Digital Security
Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security
07 Nov 2025 • , 7 min. read
The cybersecurity community lost one of its luminaries with the passing of David Harley last week, at the age of 76.
Despite being a self-described late entrant to IT, David went on to forge a long and distinguished career in cybersecurity that stretched from the early days of computer viruses until the age of modern ransomware and included a tenure as ESET Senior Research Fellow until his retirement in 2018.
With an academic background in modern languages, social sciences, and computer science, David understood early that the most dangerous vulnerabilities weren’t always technical, but human. This lesson would echo through much of his later work, particularly in his writings about the psychology of cybercrime. His expertise ranged widely, however, and also encompassed analysis of malware trends and engagement with the standards of antimalware product testing.
A prolific author, editor, and conference speaker, David viewed writing and public speaking as an extension of research and an opportunity to connect with peers and, indeed, anyone else committed to making the internet a safer place for everyone. WeLiveSecurity is proud to preserve part of David's vast body of written work; meanwhile, the various books and scholarly articles that he authored, co-authored, and edited are listed here.
If you ever had the privilege of learning from David, consider paying it forward. David himself was proud to be part of the cybersecurity community and viewed cybersecurity as a public good. (He was also an accomplished singer, songwriter, and guitarist. Listen for yourself here.)
Former colleagues, meanwhile, remember David as a fountain of knowledge and a meticulous wordsmith who left a lasting mark on the field and all those who worked with him.
Says ESET Vice President of Government Affairs Andrew Lee:
"In 1999 I met a man who would become a friend, a colleague, and a collaborator on many projects over the years.
At the time, I was working in a government office, establishing the first fully implemented security and antivirus platform throughout the agency. There was a message board, the alt.comp.virus newsgroup (kind of like a very early social media for geeks), where others involved in the antivirus sphere would discuss. On that forum, at the time working for the NHS as its computer security head, was a man named David Harley. On that board, many conversations would take place, and David would often give his input, which was relevant, informed, and always worth reading. He, among others, helped me tremendously in providing information and advice that helped me do my job.
At a conference called ‘Infosec’ (sadly long defunct), I finally met David, in late 1999, and we hit it off immediately, sharing many more interests than just security. During that first meeting, over pizza, I discussed an idea that I was working on – a paper on Linux malware. I knew David was a good writer, so I asked him for some tips. I have always been good at having ideas, but with severe ADHD (undiagnosed at the time), I was simply unable to get them onto the page in a logical way, I speak far better than I write. David almost immediately offered to help me write the paper, and we eventually presented it at the EICAR conference in 2001, in Copenhagen. I did the presenting, as it was not David's strength at the time. We complemented each other well. We would bounce ideas around, he would send a draft, I would add my contributions, then he would edit it into something usable. Then I'd present our work.
Eventually, I left government and joined ESET – and it's true to say that without David helping me with those early conference papers, I might never have had the chance to meet the ESET folks. David and I kept in touch, regularly meeting up at industry conferences, and eventually, it was a huge pleasure to be able to hire him into ESET, where once again, we worked on many white papers and presentations together. He also wrote books on security, one of which I had the pleasure of contributing to.
We also bonded over music. David was, like me, a huge fan of traditional British folk music, and was himself a very accomplished guitarist, singer, and songwriter. During the pandemic, I helped him clean up, remix, and master some of his earlier work, and it's a shame that more people did not discover his songs, as they are beautiful, well written, and often deeply moving.
David was a quiet man, he was gentle, kind, but also funny and clever. His work was important, and while the industry has moved on, much of the advice he wrote is still relevant and vital today. His reserved nature sometimes hid from others the deep intellect and insight that David held.
In some small part, I hope our work together helped him too; as is often said, two heads are better than one. I will always remember when he met his true 'second head', Jude, in Berlin, and their lasting bond, friendship, and love was something that was obvious to those who met them.
Above all, David was my friend. I will miss him greatly.
My love to Jude, David's daughter, and all who knew and loved him.
Rest in peace my friend.”
Says ESET Research Fellow Bruce P. Burrell:
“I'm not quite sure when I first met David – probably though VIRUS-L/comp.virus in the late 80s or early 90s. I'm not certain about when I met him in person, either, but I'm pretty sure it was in 1995, at the Virus Bulletin conference in Boston. Or maybe in San Francisco at VB 97 (the conference report mentions him, so I know he was there). Whenever it was, by that time it was like meeting an old friend.
Probably a bit before our first face-to-face meeting, the alt.comp.virus newsgroup came into existence, and I had many interactions with David there. Eventually, it became clear that an FAQ was needed for the newsgroup, and a triumvirate of David, George Wenzel, and I started putting one together. More accurately, David did almost all of the putting, while George and I contributed a bit or two; I also did a wee bit of wordsmithing. Emphasis on ‘wee’: David's writing skills were superlative, so it was mostly just sanity-checking.
At around this time also, David and I were involved with wordsmithing the AVIEN Malware Defense Guide for the Enterprise – indeed, while a group effort, I suspect that he wrote most of that, too.
Note also that, while the gentlest and kindest of people, he had a wickedly clever wit – just browse the titles and headers of his writings.
I overnighted at his flat in London in the summer of 1998, and later that year, at VB 98, I met the regular occupant of that room – his adorable eight-to-ten-year-old(?) daughter Katie. I believe that she followed her father into computer security; whether or not she's still in that field, he had every reason to be proud of her.
Over the years, we'd been in regular contact – but when I joined ESET, we soon formed another trio of wordsmiths – David, Nick FitzGerald, and myself. It was a great pleasure – and learning experience – to work with these two on a daily basis, instead of the occasional one-off emails and the all-too-rare conference or ‘I just happen to be in town’ meetings. I was fortunate to be able to work with him closely for several years, until his retirement. Not an early retirement, but certainly earlier than I'd have liked it to be!
Post-retirement, we stayed in touch, but in retrospect, not nearly enough. I shall miss you tremendously.”
Says ESET Senior Research Fellow Righard Zwienenberg:
“I am truly saddened to hear this news. Having known David for over three decades, I was fortunate to share many memorable moments with him, on stage during presentations and through our mutual love of music. We had some nice sessions together with David on guitar and myself on drums. He will be deeply missed by me.
David was a 'walking Wikipedia'. Whenever you sent him an abstract or a full paper to edit, he always returned it with hints to more material, references to supporting material, etc. Many people know that for all his brilliance as a writer and editor, he was ‘clumsy’ as a presenter. Often losing track, having his notes in the wrong order so he was talking about slides yet to come but not the current one, laughing about his own mistakes ... Everybody who really knew him will remember, ‘Oh dear …’, which was his typical way of apologizing on stage while presenting and yet again losing track. Yet, due to his vast knowledge on the topic he was presenting or ready-when-needed history when the Q&A time was there, he always attracted a large crowd …
May his memory live on through the music and moments we shared.”
We offer our heartfelt condolences to David's family and friends.
Here’s where you can learn more about the life and work of David Harley:
Sign up for our newsletters
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。