Peter Tippett is the 2017 ISE® Luminary Leader

Peter Tippet MD, PhD, has been recognized with the 2017 ISE® (Information Security Executives) Luminary Leadership Award, see

I have known Peter for some 20 years, when he was head of TruSecure Corporation and ICSA Labs, and publisher of Information Security magazine. I was responsible for information security at a financial institution at the time. We invited TruSecure to certify our infosec program and our data facilities using the 100+ “essential practices” that Peter and his team had developed. Peter came to our offices on several occasions to present his leading-edge ideas and impressed us with his background and knowledge. As I recall, he said that, while studying to be a physician, he became interested in software and developed an early, if not the first, firewall. He then went on the form TruSecure, which performed information security evaluations, and ICSA Labs, which tests security software products (see ).

Peter is a true Renaissance man, having started out in medicine, he ventured into cybersecurity, and has now returned to healthcare, combining his two areas of expertise. He is above all realistic. He eschews “best practices” as meaningless (after all, who decides what is “best”?) and instead introduced the term “essential practices,” meaning “this is what you must do to meet stringent infosec requirements, regardless of what others might be doing.” By the way, this differs somewhat from the views of another of my heroes, Donn B. Parker, who claims that you only have to measure up to your leading-edge peers when it comes to managing infosec risk. Incidentally, at my request, Donn wrote both the preface and a chapter in a book that I co-edited (along with Drs. Jennifer Bayuk and Dan Schutzer) with the title “Enterprise Information Security and Privacy” (Artech House, 2009). The book is an attempt to counteract the situation where infosec is continually in catch-up mode because of outmoded tools and techniques, which has left defenders far behind attackers when it comes to ensuring security and privacy.

I strongly believe that it is important to consider the different points of view of our luminaries. It is too common for infosec professionals to take a single, narrow view and run with it throughout their careers … to the detriment of the profession and the security of our IT systems. We need to be questioning prior assumptions and responses at a time when there are increasing volumes of successful cyberattacks, despite large increases in spending on defense.

Now back to Peter … I have heard him speak many times and read his columns and other publications. As far as I know, he created the highly-regarded annual DBIR (Data Breach Investigations Report) while a senior executive at VerizonBusiness (Verizon bought Cybertrust, which had bought Trusecure). Peter’s delivery is light-hearted and humorous but his treatment of key security topics is serious and deep. He claimed that too much focus by infosec professionals is on encrypting data transmissions, which are subject to very few compromises. By far the majority of successful cyberattacks are against data at rest. His assertion has been proven correct time and again as huge data troves and personal emails have been attacked and stolen for nefarious uses.

As a winner of the 2017 ISE® Luminary Leadership Award, I am indeed proud to be sharing this honor with someone whom I have admired these past two decades. I also won the 2003 Computerworld Premier 100 award, and as part of the documentation required from entrants, we had to name a person we most admired in the field … and my choice was Peter Tippett.

Candidates for the ISE® Luminary Leadership Award are proposed and voted on by a committee made up of previous winners. I am delighted that we chose someone with the stature, knowledge and modesty of Peter Tippett, who well deserves the recognition that this award signifies.

Post a Comment

Your email is never published nor shared. Required fields are marked *