Gerhard Eschelbeck has never been one to shy away from a tough assignment. As CTO of Qualys, Eschelbeck oversaw the development of that company’s on-demand vulnerability scanning service, despite widespread skepticism. Qualys, which is gearing up for an initial public offering, now has more than 2,000 customers, including such marquis names as and DuPont, Hewlett-Packard, and TIAA-CREF.
This year, Eschelbeck left Qualys and took the CTO slot at anti-spyware pioneer Webroot. For a man who helped refine the “laws” of software vulnerabilities, switching to the spyware world was an abrupt change. “With vulnerabilities, you might see 40 or 50 new examples a week. With spyware, it’s more like 400 or 500 a week,” he says.
Eschelbeck’s first major initiative has been to help Webroot transform itself from a pure-play anti-spyware vendor to one that offers broader protection against malicious code. He has also opened up a second research facility. “We want to be able to automate not just finding the spyware, but learning about how it infects a machine and developing a signature for it, so there’s no human in the loop.”