Interview: George Kurtz, Foundstone

George Kurtz is chief executive officer and co-founder of Mission Viejo-based Foundstone (, a venture-backed firm in the security software and services space. I thought it would be great to get an update on what the company is doing.

BK: What does Foundstone do, and how are you different from a typical IT security consulting firm?

GK: The primary difference is, we are an enterprise security software company that also provides supporting consulting and education services. So we not only advise our customers on best practices for risk management, etc., but we also provide a powerful software solution to effectively manage network vulnerabilities on an ongoing basis.

As you’re aware, network security breaches can cost organizations millions of dollars in financial losses each year. Although 90 percent of all attacks result from known vulnerabilities and misconfigurations, the right solution is not always obvious. With a myriad of existing network, operating system and application-related vulnerabilities — and 15-20 new ones identified each day — IT departments find it almost impossible to manage.

Foundstone’s approach sets us apart from other solution providers. We simplify security by directing resources where they’ll have the most impact. Through our strategic approach to security, Foundstone enables customers to optimize their security investments and proactively protect their most important information assets from potential threats. Furthermore, Foundstone team members are experts in security and risk management. Our best-selling books have helped define the future of the industry and hundreds of organizations benefit daily from our expertise.

BK: What kind of products and services do you offer?

GK: Foundstone offers a unique combination of proprietary software, services and education to help customers mitigate and manage the digital security risks inherent in doing business today:

Foundstone Enterprise software suite helps global organizations discover, inventory and prioritize global network assets. It identifies vulnerabilities and threats to those assets, providing continuous and proactive protection and intelligent, measurable remediation. To enhance Enterprise even further we’ve developed a Threat Correlation Module with a live threat feed from Foundstone Labs, and a Remediation Module.

Because we recognize customers have differing needs, we also offer a managed services alternative to Foundstone Enterprise for customers who prefer this approach. Foundstone Enterprise is also delivered via a secure appliance that has been embraced by many of our customers. It simplifies deployment, and reduces the Total Cost of Ownership of their Vulnerability Management Program.

Foundstone Professional is a compelling software solution for the small- to mid-sized organization that needs to scan for vulnerabilities but doesn’t require the extensive scalability and feature set found in Foundstone Enterprise. Foundstone Professional is a great way to "test the vulnerability management waters" with a small initial investment. And since the product has the same code base as Foundstone Enterprise, customers can easily grow their solution as their needs increase.

Foundstone’s Professional Services team provides strategic guidance to organizations to quickly and sensibly lock-down their most critical digital assets. We then build a strong, long-term security foundation for future expansion. This prepares clients for a state of "continuous readiness."

Finally, Foundstone Education provides a comprehensive security curriculum designed to meet the needs of individuals, departments, and organizations to develop highly skilled security professionals. This includes webcasts, whitepapers and case studies that supplement the interactive, hands-on courses taught across the country.

BK: What percentage of your business is products, and how much is service-focused?

GK: Foundstone’s revenue was split 50/50 between technology and services in 2003. As our award-winning Foundstone Enterprise software solution continues to gain market share, we are projecting a 65/35 split in favor of our software product in 2004, and we’ll continue on that trajectory until we reach a 70/30 split (software/services).

BK: I noticed your company last raised a round of funding in 2002. Is the company looking for more funding, or are you profitable?

GK: We reached points of profitability in 2003, and expect to achieve sustained profitability during the summer of 2004. Market demand for our products is high, the average selling price is growing, and our visibility is better than ever. We believe 2004 is the year dominant leaders will emerge in this industry, and we intend to be one of the front runners.

BK: How many employees do you currently have?

GK: Foundstone has 115 employees worldwide, including many of the leading experts in the security industry.

BK: Thanks!