Someone with less faith would have called it quits long before.
It was a nearly impossible task to find customers. Venture capitalists turned a deaf ear. And for two years, Thomas Noonan, president and CEO of Internet Security Systems, struggled to keep his fledgling enterprise alive.
“1996 was an important year, both in the industry and in our history, because by the end of 1995, we were completely broke,” says Noonan. “I was financing the company on 37 Visa cards with cash advances. Our technology was not necessarily doing what we wanted it to do. We weren’t generating the customer activity.
“In fact, we had generated a whopping $250,000 in revenue in the year 1995.”
But then something happened that would change the course of ISS and the future of Internet security.
“I would say the turning point for us was a one-two, left-right combination punch,” Noonan says. “The first was that we were able to convince Motorola, up in Schaumberg, Ill., at their headquarters, that this was critically important to their security. They were doing a number of government contracts and continue to do so today.
“Upon receiving that order, the venture capital community completely changed their stripes. Unfortunately, it wasn’t the Atlanta venture capital community. We had to go to Boston and California, where they were a little more attuned to this. We were able to raise $3.5 million 45 days later. That was a big shift for us.”
The win with Motorola in 1996 was the beginning of ISS’ rise to become a leader in Internet security.
“The most important change that it brought was revenues of close to $5.5 million and the addition of 41 new employees and about 220 customers,” Noonan says. “We’ve been growing ever since. We’ve never had years where we haven’t grown.”
With hard work, perseverance and a dogged determination to succeed, Noonan has created one of the premier Internet security companies in the world. Despite the challenges, or perhaps because of them, he has learned that he can’t wait for problems to occur. He must check them before they appear.
Noonan, with fellow Georgia Tech alumnus Christopher Klaus, founded Internet Security Systems in 1994, at a time when few outside the university or scientific communities were even familiar with the term “Internet,” and the Internet security field had few players. Today, that arena is filled with names like IBM, Cisco and Symantec.
“We’ve grown from $250,000 to $250 million in nine years,” he says. “(We) serve about 12,000 business customers and have offices in 32 countries. That’s a lot of growth.”
Those 12,000 customers are located in about 80 countries. But, Noonan says, getting to this point wasn’t easy.
Getting into the game
“When we went to raise venture capital, all the early venture capitalists told us they wanted to invest in businesses that can serve businesses, not businesses that could serve research labs in universities,” Noonan says. “We said, ‘No, this is much bigger.’ They said, ‘No businesses are using the Internet today and no consumers are using the Internet.
“Why would you want to secure it? Why would they want to spend money on securing something they don’t even use?’
For two years, Noonan and Klaus struggled to convince the uninitiated.
“It was a valid question,” he says. “You had to have vision and belief. This concept of skating toward the puck, knowing where the puck would be, we thought the puck would be right here, meaning a pervasive broadly utilized enabling technology for both businesses and consumers.”
The hard work paid off. In 1999, Noonan was recognized by Ernst & Young LLP as an Entrepreneur Of The Year. But like any good leader, he understands that it takes more than the leader’s vision to accomplish a company’s goals.
“It was an exciting accolade,” he says, “But it’s much more a tribute to the team of employees that put this company on the map. I was their face man and their leader, and was very proud to be so back then and continue to be so today. But to do something like this, to take an idea and then go out and build a market-leading company in a technology environment that is extremely competitive against companies like Cisco and IBM, really requires an unbelievably committed team of people that will follow you into battle anywhere.
“And our employees have done that with me. I owe them much more than a debt of gratitude.”
Noonan also believes he owes something to his country. Recently, President George W. Bush appointed him to serve on the National Infrastructure Advisory Council, a committee designed to advise the president on issues surrounding the security of information systems that support the nation’s critical infrastructure as part of homeland defense.
“Eighty-five percent of the Internet is controlled and operated by the private sector,” Noonan says. “President Bush and the team in Washington recognized early on that it had to be a public/private partnership and he needed to reach to very visible leaders in the industry to help bridge that public/private partnership of protecting our infrastructure.”
