Mark Curphey - SecurityBuddha.com

I am always following whats happening in a few security companies for one reason or not. These are a dirty dozen on my watchlist (I have over 40 in total) and the terse gossip I have accumulated on them. I know its woefully out of date which is a conscious reason I post this; hoping kind readers will fill me in. I know gossip is bad. If you don’t like gossip, don’t read.

Citigal - I thought we grew a decent sized software security practice over a period at Foundstone but it seems Citigal were growing crazy fast as well. Headed up technically by Gary McGraw, talent seems to be drawn to it like a magnet at the moment. I heard they are now 120 people and still only doing software security. I think they will become the first real software security consulting powerhouse unless they divest?

Tenable - I guess you don’t hear Renaud’s name as much these days. Its always Ron Gula if it’s about the company and Nessus doesn’t seem to have that zing it used to. Was it a case of “made a pot of money and no longer have to deal with the public” or a case of “I am more interested in the business these days” or “more interested in the technology these days” or something else entirely?

App Sec Inc. - Brilliant serial startup guys Eric Gonsalez and Aaron Newman. First Kane Security Analyst (originally NetWare), then DB Scanner and now App Sec Inc; buying (or being given) back DB scanner by ISS. It’s a crazy world! All this and a band to match. Watching these guys be successful again is a team sport.

Archer Technologies - Before we open the Kimono about exactly what SourceClear is doing people always say “Oh its like Archer then?”. A frog and a dog both have 4 legs, are they the same? No. However it’s been interesting researching them, their customers and their background. Another “Sanctum type product”,  meaning everyones got it but most want rid of it if they could find a good alternative. Seems there was some shenanigans at EY way back when, nature worked its course and out popped a company instead if a baby. Big deployments and will surely be snapped up by one of the big players before long making the founders very rich. Is this another case proving that funding a business initially with services is a great model?  

Modulo - What an interesting business model. Two Brazilian guys hiring in a US based sales crew and start making real in-roads in an up and coming market. Parts of the world really are flat afterall. This should not be a surprise of course.  Impressive list of local customers and establishing a vertical foothold in financial services in the US.

HB Gary - What happened to Greg Hoglund? Seriously smart guy whose built great stuff like Asmodeus Scanner (tell me you are “feeling” the irony in that link), TripWire, ported Nessus to Windows, Hailstorm and more recently rootkits. Argh that was it……I see hes been really busy. Very good.

McAfee - Old employer with a vested interest in its short term future. Before they fired the old President and the CEO “retired”, they froze the employee stock options plan. Luckily I had cashed my Foundstone stock so I didn’t have that much tied up, but needless to say it was a “tad bit annoying”. After they then tried to claim that because you can’t vest your stock after 90 days of leaving (as they had frozen the plan) that your stock would just …..disappear; a class action ensued (which is why this is public and I am blogging about it), they changed their minds and will reinstate all stock options; after they restate the accounts for “how ever” many years. Larson still on the run in Belize, who has seen Samenuk lately? When will they re-state?

NGSS - I heard Ted Barlow left as the CSO at McAfee to build up a US services operation but I don’t seem to have heard much since? Good job you don’t get confused with these folks (worst web site of 2007 so far for me).

Al Huger, Oliver Fredrichs and crew - They all finally quit Symantec late last year after having sold SecurityFocus to them a fair few years before. Or was it 3 years of vesting almost exactly? If it was that’s not a good thing for Symantec. Wasn’t it Al Huger and Tom Ptacek who wrote Ballista back in the day? Ballista was sold to NAI who along the way became McAfee and bought another scanner from Foundstone to replace the last purchase which they ran into the ground.  When I was at ISS, NAI was always referred to as “the place where software goes to die” and Noonan and Klaus once buried an effigy of Bill Larsen at a company BBQ. I have the video somewhere to prove it.

See Update in Comments

Accuvant - Bunch of ex-Foundstoners and interesting for their Control Path spin-off. Am I being suckered by a “compliance product tag line”? Isn’t this just Archer 2.0?

Mandiant - Bunch of ex-Founstoners. 4 of the first 8 (?) employees just left within a week apart but I have heard other great things about them. Original Foundstoner Merlvyn Fredricks AKA Stephan Barnes is there in sales and the big hairy Canadian Dane Skagen just joined. I just don’t see their product market developing with McAfee and Symantec and MSFT all having something that would be cheaper and faster to enhance than buy and integrate. Would anyone go for a network to desktop play like Cisco (think Okena) or EMC? I hope its better than CA. You know the saying. “Everyone owns CA, no one bought it but everyone owns some CA”. You have to admire a business like CA, its like a silent juggernaut sometimes.

RSA - I am waiting for Art Covelio to repeat his punditry from RSA but this time with a Steve Ballmer type dance and admit he doesn’t understand where RSA sits in the pecking order. Keon was a total failure, your acquisitions are not on fire and you needed to sell while you still had the cashcow of tokens producing milk. I am really following RSA to see what EMC will do with a security company of course.

ISS- Former company. Will Noonan leave and run for the senate? Isn’t Chris Rouland bored? I bet he could round up a team of startup developers!

Thats it for now (and probably the last time I do a post like that). Well see how Blogonomically significant it is.