Herbert Hugh Thompson

Dr. Herbert Hugh Thompson is a computer security expert, an Adjunct Professor in the Computer Science Department at Columbia University,[1] and the Chief Technology Officer of Symantec.[2] He is also the Program Chairman of RSA Conference[3] the world's largest information security conference with over 25,000 attendees annually. Thompson is the co-author of a book on human achievement titled The Plateau Effect: Getting from Stuck to Success published by Penguin in 2013[4][5] and has co-authored three books on information security including, How to Break Software Security: Effective Techniques for Security Testing published by Addison-Wesley,[6] and The Software Vulnerability Guide published by Charles River 2005.[7] He is perhaps best known for his role in exposing electronic voting machine vulnerabilities as part of the HBO Documentary Hacking Democracy. He was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine[8] and has been referred to by the Financial Times as "One of the world’s foremost cryptology and internet security experts."[9]

Hugh Thompson
Alma materFlorida Institute of Technology
Known forsecurity
Scientific career
FieldsComputer science
Columbia University
RSA Conference
Blue Coat Systems


Thompson began his career as a research intern for Microsoft Corporation while working on his Ph.D. in Applied Mathematics at the Florida Institute of Technology, where he completed his degree in 2002.[10] He then went on to co-found Security Innovation Inc., an application security company and worked as their Chief Security Strategist. In 2007 he started another technology security company called People Security and also began teaching a course on "Software Security and Exploitation" at Columbia University that focused on methods to circumvent security mechanisms in software.[11] He has written several books and over 100 peer reviewed papers on Computer Security and Hacking.[12][13][14] Thompson has delivered keynotes at every RSA Conference since 2007.[15] He has been interviewed by top news organizations including BBC News,[16] Bloomberg Television,[17] CNN,[18] Fox News,[19] The New York Times[20] and the Associated Press.[21] He is also a contributor to the New York Times,[22] Scientific American[23] and IEEE Security & Privacy magazine.[24] Thompson was Senior Vice President at security infrastructure company Blue Coat Systems.,[25] and was named CTO of Symantec after the acquisition of Blue Coat in August 2016.[2]

Electronic Voting SecurityEdit

In 2006, Thompson participated in four hack tests for the nonprofit election watchdog group Black Box Voting.[26] Two of his tests involved altering election results reports on the Diebold GEMS central tally machines. Thompson also collaborated with Harri Hursti in the Black Box Voting projects in Leon County, Florida and Emery County, Utah. Thompson's GEMS central tabulator hack was achieved by inserting a Visual Basic script onto the GEMS server machine at election headquarters. Both the Visual Basic script hack by Thompson and the memory card hack by Hursti Hack can be seen in HBO's "Hacking Democracy" where Hursti and Thompson hacked into Diebold Election Systems's voting machines and central tabulator system in Leon County, Florida proving its vulnerability.[27]


Thompson completed his bachelors, masters and Ph.D. in applied mathematics at the Florida Institute of Technology.


  • Sullivan, Bob, and Hugh Thompson. Getting Unstuck: Break Free of the Plateau Effect. Penguin, 2014.(ISBN 0698183819)
  • Sullivan, Bob, and Hugh Thompson. The Plateau Effect: Getting from Stuck to Success. Penguin, 2013. (ISBN 1101624248)
  • Thompson, Herbert H., and Scott G. Chase. The Software Vulnerability Guide. Charles River Media, 2005. (ISBN 1584503580)
  • Thompson, Herbert H., and Spyros Nomikos. The Mezonic Agenda: Hacking the Presidency. Syngress Pub., 2004. (ISBN 1931836833)
  • Thompson, Herbert H., and J. A. Whittaker. How to Break Software Security. Addison Wesley, 2003. (ISBN 0321194330)
  • Thompson, Herbert H. "A Bayesian model of sequential test allocation for software reliability estimation." Ph.D. Dissertation, 2002 (ISBN 0493619062)


  1. ^ Columbia University course page for COMS E6998-9 Software Security and Exploitation
  2. ^ a b Symantec Management Team
  3. ^ RSA Conference Appoints Dr. Herbert H. Thompson as Program Committee Chair and Advisory Board Member
  4. ^ Schawbel, Dan. "Bob Sullivan: How Plateaus Prevent You From Career Success". Forbes.
  5. ^ Coffey, Laura. "Hey, high-achieving women! Here's how perfectionism holds you back". Today.
  6. ^ Whittaker, James (2003). How to Break Software Security. Addison Wesley. ISBN 0321194330.
  7. ^ Thompson, Herbert (2005). The Software Vulnerability Guide. Charles River Media. ISBN 1584503580.
  8. ^ "IT security reboot 2006: Top 5 influential security thinkers". SC Magazine.
  9. ^ Jones, Sam. "Encryption expert offers support to UK's GCHQ chief". Financial Times.
  10. ^ Thompson, Herbert (2002). A Bayesian model of sequential test allocation for software reliability estimation. Florida Institute of Technology. ISBN 0493619062.
  11. ^ Columbia University: COMS E6998-9: Software Security and Exploitation
  12. ^ Thompson, Herbert H. "Why security testing is hard." IEEE Security & Privacy 1.4 (2003): 83-86.
  13. ^ Whittaker, James A., and Herbert H. Thompson. "Black Box Debugging." Queue 1.9 (2003): 68.
  14. ^ Thompson, Herbert H., and James A. Whittaker. "Rethinking software security." DOCTOR DOBBS JOURNAL 29.2 (2004): 73-75.
  15. ^ Thompson, Hugh. Keynote: "The Hugh Thompson Show with Guests Steve Wozniak and Craig Newmark" RSA Conference, https://www.youtube.com/watch?v=X3_grIAuV00
  16. ^ BBC News, "How Safe is the Internet of Things?" https://www.bbc.com/news/business-28414165
  17. ^ Bloomberg Television, First Up with Susan Li, "Cyber Security Threat Dynamic, Dangerous". https://www.bloomberg.com/video/cyber-security-threat-dynamic-dangerous-thompson-VBG2kLSxRb6aBvXmoqUvvQ.html
  18. ^ CNN transcripts Archived December 24, 2010, at WebCite
  19. ^ Fox News Television, "Increase in One Day Wonder Websites Help Disguise Malware" http://www.foxnews.com/tech/2014/08/28/increase-in-one-day-wonder-websites-help-disguise-malware/
  20. ^ N. Perroth, "Security Needs Evolve as Computing Leaves the Office," New York Times, 11 June 2014. http://bits.blogs.nytimes.com/2014/06/11/security-needs-evolve-as-computing-leaves-the-office/
  21. ^ R. Satter, "RESEARCHERS STYMIED BY HACKERS WHO DROP FAKE CLUES", AP, 10 December 2014. http://hosted.ap.org/dynamic/stories/E/EU_HACKER_WHODUNIT
  22. ^ Sullivan, Bob, and Hugh Thompson. "Brain, Interrupted," New York Times, May 5, 2013, pg. SR12.
  23. ^ Thompson, H. "How I Stole Someone’s Identity." Scientific American, online feature posted August 18 (2008).
  24. ^ Hugh Thompson, "The Human Element of Information Security", IEEE Security & Privacy, vol.11, no. 1, pp. 32-35, Jan.-Feb. 2013, doi:10.1109/MSP.2012.161
  25. ^ "Blue Coat Names Security Market Visionary Dr. Hugh Thompson as Senior Vice President and Chief Security Strategist".
  26. ^ Black Box Voting site containing Thompson and Hursti projects Archived July 22, 2007, at WebCite
  27. ^ HBO's documentary "Hacking Democracy" Archived December 24, 2010, at WebCite