Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Chris Klaus, the founder of Internet Security Systems, has decided to relinquish his role as chief technology officer, but is staying on with the company in the newly created position of chief security adviser.

Chris Rouland, formerly the director of the X-Force security research team, is Klaus’ handpicked successor as CTO.

Klaus founded Internet Security Systems Inc. in 1994 on the strength of his Internet Scanner tool, one of the first vulnerability scanners on the commercial market, and built the company into one of the more formidable pure security vendors in the industry.

Its product line now includes a variety of security appliances, intrusion detection software and a central management console.

In his time as CTO, Klaus has been involved in setting the company’s overall strategic technical direction and has also served as the public face of ISS, based in Atlanta.

A company spokeswoman said Klaus will remain involved in the technical side of the company but will hand over the day-to-day duties to Rouland.

No reason was given for Klaus’ decision to give up the CTO position.

The ascension to CTO is a major step up for Rouland, who is widely respected in the security industry and considered to be one of the top researchers around.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzer’s Weblog.

Under Rouland, the X-Force has evolved from an internal team doing vulnerability research into a core part of the company’s services offerings via the X-Force Threat Analysis Service.

The team now concentrates on doing analyses of current and future threats and vulnerabilities and looking for trends to help enterprises ward off attacks.

Rouland also was instrumental in the decision by ISS to publish its internal vulnerability disclosure guidelines in 2002. At the time, there was a lot of publicity surrounding disclosure and how much information was too much to include in security advisories.

ISS had been criticized by some in the security community for releasing information before patches were ready, and the company decided to publish its disclosure guidelines in order to make clear the way it operated.

Check out’s Security Center at for the latest security news, reviews and analysis.

Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page