Security Vendor CTOs: Perspectives, Opinions, and Lessons Learned

In the classic IT realm, the CTO role was created to assist CIOs to develop viable technical solutions to existing problems. However, in the realm of the vendors and suppliers, there is considerably less agreement on what exactly the CTO needs to do, but no shortage of opinions on what makes the role difficult to fill. This panel addresses a number of challenges by some of the most well respected security tool vendor CTOs. The first panel topics center around the CTO role, and how it changes as the company grows and matures. Perhaps considerably more so than in classic IT organizations, vendor CTOs must be sensitive to the business requirements of the company and whether certain technologies can provide a reasonable return on investment. But, how do CTOs straddle the roles of being the technical purists that the outside world expects and the realistic pragmatist that their business partners demand? How do CTOs find a balance between business line responsibilities and keeping various constituencies happy, such as business partners, customers, prospective partners, and the ever dynamic and fickle analyst community? And if business doesn't prosper, how much responsibility (and blame) does the CTO bear? Another challenge for CTOs revolves around domain expertise. Often CTOs are selected for the specific knowledge of a technology area pertinent to a problem or solution. What happens when the solution migrates out of the CTOs domain expertise? How much responsibility does a CTO have for ensuring that their company's core competency doesn't inadvertently serve as an "immune system" to resist alternative solutions? Or is the CTO position merely a safe place to put technical founders? Other topics that will be covered include: How does one become a CTO, anyway? What do you think a CTO really should do? What would you say to someone who wants to be a CTO? What are the toughest lessons you learned? Will there be CTOs ten years from now? Each panelist was a co-founder and CTO of a security tool vendor, and is guaranteed to have opinions on each of these topics. Christopher W. Klaus is the Founder and Chief Technology Officer of Internet Security Systems, Inc. (ISS). ISS is a leading global provider of security management solutions for the Internet and online business operations, with market-leading software, consulting, education and remote managed security services offerings that easily and cost-effectively scale for any organization. Gene Kim is the chief technology officer and cofounder of Tripwire, Inc. In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. He is currently working with Spafford on IT safety models to explain why IT is in so much pain, and show how basic capabilities such as repeatable builds and quick remediation are the key to running IT securely. Ron Gula is VP of Intrusion Detection Products for Enterasys Networks, oversees the team that produces the Dragon line of IDS tools. He was the founder and Chief Technology Officer of Network Security Wizards (NSW), which was acquired by Enterasys Networks in August 2000. Mr. Gula also wrote the original Dragon IDS and currently specializes in extremely high speed network monitoring and IDS correlation tools. Prior to entering the commercial sector, Mr. Gula was a Captain in the US Air Force. Paul E. Proctor is currently the Director of Technology at Cybersafe Corporation. He started his career specializing in secure operating system development in 1986 as a UNIX kernel programmer on Gould’s UTX/32S C2-rated UNIX. Mr. Proctor has been involved in applied intrusion detection since 1989 when he led a study of the state-of-the-art for the U.S. Government. He developed the Computer Misuse Detection System (CMDS) technology while employed at SAIC and was founder and Chief Technology Officer of Centrax Corporation.