Core Security Technologies on Monday named Mark Hatton CEO. Hatton was the president of North American operations for Sophos.
Last year, Core lost CEO Paul Paget and product manager Max Caceres, who is well known in the penetration testing world. Hatton's mission is to grow the company, which is privately held and cash flow positive, and fend off competitors such as Immunity Security and the Metasploit Project.
I spoke to Hatton last week. Here are some highlights of our conversation.
On the importance of research: Hatton said he will continue Core's large research lab. After all, the company's goal is to provide actionable data on emerging vulnerability. Research enables that cause. On the competitive landscape: Hatton acknowledged the price competition from open source players such as Metasploit. However, Core wants to go beyond just pen testing to analyzing the data on the porous state of networks. "At heart of what Core is doing is providing this penetration test. We say 'here's the area to address security needs.' Actionable data is very unique," said Hatton. The problem is that Core "needs to do a better job articulating that story." Can Core grow? Core has roughly 650 customers actively using its product. Hatton has to take those customers, which are typically small enclaves within larger companies, and up sell them. "You look within that customer base and figure out a way to make that product universally apply across the company," said Hatton, who will note that Core's pen testing is better automated and easier to deploy. Core's market position: Hatton said Core has a role as an insurance policy and wants to be viewed as the last line of defense telling CIOs how all of their security products are working. "We're going to come in from an assurance standpoint and say let's test how all of those products are working," said Hatton. "We are the backstop--the last point of protection beyond whatever else has been deployed. We want to automate the security audit."