Core Security Technologies today will announce the hiring of Mark Hatton as the company's new CEO.
Hatton, the former president of North American operations for antivirus vendor Sophos Inc., joins Core at a time when the company is in a bit of a transition. Core, based in Boston, is a provider of penetration testing software and has spent the last few years working to gain footholds in large enterprises in a number of sectors. That has often meant doing deals at the departmental level in the hopes of working up the ladder to division or enterprise-level deployments later on. Hatton believes the time is right for the company to make the move to the bigger deals now.
"A lot of education needs to happen. The product hasn't met the needs of the corporate accounts up till now," Hatton said in an interview last week. "Core has created the most actionable data out there. Now the thing is to broaden the reach and make it more accessible."
Penetration testing products in general have suffered from something of an identity crisis for a few years now. Historically, most penetration tests have been done by consultants who showed up with their own custom-designed tools and went to work on a customer's network. But the introduction of commercial products such as Core Impact and Immunity Inc.'s Canvas in the last few years has given enterprise IT staffs the option of doing the tests themselves. But most security professionals have little if any training in pen testing techniques and the commercial products can be complicated to deploy and use.
Hatton acknowledged these issues and said that Core is working to address them.
"It's a hard-to-use product," he said. "We need to create more awareness around what the technology does and make it so that the product isn't as one-off as it is now."
Hatton replaces Paul Paget, who joined Core as CEO in 2002. The company announced last summer that Paget would be stepping down but would stay on until a replacement had been found. Paget said at the time of the announcement that he saw himself as most comfortable in start-up companies and that Core had reached the point where it was ready to move to the next level.
Hatton helped lead Sophos through a similar transition and said that he believes Core must expand its reach—and perhaps its product line—in order to make a move into the upper echelon of security vendors.
"I think the opportunity here is equally great, to come in and take the entire company, the strategy and direction and do what we did at Sophos," he said. "The board and management feel that there's a broader opportunity that what we've been addressing. We're going to aggressive on development and how we position the product. There's a broader way that we could be viewed. The product is going to go though a pretty aggressive development process."