Interview with Eric Greenberg, author of "Mission-Critical Security Planner: When Hackers Won't Take No for an Answer"
by Mirko Zorz - Friday, 28 February 2003.
Who is Eric Greenberg?

I've been kicking around the Internet for quite a while. Around 1981, while in college, I worked at the National Institutes of Health as a "computer specialist". At the time, I was amazed at how careless system designers, users, and so forth were with regard to security. I used to demonstrate to my managers how easy it was for me to get access to information I shouldn't. It was there that I became interested in security, networking, and distributed computing in general. Remember at that time, the IBM PC didn't exist (it would soon come into existence). We used IBM Mainframes, Commodore computers, and 8 bit CPM machines. Through my career I became heavily involved with the Internet and distributed computing in general and, in the early 1990's, led the deployment of Global SprintLink, a large international Internet backbone. Hackers made themselves known then, some in good ways and some in challenging ways ;-). At that time, groups of hackers were particularly bothered by the fact that the Internet was being commercialized, so they attacked our network backbone regularly. Remember all of those statements coming from various Internet providers that claimed their 24 or 48 hour outage was for an equipment upgrade failure? Think *** not ***. Often the outage was the result of hackers at-work. In building-out the Internet, I became convinced that it wouldn't go anywhere without a very heavy focus on security. This was around 1995, that's the time that I decided to join Netscape where I led the security product group. There we were able to endlessly innovate in security and put that work to action, it was a great time. I was group product manager for the Secure Sockets Layer (SSL) protocol and other Netscape security products and features including smart cards, replaceable crypto, digital certificates, code signing, and PKCS #11. Around this time I finished my first book, Network Application Frameworks. That book was my statement that networks, applications, and security are one problem set, not two or three. It has always struck me as odd that network people and application development people (and now security people) put such walls up between their work and areas of study within an organization-- it's all one problem. After taking some time off and helping another company prepare to go public, I co-founded NetFrameworks, Inc. with Tom McKnight in 1998.

How did you gain interest in computer security?

Since the time I first started working in a shared computing environment, in my case an IBM mainframe, I became very interested in security. It was completing the initial build-out of Global SprintLink and staring back over the expanse of the Internet and pondering its potential that fueled what would be come my obsession with the importance of security in distributed computing.

What are your favorite security tools?

Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //