tips tools api

SecurityTrails Blog · Aug 01 · SecurityTrails team

Top 10 Cybersecurity Legends You Should Know About

Reading time: 17 minutes

Cybersecurity is growing quickly and it might seem difficult to keep up with all the latest developments and trends. But there are some trends—or better yet, people—who have left their unmistakable imprint on the history of cybersecurity.

It’s hard to narrow the list down to only 10 influential people who have changed the industry, especially if we want to respect the legends who shaped the very beginnings of the Internet while including newer, more contemporary influences. That’s why we decided to get a bit more specific, and have compiled a list of the top 10 most famous hackers and influential people in cybersecurity.

Each person on this list has made a unique contribution to cybersecurity and how the world views it. Many of them will even be recognized by people outside the industry as truly impactful.

So whether they’re successful CEOs, industry leaders, or famous hackers who made all the headlines and scared people off the Internet for a time, we have them all and we tell their stories of fame, infamy, and bringing cybersecurity into the public consciousness.

The 10 most influential people and famous hackers in the history of cybersecurity

1. Kevin Mitnick

We’ve mentioned Kevin Mitnick on our blog when talking about the history of hacking. He’s a true cybersecurity legend; infamous, yes, but still…he made the news when the media wasn’t covering a lot of stories about hackers and cybersecurity in general.

Mitnick is a unique person in our industry. He was once on FBI’s Most Wanted list for having gained unauthorized access to major corporations’ computers, software, cell phone manufacturers and ISPs, and for allegedly stealing software from Motorola, Nokia, Fujitsu¹ and others.

He was prosecuted numerous times for cracking, and in 1992 when authorities planned to arrest Mitnick for hacking into Pacific Bell, he went on a run. His cover was blown when he attempted IP spoofing on security expert Tsutomu Shimomura, who then helped the FBI in tracking him down.

After this attack, and in reference to the hacking-related prank calls Tsutomu Shimomura had received, “My kung fu is stronger than yours” became a popular catchphrase³.

Mitnick recalls that his own, as he says, ‘favorite hack of all time²,’ took place when he was 16, when he hacked into a McDonalds drive-through. He tricked people by telling them they were the 100,000th customer and would get a free meal, so they would just drive away leaving the store managers scratching their heads. And when a police car came to the drive-through he’d yell, “Throw away the cocaine!”

He was never into hacking for profit, it was only for the challenge and plain ol’ fun. Much controversy was generated by Mitnick’s actions, his arrest and later on, the books and movies that were either written by him or about him. Some of the books and movies were against him, some defended him, and it was all heavily publicized with the media often portraying the case as much more malicious and dramatic than it really was.

The Mitnick case became the first to test the laws surrounding cybersecurity by using different types of cybercrime, so it stands to reason that he’s considered a very influential person in the history of cybersecurity.

Today, Kevin Mitnick is a security consultant to the Fortune 500 and governments worldwide, even helping the FBI with his talents, intelligence and skill (oh, the irony). He teaches classes about social engineering and has written several books on being “the world’s most famous hacker.”

2. Kevin Poulsen

Kevin Poulsen has also been named one of the world’s best hackers, and rightfully so.

If you’ve ever studied up on the history of hacking and cybersecurity, you must’ve come across the name Kevin Lee Poulsen. Once a black hat hacker going by the name Dark Dante, he began his infamous career quite early.

At the age of 17, he cracked the US Department of Defense but there were no real repercussions at the time.. When the FBI finally did start investigating Kevin, he went into hiding. During this time, he cracked several federal computers and ran phone taps on several consulates in the Los Angeles area. He also hacked into the FBI itself.

What really propelled him into “stardom,” though, was when he took over the phone lines of L.A. radio station 102.5 KIIS-FM to win a Porsche while still a fugitive. He was arrested shortly after the television show Unsolved Mysteries aired a piece about him.

After his release from a five-year jail term, Poulsen took on a journalistic career at the security research company SecurityFocus, writing about different areas of interest within cybersecurity news. He also dabbled in investigative journalism when he published his research on sex offenders on MySpace, and published Chelsea Manning’s chats about WikiLeaks.

He has been a law-abiding citizen, but old habits die hard: Poulsen was recently charged with doxxing a man who was behind a deep-fake video of Nancy Pelosi.

Kevin Poulsen is also notable as one of the crackers who didn’t frequently use their skills for profit (except for the Porsche incident), preferring to gain valuable information, including the government’s classified information. For his remarkable skill, and for showing the public thatthere is no system in existence that is truly impervious to network threats, he is regarded as one of cybersecurity’s undeniable legends.

3. Robert Tappan Morris

The son of a famous cryptographer who worked for the NSA, Robert Morris, Sr., Robert Tappan Morris was known as the man who accidentally destroyed the Internet.

Morris wrote a program that would become the very first computer worm. His goal for it would be to travel from computer to computer, by exploiting several vulnerabilities to gain unauthorized entry into their systems. To distribute the worm, he used MIT’s systems to hide the fact that he was at Cornell University.

The Morris worm was intended to check every computer to see if it was already infected—and to avoid the computers that would say “yes,” he programmed it to duplicate itself every seventh time on a positive response. Because of this, the worm spread quickly, so quickly that he even tried sending alert messages to system administrators, but by then it was already too far gone, having already infected more than 6,000 computers. This incident is also recognized as the first DDoS attack.

The cost for victims to remove the worm was reportedly anywhere from $200 to more than $53,000. Morris was soon arrested, but it took prosecutors eight months to prove his intentions of disrupting the Internet. He was also the first person to be prosecuted under the Computer Fraud and Abuse Act.

Today, Robert Morris is a tenured professor at the Massachusetts Institute of Technology and has founded the seed funding company Y Combinator with his friend Paul Graham.

4. Troy Hunt

Besides the historical figures who have influenced cybersecurity as we know it, we also have a few “modern” influences on the list. When talking about notable figures in the industry today, we can’t make a list without mentioning Troy Hunt.

Australia’s Troy Hunt is an eminent security expert working as a Microsoft Regional Director and named Microsoft’s Most Valued Professional (MVP) in Developer Security. He is known for his dedication in educating IT and security professionals with his 30+ security-related courses at Pluralsight, including his several-part Ethical Hacking course, and he gives many keynote talks and workshops to eager audiences at various security conferences.

He is also renowned for creating and running his project Have I Been Pwned (HIBP). HIBP is a free data breach service that allows people, both technical and nontechnical, to determine whether they have been impacted by a data breach and if their personal information has been compromised. Currently, the service contains nearly 8 billion records and the many notable users of his security API include Mozilla Firefox. There is also a Chrome extension, and many governments and law enforcement agencies use HBIP as well.

Hunt has won the European Security Blogger Award for Best Overall Security Blog and Have I Been Pwned has been included in Gizmodo’s 2018 list of 100 Websites That Shaped the Internet as We Know It — so it’s no surprise that he’s made his way onto this list too.

5. Brian Krebs

Brian is a unique entry here as he even claims himself not to have any technical background in the field. He earned his BA in International Studies, and when he was locked out of his computer by the Lion Worm he decided to focus his career on cybersecurity, learning everything he can to gain insights into the operations of cybercriminals. He made it his goal to provide detection and prevention to organizations and the public.

He worked as an investigative journalist for the Washington Post for more than a decade before starting his own security blog, KrebsOnSecurity. The blog has gained tremendous popularity and authority, thanks to his relentless work on uncovering cybercriminals and reporting first on high-profile data breaches, most notably Home Depot, Target, Adobe and Ashley Madison ¹⁰ ¹¹ ¹². Other notable work by Krebs includes uncovering the people behind the Coinhive¹³ service that allows owners to mine Monero in users’ browsers, a tool often used by malicious actors.

