George Kurtz – Fast 50 2003


It is a mission-critical problem: anticipating IT security attacks before they happen. Foundstone’s experts train officials at the National Security Agency, Federal Law Enforcement Training Center, U.S. Secret Service, FBI, Air Force Office of Special Investigations, and all four branches of the U.S. military.


George Kurtz
CEO, Foundstone Inc.
Mission Viejo, California


Tell us what you do (or what your team or organization does) and the specific challenge you faced.
KEY BACKGROUND/QUICK FACTS: Foundstone helps organizations stop reacting to IT security breaches and start proactively managing and preventing attacks from happening in the first place. With the greatest single collection of security experts in the industry housed under one roof, Foundstone trains the NSA, U.S. Attorney’s Office, Federal Law Enforcement Training Center (FLETC), Secret Service, FBI, Air Force Office of Special Investigations, U.S. Army, U.S. Air Force, U.S. Navy, U.S. Marines and the Royal Canadian Mounted Police, among others. Foundstone executives are world-renowned best-selling authors. Their book, “Hacking Exposed: Network Security Secrets and Solutions,” been translated into 19 languages and was ranked the #4 computer book sold on Amazon in 2001, making it the best selling security book ever sold. OBSTACLES: Getting CEOs to think about IT security as business enabler and a way to ensure business continuity and brand credibility. Despite study after study that shows companies do not believe they are sufficiently prepared against a cyber attack, most are not putting the time and resources into proactive security measures.

What was your moment of truth?
A defining moment for Foundstone was when the company decided to transition from a professional services organization to a software and technology developer. The company took years of experience and knowledge gleaned by their professional services consultants and “productized” it into an enterprise class software application in an easy-to-use and compelling format. Foundstone realized CEOs needed a fundamental change in the way they looked at IT security–they wanted to actually map security to the bottom line. Foundstone’s FoundScan Enterprise Vulnerability Management System that does just that. In fact, CEOs can now hold their IT security managers responsible for improved security in the form of a scoring system. Some of Foundstone’s customers are using FoundScan to work improved scores into their Management by Objectives and are being evaluated upon those scores. (The exact date? 1/1/1999)

What were the results?
Foundstone has currently raised $20 million in VC funding, and in just 3 years employs more than 100, has opened offices in Mission Viejo, CA; New York; San Antonio, TX; Seattle; Washington D.C. and will open its first international office next year. Foundstone plans to reach profitability in the first quarter of 2003. Foundstone customers include Bank of America, Motorola and the U.S. Department of Transportation. A testament to the company’s expertise, Foundstone was recently asked by the Bush Administration to provide input to the National Plan for Securing CyberSpace, a key component of President Bush’ National Homeland Security Strategy.

What’s your parting tip?
Believe in your vision; settle for nothing but the best and deliver the highest-quality service and product possible.