December 14, 1998 Firm uses `ethical hackers' to protect corporate systems Erik Espe Business Journal Staff Writer "I'm kind of a security Nazi," said Jeff Moss. "I take things to an absolute." Mr. Moss, an "ethical hacker," is one of the weapons used by San Jose-based Secure Computing Corp. to test and retest the security systems of client companies such as Sun Microsystems Inc., UAL Corp., Citigroup Inc. and the U.S. Air Force. Mr. Moss works out of Seattle, leading a team of 10 experienced hackers who invade the systems of clients, sometimes even reading confidential e-mail and data on customers. Mr. Moss' title at Secure is "director of security assessment." His mission is to do everything he can to break into the systems of client companies. "The client usually had an incident and is scared," Mr. Moss said. "They want to get an independent review so they know they're not crazy." In the Internet age, Mr. Moss said, it's wise to be paranoid of hackers. No system is hacker proof. The best any security team can deliver to a company is a way of making it so hard for hackers to penetrate a system that the targeted company will be able to detect it and have enough time to take action. "It can't make a system invulnerable, but you have to be able to detect a hacker," Mr. Moss said. "You might not be able to defend against a full-on attack, but we can make it so it takes at least two days to break in, which gives you enough time to do something." Secure does this by building firewalls for clients. Firewalls are basically programs that protect one network from outside users who could try to access a company's intranet via the Internet. Mr. Moss left a similar job at Ernst & Young LLP this year to join Secure Computing, so he could work in a firm whose entire focus was Internet security. While firewalls are being produced by a number of companies, Secure touts itself as the first in the marketplace, having developed the world's first firewall in 1994 for the National Security Administration. It's the acquisition of employees such as Mr. Moss and a complete revamping of 3-year-old Secure Computing that has brought this early player in the Internet security market back from the brink of collapse, according to CFO Tim McGurran. "It's taken us a few years to get the company where it needs to be," said Mr. McGurran, Secure Computing's CFO. "I'm the only survivor from the old management team. I've got the scars to show you." Secure first went public in 1995, in one of the strongest initial public offerings in the history of the Nasdaq exchange. "We were one of the first Internet companies to go public in 1995," said Mr. McGurran. "Our stock went up from $6 to $48 in its opening day." But Secure's initial rise was short-lived. Shortly after its IPO in 1995, the company acquired three other Internet security firms: Border Network Technologies, Enigma Logic and Webster Network Strategies. Although the takeovers gave Secure valuable software to deliver an entire suite of solutions to clients, the company at the time didn't have the management expertise to merge with so many other firms at once. Overwhelmed, Secure saw its costs rise and revenue drop. Although Secure had posted profits before its IPO, it was unprofitable through 1997. "Here we were in August of 1996, having just gone public, doing three acquisitions, and the company imploded," Mr. McGurran said. "The burden with having to integrate all these firms caused the company to collapse. Wall Street was concerned about the company." Secure's stock dropped back to $6 in April 1997. By then, the board of the company already had taken action to stop Secure's bleeding. In late 1996, the board let go of every top manager at the company except Mr. McGurran. In November 1996, Novell Inc. executive vice president Jeffrey Waxman was brought on board as Secure's new CEO. The company spent all of 1997 streamlining its product line and restructuring its operations. Employees including Mr. Moss--who was well-known for organizing Def Con, a hacker conference held annually in Las Vegas--were recruited. "We have put together the world's premier group of security experts," Mr. McGurran said. To cap the "new and improved" Secure Computing, the company moved its headquarters to San Jose from St. Paul, Minn. early this year. The hard work has paid off. In the fourth quarter of 1997, ended Dec. 31, Secure posted its first profitable quarter since its IPO and has remained profitable since. Secure's stock has also steadily risen, closing at $20.88 on Dec. 7. "We've broken out," said Mr. McGurran. With 315 employees, the company provides both software and consulting services to its clients. Sidewinder, the company's main product, prevents unauthorized users from getting through firewalls. Its companion product, SafeWord, enables authorized personnel to get through firewalls. But the service that has been getting Secure the most attention is its "ethical hacker" division. "They've leveraged that pretty well," Mr. Moss said. "The competitors we see are usually your Ernst & Youngs, IBMs and Andersen Consultings. Compared to those companies, we're really small. But because of the nature of the computer industry, [a small number] of us can hold our own against IBM. "When it comes down to it, how many people do they have breaking into machines all day long?" -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:56 PDT