Noonan says the council has made unbelievable progress in 18 months.
“One side of me said, this government is going to move like a glacier, be fraught with bureaucracy and frustration, and my experience has been extremely positive here,” he says. “I’m serving with John Chambers, who is chairman of Cisco, and Craig Barrett, who is chairman of Intel, and a handful of key industry leaders. We are making some progress, and we feel good about it.
“This country has defined the term ‘critical infrastructure’ to mean the financial-communication-transportation-energy-emergency services components of our digital infrastructure and our physical infrastructure as the critical infrastructure,” he says. “The ability to assess that infrastructure to determine how vulnerable it is to attack, the ability for that piece of the infrastructure to have the proper controls in place to repel attacks should they be targeted and, lastly, for the ability for that piece of the infrastructure to recover, i.e. in a business continuity perspective, should it come under a catastrophic attack. Those three very manifest objectives have been driven through the national strategy to secure cyberspace, and NIAC is all about making sure we can achieve those objectives anytime, anywhere.”
Game plan
Give Noonan credit; he has always skated not to where the puck was, but to where it was headed.
“When we founded the company, we established founding principles, three of them focused on what we believed the Internet would become,” he says. “One of those founding principles — the Internet would be the pervasive for all voice and all commerce between businesses and consumers or the pervasive enabling technology. At the time it was at zero percent. That was one big bet.”
Noonan’s early vision may have allowed him to stay in the game, but it is the hackers who continually up the ante for ISS.
“It is what make this business, quite frankly, at the end of the day, the most exciting business on the face of the Earth, because we are in a never-ending, round-the-clock battle with the bad guys,” Noonan says. “It is through technological innovation, coupled with very smart people, that we are staying one step ahead of the bad guy for our customers. We call this ability the pre-emptive protection, and it’s truly driven by technological innovation that we did not even imagine 10 years ago. We could imagine the objective, but not how to do it.”
He says the security model in 1994 was a reactive model.
“Basically, you had to get infected by the virus first. The virus would be sent to a lab of smart people,” he says. “They would reverse engineer the virus and then send you an inoculation — that’s an antivirus update. They’re doing that today when your antivirus system is updated.”
Then the Internet happened.
“All of a sudden, now, the Internet became the vehicle for transport, not the floppy disk,” Noonan says. “Whereas it might take five years for a virus on a floppy disk to get on enough computers and enough floppy disks to infect the whole world, the slammer virus — one of the recent worms that was on the Internet — infected the entire Internet in four hours. There is no possible way that the researchers can get the virus, reverse engineer it, build the inoculation and then send it out to all their customers (quickly).
“If you happen to be at a dinner meeting for three hours, you’re done.”
Looking to the end game
Noonan is happy with how he’s been able to grow ISS, but things aren’t getting any easier.
“The next 10 years will bring equally as much, if not more, change as we have seen in the first 10 years,” Noonan says. “Specifically, wireless devices will proliferate beyond our wildest imagination; therefore, the Internet will be with us everywhere. New threats and new methods will manifest themselves, which, quite frankly challenge us in ways we’ve never even imagined. At the same time, with no ways of dealing with these threats, we will innovate to establish ways of dealing with these threats.”
That doesn’t mean that Internet security is 100 percent effective.
“Unfortunately, I do believe we will suffer large-scale outages from these attacks each year,” he says. “Yet, I believe this infrastructure is resilient enough to recover. The biggest concern I have is the concept of a coordinated attack against the infrastructure, whereby a chemical or a biological or a nuclear threat is coupled with a large-scale outage of ability to communicate, so that the first-responder system would be disabled as well, creating pretty significant chaos.
“I do believe the chance of all of that happening concurrently is low, not because of capability or not because of intent, but I believe our defenses are already to a point where we have the capability to minimize — not eliminate — the impact of that.” How to reach: Internet Security Systems, (888) 901-7477 or www.iss.net