Investigative journalists have toiled as unsung heroes throughout history and Krebs is no different. His work has caused some criminals to retaliate; his blog was hit with one of the biggest DDoS attacks ever, and he’s been a victim of “swatting” and other antics. Yet through all of this, he’s remained passionate and devoted to uncovering the dangerous parts of the Internet.

His book “Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door” is a New York Times best seller and won the 2015 PROSE award. Besides gaining recognition for his literary work, he has also been o awarded the SANS Institute Top Cybersecurity Journalist Award¹⁴ and National Press Foundation, Chairman’s Citation Award¹⁵, among others..

6. John McAfee

John McAfee is a somewhat particular figure on this list as he didn’t really make it here for contributions to cybersecurity, but more for a private life that has been considered nothing short of controversial. As we said, we’re also talking about people who are very well known outside of cybersecurity circles, which McAfee certainly is.

John McAfee has built the company that produced the first and biggest commercial anti-virus software—but it’s what came after that really thrust him into the public eye. McAfee anti-virus has been harshly critiqued by many, even by McAfee himself.

In his career’s early years, during the 1960s, he went to work for numerous tech companies, including NASA’s Institute for Space Studies. At that time, the first viruses began appearing so he decided to start his own company to fight them. The company gained commercial success quite quickly so he was present and active in the industry from its formative years. After he resigned, he worked for many other startups and worked as a consultant, but then things changed.

He moved to Belize where he intended to gain a foothold in the medical field and produce antibiotics¹⁶. Soon after, however, the paranoid thoughts and behaviour resulting from years of taking drugs kicked in and he was allegedly involved in a murder case, and was caught participating in illegal activities involving drugs and weapons¹⁷.

You can say that before long, everyone knew who he was. And we can’t forget the Youtube video he posted, titled “How To Uninstall McAfee Antivirus,” which we don’t need to explain. If you haven’t seen it, it’s still on YouTube.

One can say that everything about McAfee is controversial, whether it’s his political views on taxes (he hasn’t paid any for years and claims that the IRS is targeting him¹⁸, his war on drugs (again some irony) and his seeking the presidential nomination of the Libertarian Party¹⁹. He has since announced that he will be trying for a presidential campaign under his own party, where he will be focusing on cryptocurrencies.

There are a lot of stories surrounding McAfee, some brought on by the media and many by himself, so it’s difficult to determine what’s actually the truth. He is quite a “legend,” some may say even a “madman,” but no list of all-time well-known people in cybersecurity is complete without him.

7. Eugene Kaspersky

Eugene Kaspersky is another addition to the list who, apart from his contributions to cybersecurity, has made quite a few headlines (although not in the same way as JohnMcAfee).

Born Yevgeny and later changing his name to Eugene, Kaspersky is a world-famous cybersecurity expert. He co-founded and is the current CEO of Kaspersky Lab, one of the largest endpoint security companies in the world, which develops security solutions, most notably their anti-virus software that is used commercially and by many governments around the globe.

With his strong background in cryptography, he developed a tool to fight against the Cascade virus when his computer became infected with it. That’s where the idea for his own company came.

He co-founded Kaspersky Lab with his ex-wife Natalia Kaspersky, and became its CEO in 2007. He was a regular at security conferences where he promoted their anti-virus software and upheld a reputation as an expert for detection and protection against cyberthreats. He was on the forefront of investigations of many complex cyberthreats, such as the Stuxnet worm²⁰ (allegedly the first government-sponsored cyberthreats), the Flame virus²¹ used in cyberespionage, Red October Malware²², Carbanak hacker group²³ and many others.

Devoted to education,Kaspersky frequents different lectures and conferences around the world where he shares his knowledge on cybersecurity and threat detection. He is very open with his critiques on patent trolls, data privacy, media and nationwide security.

Now, onto the controversies. As U.S.-Russia relations have become more tense, Kaspersky Lab, as a Russian company, has come under fire. And as Kaspersky was trained in a KGB school, it’s no wonder that there are many conspiracies claiming that he and Kaspersky Lab are sharing the data and assisting the KGB²⁴. Even though Eugene himself has offered their source code to the U.S. government, the conspiracies are still not dialing down.

