Who created the CVE system? That's Adam! In this insightful episode of "Hackers to Founders," host Chris REal0day Magistrado welcomes Adam Shostack, a renowned cybersecurity expert and co-creator of the Common Vulnerabilities and Exposures (CVE) system. Adam recounts his journey from a curious and geeky childhood, engaging in activities like D&D and building with Legos, to his influential career in cybersecurity. He delves into his early experiences at Brigham and Women's Hospital, where he first encountered the importance of security and privacy in medical systems. Adam shares his entrepreneurial ventures, including his pivotal roles in startups like Net Tech and Zero Knowledge Systems, highlighting the challenges and rewards of building security-focused businesses during the nascent stages of the cybersecurity industry. His passion for threat modeling is evident as he discusses his work at Microsoft, where he developed user-friendly threat modeling tools and authored influential books to make security practices more accessible.Beyond his technical achievements, Adam emphasizes the significance of education, training, and mentorship in advancing cybersecurity. He explains his transition from product development to focusing on training and creating scalable educational programs, ensuring that essential security skills are widely disseminated. Adam also explores his collaboration with Cyber Green to establish cyber public health, aiming to apply public health methodologies to measure and mitigate cyber impacts effectively. Throughout the conversation, Adam underscores the importance of diversity in fostering innovative solutions and the need for adaptable strategies in an ever-evolving threat landscape. His dedication to making cybersecurity more inclusive and his visionary approach to integrating interdisciplinary techniques position him as a key thought leader committed to enhancing global security practices.PeopleAdam Shostack: Renowned cybersecurity expert, co-creator of the Common Vulnerabilities and Exposures (CVE) system, author of several influential books on threat modeling and security design.Frank Abagnale: Subject of the book "Catch Me If You Can," which influenced Adam's childhood interest in security and deception techniques.Leonardo DiCaprio: Actor who portrayed Frank Abagnale in the movie adaptation of "Catch Me If You Can."Mike Howard: Worked alongside Adam on the Secure Development Lifecycle team.Steve Lipner: Collaborated with Adam on threat modeling initiatives.Rob Kinnaki: Worked with Adam on the cyber public health project, contributing to the development of new cybersecurity disciplines.Tara Wheeler: Partnered with Adam in establishing cyber public health methodologies.Heidi Trust: Recommended by Adam as a notable figure intersecting usability and security.Gene Spafford: Part of Adam's professional network, contributing to cybersecurity discourse.Steve Belvin: Known to Adam, part of his network of cybersecurity professionals.Bruce Schneier: Part of Adam's extensive network within the cybersecurity community.Marcus Ranham: Known to Adam, contributing to his professional relationships.Mudge: Met by Adam during his time at BBN, part of his influential network.Weld Pond: Met by Adam at BBN, contributing to his professional connections.Prerit Garg: Contributor to threat modeling methodologies.Lance Cottrell: Influenced Adam's work on anonymized networks at Zero Knowledge Systems.Paul Syverson: Co-inventor of onion routing. His work influenced the development of anonymized network systems like Tor and Zero Knowledge Systems.Steve Christie: Involved in the development of the CVE system.Dave Mann: Collaborated with Adam on creating the CVE system.Andre Fresh: Worked with Adam on developing the CVE system.Tony Sager: Helped secure funding for the CVE system through collaboration with MITRE.Stephen Savage: Involved in ransomware detection research, mentioned in relation to cyber public health.OrganizationsCVE (Common Vulnerabilities and Exposures): A standardized system for identifying and categorizing cybersecurity vulnerabilities. Co-created by Adam Shostack to provide a common reference for vulnerabilities across different platforms and organizations.Net TechStartup focused on developing vulnerability scanners. Adam played a pivotal role in this successful startup, contributing to the creation of security tools.Zero Knowledge Systems: Startup aimed at creating anonymized network solutions similar to Tor. Adam joined this company to work on privacy-focused technologies.MITRE: Not-for-profit organization that manages various federally funded research and development centers. Collaborated with Adam to develop and support the CVE system.Secure ID: Company that produced authentication tokens. Adam conducted security and privacy reviews of their products early in his career.BBN (Bolt Beranek and Newman Inc.) Technology company known for its work on ARPANET and early internet infrastructure. ...
