Co3 Names Security Expert Bruce Schneier as CTO

At Co3, Schneier will help guide the incident-response company's technology vision forward and identify trends for the company to pursue.

Security incident-response vendor Co3 Systems this week announced that security luminary Bruce Schneier is joining the firm as its new chief technology officer. Schneier had previously been working as the CTO of British Telecom (BT).

Schneier is well-known and respected in security circles for his insight and knowledge of cryptography. In 2013, Schneier was among the many security experts who wrote critically about the actions of the U.S. National Security Agency (NSA).

John Bruce, CEO of Co3, told eWEEK that he has known Schneier for many years, as both men worked for security vendor Counterpane, prior to its acquisition by BT.

At Co3, Schneier will help guide the company's technology vision forward and identify trends for the company to pursue, Bruce said.

In today's world, it is prudent to assume that no organization can avoid a security incident, and that's the problem space that Co3, which was launched in 2010, is aiming to address, Bruce said.

The goal of Co3 is to build technology to prepare, assess and remediate against security incidents. Co3 offers hosted software-as-a-service as well as on-premises solutions. The goal is to guide organizations with a step-by-step process on how to prepare for a security incident, as well as an analysis of what actually happened if a security incident occurs. The Co3 also generates an automatic incident-response instruction set after a security breach occurs to help organizations properly respond.

Many organizations are required to comply with one or more regulations, such as the Payment Card Industry Data Security Standard (PCI DSS). Co3 is complementary to PCI DSS compliance in many ways, Bruce said.

PCI DSS 3.0 is the newest version of the standard, and it is just now coming into effect with the start of the new year.

Ted Julian, chief marketing officer at Co3 told eWEEK that his company actually wins a fair amount of business from companies looking to be PCI DSS-complaint. Julian noted that requirement 12.9.3 of the PCI DSS specification calls for organizations to have an incident-response plan that is documented, which is a function that Co3 fulfills.

Co3 also works with Security Incident and Event Management (SIEM) platforms. In the coming months, Co3 is likely to announce partnerships and support for some of the biggest SIEM vendor platforms, Bruce said.

The market opportunity and interest in Co3 has likely grown in recent weeks with FireEye's $1 billion acquisition of security-response vendor Mandiant.

"The Mandiant-FireEye deal really raises the awareness of incident response as a key objective and a broader trend in the market," Julian said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.