You've said before that cybercriminals have a leg up on cybersecurity companies. How do you mean that, and what's your strategy for dealing with it?

The bad guys can go out and buy one of everything. … They can buy all the security technologies and put them into their own lab and analyze how they work. … When they go after a potential target, they have the ability to really figure out what they're facing and devise ways to get by it. …

So modern cybersecurity companies have to think about the cybersecurity problem beyond just defending. … The modern security architecture needs to take into account that [the protections] are going to fail at least some of the time and have mechanisms that allow them to continuously test to see if they've been circumvented, essentially. We do that. That's one of our core things that Cisco liked about us a lot.

Tell us about developing Snort. What prompted you to do it? That was pre-Sourcefire.

I started writing Snort in 1998 as kind of a weekends-and-rainy-days project. … Ultimately, what I was doing was, I was teaching myself how to write that kind of software back in the early days. …

I decided to release it as an open-source project [free to use with accessible source code] to see if anyone would use it, and to have some fun. … Within two years of getting started on it, I realized it was being used globally and in really high-value areas … which was when I started thinking I should try to make a business out of this.

I was hoping you could explain what made you think, "I should start a company around this free program." And what reception did you get at first?

My day job was working for government contractors, and I was working on Snort in my spare time. Eventually, I got to the point where I was working [at] my office job for 40 hours a week and then I was working on Snort 40 hours a week. … If I was going to work on it 40 hours a week anyway, maybe I should get paid for it. …

I had ideas of how to monetize an open-source project, so I took the ball and ran with it. And it worked. Not too many people thought it would. I was told the business model for Sourcefire … was a bad idea and it wouldn't work by more than one person. …

I was developing a model to get people to pay for something that was free. A lot of people didn't understand where the value actually lay in the technology set I was creating.

Do you expect to see Sourcefire have a continued strong local presence?

Cisco's team has been very emphatic about saying that the Baltimore-D.C. area is a center of excellence for cybersecurity. … I don't think you're going to see any kind of drawdown.

jhopkins@baltsun.com

twitter.com/jsmithhopkins

Martin Roesch

Title: Founder and chief technology officer of Sourcefire

Compensation: Almost $1.3 million in 2012, while serving as interim CEO

Age: 43

Residence: Ellicott City

Education: Bachelor of Science in electrical and computer engineering from Clarkson University in New York