Application security, Network Security, Security Strategy, Plan, Budget

Industry remembers security heavyweight Schultz

A man remembered by colleagues and friends as being one of the first to sound the alarm on threats like spam and vulnerable applications has died.

Gene Schultz, considered one of the "founders" of information security industry, died on Sunday following a fall on an escalator. He was 65. According to reports, he had suffered an unrecognized stroke two weeks earlier.

In the late 1980s and early 90s, Schultz founded and managed the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC), the first formal incident response team. It was during this period that Schultz first met several other cybersecurity luminaries, including Howard Schmidt and Gene Spafford.

During his 30-year career, Schultz worked as a computer science professor at several colleges, including Purdue University, University of California at Davis, and the University of California at Berkeley.

Schmidt, cybersecurity coordinator and special assistant to President Obama, told SCMagazineUS.com on Tuesday that his friend of 25 years, who he referred to as “Schultzie,” was one of the first people to raise awareness about issues such as spam and application security. In fact, whatever the latest issue was, Schultz not only knew about it and could convey the problem in understandable terms, but he also had a possible solution, Schmidt said.

“That's what set him apart between those who are just identifying the problems,” Schmidt said. “He said, ‘Here's how we can remediate and fix this.' If it was important, he knew about it, understood it, talked about it and taught about it.”

Despite the challenging industry in which he worked, Schultz will perhaps be most remembered for his unwavering optimism.

“You'd never get a sense [from him] that we were getting beat down with the complex issues we were dealing with,” Schmidt said. “Even the last time I saw him, earlier this year, he had boundless, happy energy, saying, ‘We can do this and fix this stuff.'”

During his career, Schultz co-founded the Forum of Incident Response and Security Teams (FIRST), the global coordination center for computer emergency response teams (CERTs) around the world.

He authored or co-authored more than 120 published papers and five books relating to internet, Windows NT/2000, and Unix security, as well as incident response and intrusion detection and prevention. In addition, from 2002 to 2007 he was editor-in-chief of the journal Computers and Security, and was an associate editor of Network Security. He was also a certified SANS instructor and a longtime member of the editorial board of the newsletter SANS NewsBites.

“He was one of the first people to be recognized as being in the then-emerging practice of information security,”  Tim Mather, advisory director at KPMG, told SCMagazineUS.com on Tuesday.

Schultz also was admired for his volunteerism and the work he did with nonprofits. He was, for example, a distinguished fellow of the Information Systems Security Association, and a member of the accreditation board of the Institute of Information Security Professionals.

He was called on to provide expert testimony on various security issues before committees within the U.S. Senate and House of Representatives, and served as an expert witness in legal cases.

During his career, he received numerous awards, including the NASA Technical Excellence Award and the Department of Energy Excellence Award.

At the time of his death, Schultz was serving as chief technology officer at Emagined Security, a San Carlos, Calif.-based information security consultancy.

“We have no words to describe our sadness,” Emagined Security wrote in a message on its website.

Condolences and personal memories have been forthcoming from members of the information security community following the news of Schultz' passing.

“Our world is a little less bright with him gone, but so very much better that he was with us for the time he was here,” Eugene Spafford, executive director at Purdue University's Center for Education and Research in Information Assurance and Security, wrote in a blog post Monday.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

You can skip this ad in 5 seconds