Security exec Moritz leaving CA

Moritz, who holds the title of senior vice president and chief security strategist, has been the head of CA's security unit for five years, overseeing a large shift within the company to build a portfolio of products and services focused on security. He said he began thinking of departing CA earlier this year, and approached CEO John Swainson about his decision. With his contract expiring at the end of July, Moritz said he felt the time was right to look for other opportunities.

CA plans to continue to invest in security, but Moritz said it was clear to him that the technology was not only a difficult sale in many enterprises, but also challenging to implement.

Special Black Hat coverage Check out more of SearchSecurity.com's special news coverage of Black Hat USA 2007.

He was careful to say that he is leaving CA on good terms and that he was open with Swainson and CA co-founder Russ Artzt, who oversees the security division, about his desire work on a variety of different projects without being committed to any one full-time.

"I was very candid with Russ and he was very cool with it," Moritz said. "I think we've done a hell of a job here in the last five years."

Moritz joined CA in 2002 after a stint at Symantec Corp., where he was the CTO and a close adviser to CEO John Thompson. He also spent time as the CTO at antivirus vendor Finjan Inc. and, earlier in his career, at Case Western Reserve University. Moritz is well-respected in the security industry and has served on a number of industry boards and working groups.

As for the immediate future, Moritz is considering a number of options, including working with a venture capital firm and taking seats on the boards of a handful of startups and emerging companies that he believes show promise. What he won't be doing, at least for the time being, is taking another full-time corporate job.

"I don't see myself going back to one company, but I'd like to work more as a freelancer, helping a small portfolio of companies," Moritz said. "I'd like to be an adviser and help where I can. I think I have to be careful not to over-commit, though. There are a number of very interesting, very early stage companies, like pre-alpha stage, that look promising. And there are some others that are farther along and closer to an IPO and are changing out their boards in anticipation of that."

The future of CA's security is not necessarily as promising. The company in recent years has lost a number of its key security executives, most notably Toby Weiss, who is now CEO of Application Security Inc. And as the company has struggled through a series of accounting scandals, government investigations and shareholder lawsuits, the new management team, led by Swainson, has moved to focus more on storage and systems management than on security. In this regard, CA faces the same challenge as other security vendors do as their core antivirus and anti-spyware offerings become commoditized. Moritz said there is no indication that the company is planning to abandon its security strategy altogether, but added that the future direction of the division was not clear.

Another major factor is the looming presence of IBM. CA and IBM for years have been fierce competitors in a number of markets, and IBM's recent acquisitions of Web application security specialist Watchfire and intrusion prevention vendor ISS make it clear that Big Blue plans to be a serious player in the security market.