Between making headlines due to the heating political climate, his contributions to cybersecurity with his company and activism toward educating the public and other professionals on threat detection and prevention, Eugene Kaspersky more than deserves his place on this list of the most influential people throughout history.

8. Charlie Alfred Miller

We all love a good Apple security exploit — and this guy was the first to challenge the notion held by many that Apple products are safer than all the rest. He also had fun trolling Apple doing it. Meet Charlie Alfred Miller.

Miller is definitely someone who has changed the community’s and the world’s perception of cybersecurity and how safe we really are, and he’s arguably one of the most charismatic hackers out there. He was awarded for being the first to demonstrate a security exploit in MacBook Air and went on to find an SMB vulnerability in iPhone. In 2011 he uncovered a bug in both the iPhone and iPad, where an app would contact a remote computer to download software that wasn’t checked, then execute any command, and in that way, gain access to and steal private data. To demonstrate this, as POC he created an iOS app called InstaStock and got approved by Apple.

He then reported this bug to Apple, and in turn got blacklisted by them.

Almost everything about Charlie is nothing short of epic. He dropped out of school because their computers were slow, then he earned a Ph.D. in Mathematics and a minor in Philosophy, and then he took up a job at the NSA. While he isn’t able to reveal his findings during that time, he now works on sharing as much as possible with the community to help make the Internet a safer place.

Other notable research Miller has conducted has been in the field of automobiles. He, together with Chris Valasek, remotely hacked a Jeep Cherokee²⁵ and signified to the public the inherent dangers of introducing self-driving cars without proper research, when we aren’t even that familiar with the manual ones. It’s no wonder that after that, he got the chance to work with Uber.

Some may say that Miller has walked the line between white hacker and gray hacker, but no one can deny his charisma, his sense of humour and above all, the great skill he has brought to the industry and the public.

9. Ginni Rometty

Named one of the 50 Most Influential People in the World²⁶ and one of the 50 Most Powerful Women in Business²⁷, she holds the CEO position at one of the world’s largest companies, and not just in tech.

Virginia “Ginni” Rometty has been the CEO of IBM for seven years now, and she is the first woman to hold that position at IBM. Rometty was born in Illinois and after obtaining a Bachelor’s Degree in Computer Science and Electrical Engineering she began working at General Motors. She left GM in 1981 to join IBM as a systems engineer, and first came into the spotlight when she helped negotiate IBM’s integration of PricewaterhouseCoopers. More recently, she gained recognition for her efforts during IBM’s purchase of Red Hat.

As the CEO of IBM, Rometty has focused the company on cognitive and cloud computing, as well as big data and analytics, and venturing into blockchain. She has been awarded for her work and the critical decisions she has made on IBM’s behalf several times. IBM’s patents under her tenure have contributed heavily to advancements in AI, blockchain, cybersecurity and the cloud.

In a field where males traditionally dominate, Rometty has been outspoken and inspiring for women in technology and leaders in general.

Besides the praise Rometty has attracted, there have been some critiques, especially surrounding the IBM revenue that continually declines. There has also been criticism about Rometty accepting pay bonuses at a time when the company was laying off employees²⁸.

Yet as a veteran in the industry and the CEO of a conglomerate as vast and influential as IBM, along with her activism for women in tech, Virginia Rometty has earned her place not only on this list, but on any other list of important people in cybersecurity.

10. Dan Kaminsky

You know about DNS cache poisoning, one of the critical DNS flaws and one of the most popular DNS attacks in existence? Well, Dan Kaminsky is the influential person who was involved in this research and brought it to the attention of the cybersecurity community.

Dan Kaminsky has been in the industry for over a decade as a security researcher. During his career he has worked with Cisco, Avaya and Microsoft. His most notable work involved the aforementioned DNS cache poisoning, sometimes even called the Kaminsky attack²⁹, research, but that’s just one of many projects benefiting from his participation. After discovering the critical flaw, he focused on fixing the Internet but as it was later discovered, the flaw was in the design. With no way as such to fully fix it, he nevertheless developed the patch that will render any attempted exploit that much more difficult. Now, Kaminsky is the American Representative of the seven Recovery Key Shareholders who can restore the DNS root keys.

