TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Сloud Security Hackers Use AI for Exploit Development, Attack Automation Hackers Use AI for Exploit Development, Attack Automation by Alexander Culafi May 11, 2026 5 Min Read Сloud Security After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets by Nate Nelson May 7, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Cybersecurity Operations Cybersecurity Careers Cyber Risk Threat Intelligence News Since 2006, Dark Reading has been at the forefront of covering cybersecurity, providing deep insights and analysis beyond the headlines. All those major news events? We were there. Shifts in technology trends? We wrote about them. Enjoy this special anniversary coverage celebrating where we've been and what's next. 20 Leaders Who Built the CISO Era: 2 Decades of Change As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook. Dark Reading Editorial Team May 11, 2026 41 Min Read Source: Artur Marciniec via Alamy Stock Photo 20 Leaders Who Built the CISO Era: 2 Decades of Change Twenty years after Dark Reading debuted in 2006, the CISO era is no longer emerging — it's well-established. But you know what they say about standing on the shoulders of giants … It began with pioneers like Steve Katz formalizing the role at Citicorp and Howard Schmidt elevating cybersecurity to an administration-level hire in federal government; but now, cybersecurity has become a board‑level risk, and the job of the chief information security officer (CISO) has expanded from block-and-tackle cyber defense into the realms of business resilience, national security, brand protection, compliance, and corporate trust. This special 20th anniversary retrospective from Dark Reading traces a rich history of how a diverse set of voices reset the playbook for adversaries and defenders alike, and architected today’s CISO-led world. We profiled 20 newsmakers, from Dan Kaminsky to Barnaby Jack, Katie Moussouris to Troy Hunt, Window Snyder to Kevin Mandia. There are some tarnished haloes in there too, like Edward Snowden, Kevin Mitnick, Marcus Hutchins, Albert Gonzalez, and Joe Sullivan, all of whom have been at the center of hard conversations about accountability, offense/defense dynamics, how enterprises should ethically respond to threats, and redemption narratives. The list is by no means exhaustive, but we think it's representative. Each of these 20 profiles (organized alphabetically) have contributed to a practical road map for modern cyber defense: align cyber with business outcomes; modernize disclosure, collaboration, and crisis communications; bridge gaps between public and private, cloud and on-prem, the board and the SOC; pressure‑test supply chain and third‑party risk; prioritize safety for connected devices and critical infrastructure; and of course, ready your organization for AI‑accelerated threats. Happy (dark) reading! Click here for all of our DR20 content , which will be rolling out across the month of May. Keep checking back for new items! 'Get Rich or Die Tryin': Albert Gonzalez & Cybercrime's Tipping Point Albert Gonzalez. Source: Dark Reading There was a time in the early 2000s when cybercrime busts were rare, and perpetrators were mostly nameless and faceless. That all changed in 2008, when federal authorities arrested 26-year-old Albert Gonzalez, the mastermind behind a massive hacking operation targeting some of the biggest names in retail (as well as card payment processor Heartland Systems). His self-titled "Operation Get Rich or Die Tryin'" spree marked the largest cybercrime and identity theft case in history for the US Department of Justice at the time, and his prison sentence of 20 years was the longest ever levied on a convicted cybercriminal. Gonzalez, whose online handles included "segvec," "soupnazi," and "j4guar17," between 2005 and 2007 hacked into retailers including TJX Companies, BJ's Wholesale Club, Office Max, Boston Market, Sports Authority, 711, Hannaford Bros., and Barnes & Noble, as well as Heartland, stealing in total some 160 million-plus payment-card accounts. The financial damages to companies and insurers initially were estimated at hundreds of millions of dollars. Even more stunning was the fact that Gonzalez performed much of his cybercrimes while working as a paid undercover informant for the US Secret Service, where he helped the agency engage and bust carders. "Up to that point, most of the public still pictured hackers as kids defacing websites or pulling pranks," recalls David Maynor, a security expert with Tenable. "Gonzalez made it impossible to keep pretending. Real money was moving, with organized crews behind it, and companies were eating losses big enough to show up on quarterly earnings." The case represented a shift in the hacking conversation: cybercrime had become a money-making profession. "Gonzalez changed the talking points. This wasn't curiosity-driven; it was repeat, profit-driven intrusion across multiple companies," Maynor says. "Law enforcement stopped treating hackers as lone explorers and started treating cybercrime as the business it actually was." Gonzalez employed various techniques in the cyber heists, including "wardriving" near retailer Wi-Fi networks and installing sniffers that grabbed passwords and account information. He also later supplied his fellow hackers in Eastern Europe and the US with backdoor malware and SQL injection strings, to exploit holes in store payment servers and snatch payment account data. In 2011, Gonzalez unsuccessfully tried to appeal his conviction, arguing that the Secret Service had sanctioned his hacking and had made him feel like a part of the agency as he did their bidding. According to US Bureau of Prisons records, Gonzalez was released in September of 2023, having served 15 years of his 20-year sentence. Jennifer Granick: Battling on the Frontlines of Cyber Law Jennifer Granick. Source: the ACLU. The past two decades have seen a wide range of legal battles regarding cybersecurity and Internet freedom, and perhaps no one has been more involved in those battles than Jennifer Granick. The former surveillance and cybersecurity counsel with the ACLU's Speech, Privacy, and Technology Project, Granick began her legal career in criminal defense in the '90s, where she focused on digital law and computer crimes. Later, she helped create the Stanford Law School's Center for Internet and Society (CIS), which launched in 2000 as a program dedicated to technology law and policy. Granick led the CIS as executive director from 2001 to 2007, and later served as the civil liberties director at both the Electronic Frontier Foundation (EFF) and CIS before joining the ACLU in 2017. During her career, she helped develop Internet and privacy law policy, including an exemption of the Digital Millenium Copyright Act (DMCA) in 2006 that allowed subscribers to "jailbreak" mobile device firmware in order to switch carriers, leading to other legal protections and DMCA exemptions in later years. In addition to her policy work on cybersecurity and digital rights, Granick has been an outspoken critic of digital surveillance and authored the 2017 book American Spies: Modern Surveillance, Why You Should Care, and What To Do About It . But she's perhaps best known in cybersecurity circles as being a staunch defender of security researchers and hackers over the years, including defending the late Internet activist Aaron Swartz . She's served as a board member of the Internet Security Research Group (ISRG) and has spoken at several infosec conferences over the years and gave the keynote address at Black Hat USA 2015 , in which she warned that Internet freedom was dying. "She is an unflappable voice of reason, and thus one of the first people I turn to when things get tough," Josh Aas, executive director and co-founder of ISRG, says of Granick. "You won't find a better person to help you get comfortable with uncertainty, talk through nuance without letting it bog you down, and feel good about where you land. More often than not, she'll even make it fun." Troy Hunt Brings Breach Data to the Masses Troy Hunt. Source: Troy Hunt A long-time security consultant, Troy Hunt's claim to fame is founding and operating Have I Been Pwned? , a database launched in 2013 that lets users insert their email to check if they've had personal information compromised in a data breach. As of this writing, the database includes 975 "pwned" websites representing 17.5 billion compromised accounts. No centralized public source of breach data existed prior to 2013. As a