[ISN] Internet Security Systems CTO Steps Down

InfoSec News isn at c4i.org
Thu Jun 10 05:44:11 EDT 2004


http://www.eweek.com/article2/0,1759,1609500,00.asp

By Dennis Fisher 
June 9, 2004    
 
Chris Klaus, the founder of Internet Security Systems, has decided to
relinquish his role as chief technology officer, but is staying on
with the company in the newly created position of chief security
adviser.

Chris Rouland, formerly the director of the X-Force security research
team, is Klaus' handpicked successor as CTO.

Klaus founded Internet Security Systems Inc. in 1994 on the strength
of his Internet Scanner tool, one of the first vulnerability scanners
on the commercial market, and built the company into one of the more
formidable pure security vendors in the industry.

Its product line now includes a variety of security appliances,
intrusion detection software and a central management console.

In his time as CTO, Klaus has been involved in setting the company's
overall strategic technical direction and has also served as the
public face of ISS, based in Atlanta.

A company spokeswoman said Klaus will remain involved in the technical
side of the company but will hand over the day-to-day duties to
Rouland.

No reason was given for Klaus' decision to give up the CTO position.

The ascension to CTO is a major step up for Rouland, who is widely
respected in the security industry and considered to be one of the top
researchers around.

Under Rouland, the X-Force has evolved from an internal team doing
vulnerability research into a core part of the company's services
offerings via the X-Force Threat Analysis Service.

The team now concentrates on doing analyses of current and future
threats and vulnerabilities and looking for trends to help enterprises
ward off attacks.

Rouland also was instrumental in the decision by ISS to publish its
internal vulnerability disclosure guidelines in 2002. At the time,
there was a lot of publicity surrounding disclosure and how much
information was too much to include in security advisories.

ISS had been criticized by some in the security community for
releasing information before patches were ready, and the company
decided to publish its disclosure guidelines in order to make clear
the way it operated.





More information about the ISN mailing list