Using the same flaw, he was able to share that the Sony Rootkit had infected at least 568,200 computers. Dan was also among the researchers who discovered that the Conficker worm leaves a fingerprint on infected computers that can be detected, using even open source Nmap³⁰.

Because of his work busting cybercriminals, Kaminsky has been targeted for a leak of private information by hackers associated with “Zero for 0wned”³¹.

Dan currently works as a Chief Scientist at WhiteOps and continues to be active at conferences, frequently at the Black Hat Conference.


Do you like our list? Who would you add to this list? Be sure to follow us on Twitter to stay tuned for more influential people in cybersecurity, and to catch up with the ones you should follow on social media.

Finally, you don’t have to fall victim to an infamous hacker—try out our SurfaceBrowser™ to explore the attack surface area of your company or website!

1 http://edition.cnn.com/SPECIALS/1999/mitnick.background/
2 https://www.revolvy.com/page/My-kung-fu-is-stronger-than-yours
3 https://www.youtube.com/watch?v=EkEI7yJho_I
4 https://www.latimes.com/archives/la-xpm-1995-04-11-me-53388-story.html
5 https://dailycaller.com/2019/06/02/daily-beast-backlash-doxxing-black-forklift-operator/
6 http://scihi.org/internet-morris-worm/
7 https://www.troyhunt.com /i-just-won-the-european-security-blogger-award-grand-prix-prize-for-the-best-overall-security-blog/ 8 https://gizmodo.com/100-websites-that-shaped-the-internet-as-we-know-it-1829634771
9 https://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
10 https://krebsonsecurity.com/tag/adobe-breach/
11 https://krebsonsecurity.com/tag/ashleymadison-hack/
12 https://krebsonsecurity.com/tag/home-depot-breach/page/2/
13 https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/
14 https://www.sans.org/top-journalists/2014
15 https://www.prnewswire.com/news-releases /cybersecurity-reporter-brian-krebs-wins-national-journalism-award-300018525.html 16 https://gizmodo.com/from-antivirus-to-antibiotics-mcafee-searches-for-a-la-5569746
17 https://www.thesun.co.uk /news/9571247/fugitive-anti-virus-guru-john-mcafee-arrested-cache-firearms-dominican-republic/ 18 https://toshitimes.com/john-mcafee-taxation-is-illegal-and-i-have-not-filed-a-tax-return-in-8-years/
19 https://ballotpedia.org/JohnMcAfee(Libertarian_Party_candidate)
20 https://www.kaspersky.com/resource-center/infographics/stuxnet
21 https://www.kaspersky.com/about/press-releases/2015_equation-group-the-crown-creator-of-cyber-espionage
22 https://www.kaspersky.com/about/press-releases/2013_kaspersky-lab-identifies-operation–red-october–an-advanced -cyber-espionage-campaign-targeting-diplomatic-and-government-institutions-worldwide 23 https://www.kaspersky.com/blog/billion-dollar-apt-carbanak/7519/
24 https://www.vice.com/en_us/article/wjbda5/kaspersky-sas-conference-russia-spying
25 https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
26 https://www.forbes.com/lists/power-women/#321bc8995a95
27 https://www.mba.com/mbas-and-business-masters/articles/women-in-business/powerful-women-in-business
28 https://www.cnbc.com/2017/05/05/ibm-shareholders-criticize-rometty-salary.html
29 http://www.securitylab.disi.unitn.it/lib/exe/fetch.php?media=teaching:netsec:2016:kaminskyattackgroup21.pdf
30 https://dankaminsky.com/2009/03/30/taming-conficker-the-easy-way/
31 https://news.softpedia.com/news/Security-Gurus-0wned-by-Black-Hats-117934.shtml