Let’s Do Something Worthy of Mike Murray
By now, everyone who knew him—and even those who did not—know that we lost a giant in the security world last week; our friend Mike Murray. There have been some great articles, countless tweets, LinkedIn and Facebook/Meta posts that attest to what a giant he was in the industry.
Mike was a giant, not just for his security chops and his passion to improve the state of security, but because in an industry where personalities run the gamut from antisocial introverts to attention-seeking, thought-leader wannabes, Mike was real. Mike was genuine. Mike was an honest-to-goodness good guy. He always had a smile, a kind word; Mike showed up. Personally, any time I needed Mike to teach me security, talk through an issue, speak at an event, appear on a panel, he was always willing—and he was also always willing to listen.
Running into Mike over the years was always one of the highlights of any conference I attended. He was one of the originals and a constant at our security bloggers’ events at RSA all these years. And I do mean all these years.
Before I get into that history and reminisce about what I think of as a golden time in the security industry, let me get to the point here. Words and platitudes are great. But Mike’s legacy demands more. Let’s do something meaningful, let’s do something impactful. Let’s do something worthy of Mike’s influence on us all and worthy of his memory.
I have some ideas, but I am open to others’ ideas, too. I don’t have to be the leader of this effort, but I want to be involved. I would like to do something with the approval and support of his family and friends. I am reaching out to those who came up in the security field with Mike. With two months before RSAC, I would like to have something to announce; something that we are doing to honor Mike by the time RSAC kicks off. I can’t do this myself. So all of you who are lamenting this terrible loss, let’s step up and do something worthy of Mike. Write me at [email protected] and share your ideas. Words are great, but let’s do something.
So, now, a little history. I first met Mike way back when he worked for nCircle. A few years later, we tried to hire him away to StillSecure to run our vulnerability management research and product team. Mitchell Ashley and I tried hard to get him to work with us in Boulder, Colorado. We failed to convince him, but I was friends with Mike before we tried to hire him and our friendship endured.
Looking back at those days—what a golden time that was for the security industry. Mike was at nCircle with Andrew Storms, TK Keanini and others. Ron Gula was spinning up Tenable with Renaud and Jack. Marty Roesch had taken his Snort IDS to a company he started called Sourcefire. He surrounded himself with some great talent, including a young, shy marketing person who didn’t realize what a superstar she was. She just worked harder than anyone else. Jennifer Leggio went on to scale the heights of our industry, but remained great friends with Mike. Oh, there were so many others.
Rich Mogul left Gartner and hooked up with a transplanted New Yorker living in Atlanta who had some “security insight” and they formed Securosis. Chris Hoff was contemplating “To blog or not to blog?”—there was no Twitter yet—that was the question, and thank goodness he didn’t stop then. A young lady from North Carolina had a hard time being taken seriously because she was a pretty young lady in security and that was an even bigger problem back then. But her talent and smarts couldn’t be denied, and Jennifer (JJ) Jabbusch succeeded in making her mark on the scene. Another woman who blazed a trail was Security Barbie (I always hated that name)—Erin has proven what a star she is. Martin McKay’s running commentary on his security and life observations. There was a young guy up in Boston, CSO Andy, who did pretty well, too. A guy with a long, ZZ Top-style beard was a sage voice even back then and helped put together the whole B Sides thing. This was before there was a Security Weekly and it was just Paul.com. George Hulme would actually show up to security conferences. Kelly and Tim from Dark Reading, Illena from SC Mag. My Twitter, LinkedIn and Facebook feeds are still filled with these amazing people.
I look back on those years and realize I didn’t even know what I was really part of. I didn’t realize that those were the times of our lives. Yes, security has grown a whole lot since then. The terminology has changed, the numbers are bigger, the market, the community—all bigger. But I don’t know if it is greater. I do know that losing people like Mike Murray makes it harder for us to be greater.
But this is a time to do something. Let’s do something to honor Mike the man and Mike the security professional. If I mentioned you in this article, I am looking at you. Help me with this project. If you know Mike or of him, if you have any memories or ideas you want to share, please, help with this project. Our time is coming, and now we are on the shorter side of our careers (well, many of us, anyway). This is a chance to leave something for those who came after us. Help make sure we don’t lament the loss of friends too soon. Let’s do something worthy of Mike.
