twitter facebook rss

Introducing David Harley

Posted by on April 28, 2015.

I was a late starter in Information Technology, but I’ve nevertheless been in that field for nearly 30 years, which tells you that unfortunately, I’m not in the first flush of youth. In fact, if I wasn’t such a sad workaholic, I’d be retired now.

My academic background is in both social sciences and computer science, which I guess is why I’m at least as interested in the psychology of both criminals and victims as I am in the bits and bytes of malware and anti-malware or the more esoteric aspects of cryptology. My vocational qualifications have ranged from security audit to CISSP (Certified Information Systems Security Professional), though I’ve recently dropped my subscriptions to (ISC)2 and the BCS Institute, where I was a Fellow (FBCS). I’m still in sympathy with the general aims of those organizations, but as I don’t intend to look for other jobs in information security and I don’t see the point in paying just to have extra letters after my name.

For some years my main ‘profession’ was music, supplemented by various casual jobs such as bar-work, then more permanent work in various corners of the building trade. I actually have qualifications in architectural ironmongery and wood-machining, though I wouldn’t want or expect to find work in either of those areas now.

In the late 1980s I started working in medical informatics at the Royal Free Hospital in London, though my role was in administration, support, and systems development rather than in data manipulation and interpretation. In 1989 I moved to what was then called the Imperial Cancer Research Fund (now merged into Cancer Research UK): after two years working in the Human Genome Project, I moved to the Fund’s IT unit, and over the next few years worked in software/hardware/network support and systems administration, but soon became highly focused on security in general and virus/malware management in particular.

By the late 1990s I was talking about security at international conferences and writing papers and articles (for specialist organs such as Virus Bulletin as well as more generalist publications), and even some Internet FAQs, and was actively researching malware in general, but in particular Mac security, anti-malware product testing (I was for a while a director of the Anti-Malware Testing Standards Organization), email abuse management, and various forms of computer-related fraud. I also played a major part in the development of AVIEN, an organization that represented the interests of the security industry’s major customers as well as that of the vendors within the industry.

In 2001 I was absorbed into the UK’s National Health Service, where I ran something called the Threat Assessment Centre (but was still specializing in malware and mail management), and co-wrote several security books in fairly quick succession. Really, I suppose I was re-absorbed: it was actually my third spell in the NHS, though my roles on each occasion were very different: from nursing, to administration/data entry/coding, to security management.

In 2006 I left the NHS to work as an independent author and consultant: in those roles I have since worked closely with the security company ESET, where I currently hold the position of Senior Research Fellow, and hope to do so for a while yet, though the views I express here are my own, not ESET’s.

It’s been a very long time since I was directly engaged in coding or malware disassembly or the other preoccupations of the true anti-malware geek. I eventually realized that while there are many people who are far better at that stuff than I am, I have a certain talent for what I like to call Geek-to-English translation. This means that I get to work with people who are far smarter than I am and gain some reflected glory by explaining their research in terms and language that the public and the media find easier to understand. So while I still do a lot of writing and high-level research on my own account – much of it is linked from here – I also do a great deal of editing and proofreading. Much of my non-technical writing can be found here (songs and music) and here (verse).

My wife and I live in the UK: we’re currently living in the West Midlands.

(Partial) Bibliography

I haven’t written a security book since 2008, though there’ve been a couple of projects with mainstream publishers that I eventually decided against continuing with. If I do write another security book, I’ll probably self-publish, and I’m more likely to do more writing in other fields. Still, here’s a not-quite-complete list of my security books, as listed in Wikipedia.

There’s a far more comprehensive list of the other security stuff I’ve written – including nearly all my conference papers and some of my articles – on my Geek Peninsula blog.

  • Hossein Bidgoli et al. (2008). The Handbook of Computer Networks. Wiley. Volume 3, “E-Mail Threats and Vulnerabilities.”
  • Paul Baccas et al. (2008). OS X Exploits and Defense. Syngress.  Chapter 3: “Malicious Macs: Malware and the Mac.” Chapter 4: “Malware Detection and the Mac.”
  • David Harley et al. (2007). AVIEN Malware Defense Guide for the Enterprise. Syngress. (Editor, technical editor, author or co-author of several chapters.)
  • Craig A. Schiller, Jim Binkley et al. (2007). Botnets: the Killer Web App. Syngress.  Co-wrote Chapter 5, “Botnet Detection: Tools and Techniques” with Jim Binkley.
  • Hossein Bidgoli et al. (2006). Handbook of Information Security. Wiley.  Volume 3, “E-Mail Threats and Vulnerabilities.”
  • S. Paulus, N. Pohlmann, H. Reimer et al. (2004). ISSE 2004: Securing Electronic Business Processes. Vieweg. “Massmailers: New Threats Need Novel Anti-Virus Measures.”
  • Seymour Bosworth, M.E. Kabay et al. (2002).Computer Security Handbook. John Wiley. Co-wrote Chapter 49, “Medical Records Security” with Paul Brusil.
  • Anonymous et al. (2002). Maximum Security Fourth Edition. SAMS.  Revised Chapter 17 “Viruses and Worms”, Chapter 18 “Trojans.”
  • Anonymous et al. (2001). Maximum Security Third Edition. SAMS.  Chapter 17 “Viruses and Worms”, Chapter 18 “Trojans.”
  • David Harley, Robert Slade and Urs E. Gattiker (2001). Viruses Revealed. McGraw-Hill Companies. Co-Author.

David Harley
Small Blue-Green World

Share This:

2 thoughts on “Introducing David Harley

  1. Thanks, Bev, but actually I’ve been here for a while. I was just responding to a suggestion of Kevin’s. 🙂

  2. Nice meeting you David, and such an interesting and impressive bio too! Welcome to the blog and excited to read your works!

    (My academic background is also in social sciences and CS).

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley |