Chris Klaus, the company's founder, is staying on in the newly created position of chief security adviser; Chris Rouland is his handpicked successor.
Chris Klaus, the founder of Internet Security Systems, has decided to relinquish his role as chief technology officer, but is staying on with the company in the newly created position of chief security adviser.
Chris Rouland, formerly the director of the X-Force security research team, is Klaus handpicked successor as CTO.
Klaus founded Internet Security Systems Inc. in 1994 on the strength of his Internet Scanner tool, one of the first vulnerability scanners on the commercial market, and built the company into one of the more formidable
pure security vendors in the industry.
Its product line now includes a variety of security appliances, intrusion detection software and a central management console.
In his time as CTO, Klaus has been involved in setting the companys overall strategic technical direction and has also served as the public face of ISS, based in Atlanta.
A company spokeswoman said Klaus will remain involved in the technical side of the company but will hand over the day-to-day duties to Rouland.
No reason was given for Klaus decision to give up the CTO position.
The ascension to CTO is a major step up for Rouland, who is widely respected in the security industry and considered to be one of the top researchers around.
For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.
Under Rouland, the X-Force has evolved from an internal team doing vulnerability research into a core part of the companys services offerings via the X-Force Threat Analysis Service.
The team now concentrates on doing analyses of current and future threats and vulnerabilities and looking for trends to help enterprises ward off attacks.
Rouland also was instrumental in the decision by ISS to publish its internal vulnerability disclosure guidelines in 2002. At the time, there was a lot of publicity surrounding disclosure and how much information was too much to include in security advisories.
ISS had been criticized by some in the security community for releasing information before patches were ready, and the company decided to publish its disclosure guidelines in order to make clear the way it operated.
Check out eWEEK.coms Security Center
for the latest security news, reviews and analysis.
Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page