Paul Paget, CEO of
penetration testing software vendor Core Security Technologies,
is leaving the company. Paget said the move is the result of a
series of discussions with the board of directors and was a mutual
decision.
Paget has been at the helm of
Core Security for more
than five years, but said that he sees himself as best-suited for
start-ups and early stage companies. With more than 500 customers
and several key product and strategy decisions on the horizon,
Paget said he and the board both agreed that the time was right to
look for a CEO ready to guide Core in its next growth stage.
"The kind of testing we're doing is becoming understood as a
critical component for any organisation," Paget said. "When we
first started, it was considered a bit over the edge. Right now we
have one product that's essentially delivered at one price point.
You can imagine in the future delivering it in a number of
different ways. We're in a space without a lot of competition and
we want to take advantage of that opening."
There is no set timeline for finding a new CEO, and Paget said
he plans to stay on until the board fills his position. Paget will
also resign from Core's board once the new CEO joins the company.
The company has yet to hire a search firm.
Paget joined Core in 2002 after stints at several other security
and technology companies. He had served as a senior vice president
at Baltimore Technologies and a vice president at CyberTrust, which
acquired Baltimore in 2000. He also worked at Lotus and IBM earlier
in his career.
The penetration testing market is still quite small. In addition
to Core, Immunity Inc., of New York, is essentially the only other
software-based commercial penetration-testing player, with its
Canvas tool. HD Moore's
Metasploit framework ,
which is free, is also in the mix, as is Saint Corp.'s Exploit
product. And a new appliance on the way from BreakingPoint Systems
performs some of the same testing functions as penetration-testing
tools. But a lot of penetration tests are still performed by
consultants, in large part because most of the tools require a high
level of skill and even many large enterprises don't have someone
on staff who can do the tests.
Paget believes that it's simply a matter of time before
penetration tests become standard procedure in the enterprise. To
take advantage of that potential opportunity, however, Paget said
Core needs to continue its growth and perhaps give customers more
options for how they buy the company's product, Core Impact.
"The business is growing at a very fast rate and I believe we
can take it to a whole different place," he said. "We have a huge
open marketplace in front of us and we want to address it properly
in the next few years. There are some areas that go far beyond our
comfort zone as a team. We've talked about this as a group for a
long time."
Paget said that he wouldn't rule out a software-as-a-service
model for a future Core product. "Everything is on the table.
There's not anything we wouldn't look at or that we'd rule out
right now," he said.