Sourcefire founder: Cisco deal is 'a good match'

Who would have guessed 15 years ago that Martin Roesch's free computer network-security program would turn into a $2.7 billion deal?

Roesch used the no-cost software he developed in 1998 — called Snort because it sniffs out trouble — as the foundation for Columbia cybersecurity firm Sourcefire Inc. On Tuesday, the company announced that it had agreed to sell itself to tech giant Cisco Systems Inc.


The price speaks to the business potential in developing good defenses as high-profile hacking of corporations and government agencies mounts. It's also a recognition of Sourcefire's reputation.

The company's share of the global market for one type of cybersecurity — detection and prevention of intrusion on computer systems — rose from 8.4 percent in 2011 to 11.2 percent last year, according to William Blair & Co. That's behind only McAfee, Cisco and IBM.


Roesch, who goes by Marty, talked with The Baltimore Sun on Friday about the acquisition, the company's early years and the state's aspirations of becoming top dog in detecting and blocking hackers.

Did you have any inkling when you developed Snort that it could lead to a valuable business down the road, let alone one worth $2.7 billion?

No, I certainly didn't. In fact … six months before I started Sourcefire was the first time I ever entertained the idea that I could build something around Snort.

What appealed to you about Cisco as an acquirer — why was this the right deal for Sourcefire?

I think it's a good match. … Sourcefire brings great products in the threat space for dealing with modern threats; we have a lot of deep-security DNA within the company and we have a track record of being the best at what we do. … They have a huge platform for bringing these good ideas we have at Sourcefire to market.

What are your plans? Do you expect to be with Cisco for a while?

The plan is to make me the chief architect for Cisco's security business. … So, yeah, I'm planning to stick around and take all the great things that we do and all the great things that they do and build powerful capabilities that customers will love and will provide better security for everyone on the Internet.

Analysts say big tech firms are buying smaller cybersecurity companies because that's where the innovation is. Do you think Sourcefire can continue to innovate as a small piece of a huge business?


The way that Cisco is structured, their security business unit is … certainly not anywhere as huge as the whole company. What they're really encouraging us to do is come in and be an innovative part of that team. We feel like there's a lot of opportunities to continue to do innovative things.

How has cybersecurity and the threat landscape changed since you started the company?

It's changed significantly. You know, back when I got going with Sourcefire back in 2001, people knew about hackers and they knew about hacking, but their day-to-day exposure to it wasn't what it is today. … It's changed from being this abstract 21st-century problem to this "Oh, geez, I've got to remember another credit card number" problem for everyone. And that's just the tip of it. …

These things used to happen on a small scale when we got going, but now they're industrialized. … The stakes are very different.

This recognition of cybersecurity's growing importance helps explain why Maryland says it wants to be the Silicon Valley of cybersecurity. What needs to happen for the state to get there?

It's kind of happening on its own to some degree because there's so much cybertalent and cyberactivity in this part of the world, with Cyber Command over at Fort Meade … and companies like Sourcefire in the region. It's just kind of a natural occurrence with that much concentrated knowledge base and skills base in one part of the country.


What does the Cisco deal mean for cyber in Maryland?

Well, it means there's a large market for good ideas out there, and people who can execute on their ideas … have opportunities to build something really special and take it to a global audience. For entrepreneurs out there like I was when I started out in my house … sometimes, it seems pretty daunting. If you focus and stick to it, real good things are possible.

You've said before that cybercriminals have a leg up on cybersecurity companies. How do you mean that, and what's your strategy for dealing with it?

The bad guys can go out and buy one of everything. … They can buy all the security technologies and put them into their own lab and analyze how they work. … When they go after a potential target, they have the ability to really figure out what they're facing and devise ways to get by it. …

So modern cybersecurity companies have to think about the cybersecurity problem beyond just defending. … The modern security architecture needs to take into account that [the protections] are going to fail at least some of the time and have mechanisms that allow them to continuously test to see if they've been circumvented, essentially. We do that. That's one of our core things that Cisco liked about us a lot.

Tell us about developing Snort. What prompted you to do it? That was pre-Sourcefire.


I started writing Snort in 1998 as kind of a weekends-and-rainy-days project. … Ultimately, what I was doing was, I was teaching myself how to write that kind of software back in the early days. …

I decided to release it as an open-source project [free to use with accessible source code] to see if anyone would use it, and to have some fun. … Within two years of getting started on it, I realized it was being used globally and in really high-value areas … which was when I started thinking I should try to make a business out of this.

I was hoping you could explain what made you think, "I should start a company around this free program." And what reception did you get at first?

My day job was working for government contractors, and I was working on Snort in my spare time. Eventually, I got to the point where I was working [at] my office job for 40 hours a week and then I was working on Snort 40 hours a week. … If I was going to work on it 40 hours a week anyway, maybe I should get paid for it. …

I had ideas of how to monetize an open-source project, so I took the ball and ran with it. And it worked. Not too many people thought it would. I was told the business model for Sourcefire … was a bad idea and it wouldn't work by more than one person. …

I was developing a model to get people to pay for something that was free. A lot of people didn't understand where the value actually lay in the technology set I was creating.


Do you expect to see Sourcefire have a continued strong local presence?

Cisco's team has been very emphatic about saying that the Baltimore-D.C. area is a center of excellence for cybersecurity. … I don't think you're going to see any kind of drawdown.

Martin Roesch

Title: Founder and chief technology officer of Sourcefire


Compensation: Almost $1.3 million in 2012, while serving as interim CEO

Age: 43

Residence: Ellicott City

Education: Bachelor of Science in electrical and computer engineering from Clarkson University in New York

Family: Wife, Anna, and four children

Hobbies: Astronomy and sailing


Fun fact: Started Sourcefire in his living room (then in Carroll County)

How Sourcefire and Cisco compare


Headquarters:ColumbiaSan Jose, Calif.

2012 revenue:$223 million$46 billion

2012 profit:$5 million$8 billion


Employees: About 650About 74,000

Founded: 20011984

Source: Company filings. Cisco's 2012 fiscal year ended July 28, 2012.