the attempt.
It is no surprise to discover that Gerhard manages the entire worldwide Unisys information security empire virtually, from London and Uxbridge.
Information security professionals could nominate themselves – or be nominated – to be selected as one of our most influential. Nominees had to answer a series of qualifying questions, devised by (ISC)2. Entries were scrutinised and a shortlist was drawn up. From this shortlist, the judges selected the ranking of the final ten: the list we publish in this issue of SC.
Judges of the SC Most Influential 2010
Committee member, RSA Conference Europe
John Madelin has 15 years' experience in a variety of senior roles within IT security, including network and information security, governance and risk management, business resiliency, data encryption and identity management. His roles combined professional services, product marketing, operations and sales.
Madelin has written many articles/whitepapers and has also helped to establish a number of executive forums. He maintains cybersecuritywiki.com, and is a member of the Advanced Resilient Computer Security (ARCS) group.
Madelin holds an MBA from Manchester Business School and is an FCCA. Madelin has a long history of involvement with the Confederation of British Industry (CBI), Department of Trade and Industry (DTI) and UK government, as well as advising private-sector companies in a board advisory capacity across EMEA. He works at a senior level for a major security services provider.
Managing director EMEA, (ISC)2
(ISC)2 is a non-profit professional consortium that represents over 70,000 members worldwide. John Colley, CISSP served on the (ISC)2 board of directors for eight years, including two as chairman.
Colley has over 18 years' experience in IS. He has formerly held posts as head of risk services at Barclays Group, group head of IS at Royal Bank of Scotland Group, director of information security at Atomic Tangerine and as head of information security at ICL. He has had numerous articles published in the IT and security press.
He is a member of the ISSA UK advisory board and chairman of the UK Government Information Assurance Professional Bodies Advisory Group.
Professor Fred Piper
Fred Piper began his academic career as an assistant lecturer in mathematics at Royal Holloway College (University of London) and after one year was promoted to lecturer. He is currently director of the Royal Holloway Information Security Group that was awarded the Queen's Anniversary Prize for Higher and Further Education in 1998.
Piper has published over 100 research papers, six books (four on cryptography) and is on the editorial boards of two international journals. He has also supervised over 50 PhD students and is one of the organisers of the MScs in information security and secure electronic commerce at Royal Holloway. He has lectured worldwide on a wide range of topics in information security, both academically and commercially.
In 1985 he formed a company, Codes & Ciphers, which offers consultancy advice on all aspects of information security. He has acted as a consultant for a number of financial institutions and major industrial companies in the UK, rest of Europe and US. This consultancy has covered a wide range of subjects, including design and analysis of cryptographic algorithms and work on a number of ATM and EFTPOS systems. In the past few years, he has served on a number of committees, offering security advice to the UK's Department of Trade and Industry. In 2008, he was elected a fellow of (ISC)2 and was the first person to be elected to the InfoSecurity Europe Hall of Fame.
Editor of SC Magazine
Paul Fisher has 19 years' experience as a technology journalist and editor, working with some of the world's biggest technical publishing groups, including IDG and VNU. During the PC boom of the 1990s, he edited two market-leading computing titles, Personal Computer World and PC Advisor, and also helped launch the Internet World show.
During a stint in Paris, he worked as an adviser to IBM on corporate communications and has produced technical marketing material for other leading high-tech companies, including Alcatel-Lucent and Schlumberger.
He was a senior editor at AOL UK and editor-in-chief at DirectGov, the government's flagship public services web portal. Paul is also a member of the RSA Conference Europe submissions panel.