Connect with us

Hi, what are you looking for?


Management & Strategy

Bruce Schneier Moves on from IBM

Bruce Schneier announced in a brief blog post, “I’m leaving IBM.” His three-year stint with what he calls “the nicely ambiguous title of ‘Special Advisor'” ended at the end of June 2019. He gives no specific future plans beyond saying that he will continue to write, speak, teach and occasionally consult.

Bruce Schneier announced in a brief blog post, “I’m leaving IBM.” His three-year stint with what he calls “the nicely ambiguous title of ‘Special Advisor’” ended at the end of June 2019. He gives no specific future plans beyond saying that he will continue to write, speak, teach and occasionally consult.

Schneier has been a cybersecurity luminary since his book Applied Cryptography was published in 1994. Since then he has developed several ciphers, including Blowfish, Twofish, Threefish, and MacGuffin. Twofish was one of the five finalists in the NSA encryption contest that ultimately led to the selection of Rijndael as the Advanced Encryption Standard.

But Schneier is more than a cryptologist. He describes himself as a ‘public-interest technologist, working at the intersection of security, technology and people’ — and is a board member of the Electronic Frontier Foundation (EFF). His opinions are often blunt, but almost always insightful. Cory Doctorow famously contracted one of his comments into Schneier’s Law: “Any person can invent a security system so clever that he or she can’t imagine a way of breaking it.”

Schneier is not an easy fit in large companies. He spent seven years in BT as Security Futurologist (another nicely ambiguous title) following BT’s purchase of his company Counterpane for around £100 million in 2006. During that period, BT was involved in what became known as the Phorm Scandal. Phorm was an early targeted advertising platform that sought agreements with ISPs (such as BT) in order to gain users’ browsing behavior through deep packet inspection. BT secretly trialed the Phorm software with about 10,000 users — but failed to tell them about it.

This sort of behavior runs counter to Schneier’s natural beliefs (he was a severe critic of the NSA and GCHQ mass surveillance revealed by Edward Snowden), and in 2008 he blogged, “I was not involved with BT and Phorm, then or now.” He left BT at the end of 2013. BT was quoted as saying, “We have agreed to part ways as we felt our relationship had run its course and come to a natural end. It has nothing to do with his recent blogs.” He said, “It’s past time for something new. As to what comes next: answer cloudy; ask again later.”

In the following month he joined a former colleague from Counterpane (John Bruce) at CO3 Systems as Chief Technology Officer. In February 2015, CO3 changed its name to Resilient Systems, and Schneier blogged, “The new name better reflects who we are and what we do. Plus, the old name was kind of dumb.” Resilient Systems provided an incident response platform.

During 2015, the platform was integrated with IBM’s QRadar SIEM, effectively creating an early SOAR. The integration was successful, and in 2016, IBM announced its intention to acquire Resilient Systems (with Schneier admitting it had been his hope). He moved with the company to IBM.

Advertisement. Scroll to continue reading.

“We’re still working out what I’ll be doing at IBM,” he blogged at the time. “I know they want me to be involved in all of IBM Security. The people I’ll be working with know I’ll continue to blog and write books. (They also know that my website is way more popular than theirs.) They know I’ll continue to talk about politically sensitive topics. They know they won’t be able to edit or constrain my writings and speaking. At least, they say they know it; we’ll see what actually happens. But I’m optimistic.”

In the event, he stayed with IBM for just three years, far less than the seven years at BT, even though IBM was arguably a better fit for him than BT.

You could never call Bruce Schneier unemployed — he is always engaged in one or more projects. For the moment, there is no clue from him over future intentions (SecurityWeek has asked, and will append any response to this article). He will be courted by large security firms for the cachet of employing Bruce Schneier with yet another nicely ambiguous title. But his stints with BT and IBM followed the acquisition of his companies, and may have been part of the deal.

Whether he has another new company in the pipeline will become clearer in the coming months.

Related: Security Awareness Training Debate: Does it Make a Difference? 

Related: Stolen SIM Card Keys Could be Powerful Spy Tool 

Related: Senators Reintroduce IoT Cybersecurity Improvement Bill 

Related: US, British Spy Agencies Crack Web Encryption: Reports 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.