The Washington PostDemocracy Dies in Darkness

Alan Paller, early leader in cybersecurity awareness, dies at 76

Alan Paller in 1999. (John Bright/The Washington Post)
Placeholder while article actions load

Alan Paller, an early and influential advocate for cybersecurity and a diverse cyber workforce, died Nov. 9 at his home in Bethesda, Md. He was 76.

His death was announced by the Bethesda-based SANS Institute, one of the world’s foremost nongovernment cybersecurity training programs, which Mr. Paller founded with his wife in 1989. The institute did not specify the cause.

Mr. Paller, an entrepreneur and technologist, combined idealism with a cut-to-the-chase pragmatism. From his start working with the Navy to use computers to design ships, he embarked on one of the most successful private-sector efforts in the United States to train generations of cybersecurity professionals and sought to broaden their ranks to include women and people of color.

He increasingly sounded the alarm about the threats to an evermore digitally connected world. He spoke of cybersecurity as an “existential issue” and early on championed regulation, which the U.S. government is only now starting to embrace. “We’re desperately late in doing this,” he told The Washington Post in 2012. “Our future economic well-being and future national security are at stake if we don’t mandate it.”

His twin missions were building the pipeline for cyber talent — what he called “cyber ninjas” — and relentlessly pushing the public and private sectors to adopt standards or “critical controls” to lessen the odds that their computer systems would be hacked.

He wasn’t shy to ask friends to wield their influence to press for action. Shortly after Jane Holl Lute became deputy homeland security secretary in the Barack Obama administration, she received a call from Samuel R. “Sandy” Berger, who had been Mr. Paller’s college classmate and President Bill Clinton’s national security adviser.

“I need you to speak to this guy, Alan Paller, and whatever he tells you to do, you should do,” Lute recalled Berger saying. Mr. Paller told her that there was a “coming crisis in cybersecurity” and that DHS wasn’t doing enough. She responded that she took the issue seriously, but she had only been in the job “about 10 minutes.”

During the past few years, Mr. Paller made a concerted push to contact more girls, minorities and young people through programs that met them where they were: He used gaming to attract teenagers and then expose them to cybersecurity principles through competitions that were more fun than study.

“Alan was really encouraging and passionate,” said Haya Arfat, a 20-year-old Pakistani American from Texas who joined Mr. Paller’s GirlsGoCyberStart program for high-schoolers and received a SANS Institute scholarship in 2019 to learn cyberdefense skills. “That’s what opened my eyes to the possibility of a career in cybersecurity,” said Arfat, now studying at Texas A&M University.

Mr. Paller conferred with Arfat to ask how his programs could engage more high school students. She was soon working for him at his newly created National Cyber Scholarship Foundation. Founded last year by Mr. Paller and his wife, Marsha Mann Paller, the organization has provided 1,000 high school and college students with college scholarships and free cybersecurity training.

“He treated me as an equal and really respected my thoughts on things,” said Arfat.

To recruit more young talent or to find pockets of potential in underserved communities, Mr. Paller also reached out to community colleges, veterans and Junior ROTC programs.

“He wanted to solve problems,” said Michele Guel, a computer security engineer who met Mr. Paller in 1991 when she was working at NASA and who presented a paper at the first SANS conference in 1992. “He was relentless about that and gathered people along the way who had talent and passion and wanted to help.”

Alan Terry Paller was born in Indianapolis on Sept. 17, 1945. His father was an engineer, his mother a high school English teacher. He graduated from Cornell University in 1967 with a bachelor’s degree in mechanical engineering and the next year received a master’s degree in engineering from the Massachusetts Institute of Technology.

Early in his career, Mr. Paller co-founded a computer timeshare business in Hawaii and ran a consultancy in applied computer graphics technology. He also worked for the Institute for Defense Analysis on missile-defense issues, which exposed him to security risks related to computer systems.

In the 1980s, the U.S. government operated computers to bring together university researchers and defense analysts. The systems were open, designed to connect, not to keep out. There was no security to speak of: no firewalls, no intrusion-detection devices, no dual-factor authentication.

Mr. Paller grew convinced of the need to promote not just efficient system management, but also secure operation. He and his wife started the SANS Institute, which originally stood for System Administration Networking and Security and began by hosting conferences with experts giving talks and short tutorials. One of the first involved the hack of Virginia Tech’s computer network by a teenager in Portland, Ore.; they later focused on the emerging threat from sophisticated adversaries such as China and Russia.

Today SANS offers more than 35 certifications and has trained more than 245,000 people around the world. He also founded the SANS Technology Institute in 2005, which nine years later became a regionally accredited cybersecurity college and graduate school.

Mr. Paller used SANS, which became a profitable business, as a “platform for activism,” said Tony Sager, a former National Security Agency cybersecurity official. “It gave Alan access to great talent, resources and reputation, and so he became an advocate for action by the government for improving the state of security.”

In 2000, over dinner at the Cosmos Club in Washington, Mr. Paller convened a group of cybersecurity luminaries who discussed the need to promulgate best practices. That meeting led to the creation of the Center for Internet Security, a nonprofit whose configuration standards have now been adopted worldwide.

And throughout that decade, he decried the dearth of cyber talent and how that made for stiff competition among federal agencies — calling it “fratricide on the parkway,” a reference to the Baltimore-Washington Parkway that links the NSA at Fort Meade and a Pentagon agency that handles cyber forensics, the Department of Defense Cyber Crime Center.

“You’ve got the offense guys out at the Fort,” he said, referring to NSA hackers who gather intelligence from foreign targets. “And you’ve got the defense guys down the road. . . . They’re hiring away from each other.”

In 2012, Mr. Paller and Jeff Moss, an American hacker and cyber expert who founded two of the most influential Internet security conferences in the world, were named co-chairs of the Department of Homeland Security task force on cyber skills, an effort to develop a workforce development strategy.

Amid a packed schedule, Mr. Paller kept family commitments. Guel, a SANS consultant, recalled how during the organization’s first conference in Washington, he broke away from a work dinner and raced home to help a daughter with homework.

In addition to his wife of 53 years, survivors include two daughters, Channing Paller and Brooke Paller, both of Bethesda; a sister; and two grandsons.

Mr. Paller’s unstinting drive did not endear him to everyone, and he was especially blunt with those in government, said Sager, who is now with the Center for Internet Security. He recalled his friend rebuking a federal agency that, in his eyes, had fallen dangerously short in developing cybersecurity guidelines.

“Oh, Tony, you’re welcome to go into any room that I’ve been in and sweep up any broken glass worth saving,” Mr. Paller told him. “But make sure it’s worth saving.”

Read more Washington Post obituaries