|Chris Rouland, ISS|
"Whenever, I need the token I call him over," said Rouland, who heads ISS's X-Force, a center of security experts dedicated to education about and combating computer threats. "He also doubles as my home intrusion detection system."
When Rouland, 30, joined ISS in 1998 to head X-Force, the team had only six members. Today, there are 150.
A 10-year veteran of IT, Rouland has seen the increasing sophistication of viruses and the corresponding response by the antivirus community. He received his first virus, Michelangelo, in the early '90s, for example. Back then, a common way to mitigate that virus, which opened its payload on a specific date, was changing the dates on computers, he said.
However, after a few years Wall Street called him away from the Beltway. "The real money is on Wall Street, I thought," he said.
Beside compensation, Wall Street offered the chance of working with and learning from some of the best technical brains around. Rouland spent about five years with Lehman Brothers in various IT positions. For example, he handled the first migration of a trading system from Unix to Windows NT. In fact, it was so successful that many of the other companies followed suit.
That experience has given Rouland a good view of how Microsoft's security policies have changed since the mid-'90s. "It used to be hide the problem, but now the company is stepping up to face problems," he said.
Rouland sees the rush to release bigger and better software as a key reason for a lot of security vulnerabilities. Educating end-users about using security technology is another weak area.
"I would say a lot of it is the Nasdaq's fault," he said tongue in cheek. "Companies are under the pressure to make money, and sometimes software is released early without being ready."
Yet, Rouland isn't in favor of the other approach, namely taking so long to develop secure software that all innovation is sucked out of it. He cites the operating system that runs the space shuttle as an example. "After 20 years, it's perfect but it has no innovation," he said, noting it runs with 256K of memory.
The future of security
In the near future, Rouland sees more "blended threats" or "hybrid worms" taking shape. Such malicious code can infect systems in multiple ways. He also sees some problems ahead, including hacking and worm attacks on wireless networks. "This will be huge as it offers instant gratification (for attackers)," he said.
Yet, Rouland said he was confident that the security community will combat such attacks. "I enjoy the competition of keeping ahead (of virus writers)," he said. "I enjoy having to get up at 4 a.m. and head into the office to define algorithms for the latest threat."