quote
...loading

It’s not that he meets people who won’t book a cruise for fear of sailing off the edge of the world. Rather, it’s a mentality he’s talking about: how people or companies persist in clinging to what he believes are old ways of thinking about protecting computers against hackers, viruses, and the like.

Such security threats are rolling in by the thousands, he says, yet companies still try to defend against each individual peril rather than intercepting those slim few that pose a serious risk.

“Everything is getting about twice as bad every year than the year before,” he explains. “We’re getting more and more attacks, problems, and disruptions than the year before, even though we’re spending more money on computer security. The big danger is that we’re not going to figure out that the world is really round in time.

“You kind of feel like Galileo all over again. You say, ‘Honestly, we revolve around the sun,’ and they say, ‘Jeez, it can’t be true.’

“I’m a fanatic when it comes to computer security,” confesses the vice-president and chief technologist of TruSecure Corporation, based in Herndon, Virginia. “I’m one percent, with the other ninety-nine percent in the other camp. Really believing the Earth is round: It’s a leap of logic.”

Peter Tippett’s tendency to speak in hyperbole—particularly if it garners attention for TruSecure—is one thing that makes him interesting. There also is the fact that, during the 1970s, he worked with two scientists who separately won Nobel Prizes. There’s his defection from medicine to technology. Then there’s the software he developed while working nights in an emergency room, software that became a little something called Norton AntiVirus.

cpu TruSecure has its points of intrigue, too. Among them is the mole operation that tracks the cyberspace movements of thousands of hackers. It was his company that helped lead federal investigators to the writers of the Love Bug virus in 2000 and the Melissa virus in 1999.

I arranged an interview with Dr. Tippett through his assistant. I told her I expected the conversation to take about an hour. She said something to this effect: You’re going to need a lot longer than that; once he gets going, he may not stop.

When I called for the interview, I reached his voice mail. He returned the call a half-hour later, apologizing for running behind schedule.

“I was down at the White House,” he said. “I thought it was going to be a short meeting, but it ended up being a long one.”

“Down at the White House,” he had tossed off, like it’s a gas station around the corner. That was worth asking about later.


The Nobel Encounters

How did you end up with an internship at Rockefeller University, working with two scientists who each became Nobel Prize winners?

“I was chasing a girl who was going to New York to work at the New York Times. I wrote every scientist in New York City and said: ‘I’m a great guy, I want to work in your lab.’ I got an answer from this guy who said he’d pay me the $300 a month I demanded. I took my Volkswagen microbus and drove it to New York City.”

This was the early 1970s. At the time, he was an undergraduate at Kalamazoo College, a Michigan liberal arts school where internships were part of education and where, at the last minute, torn among the subjects he loved, he majored in biology.

Working as a lab technician with Nobel laureates Robert Bruce Merrifield (who won the prize for chemistry in 1984) and Stanford Moore (chemistry, 1972), an enterprising Peter Tippett found himself on the cutting edge of biochemistry research.

At Rockefeller, he synthesized proteins, including the first active piece of a disease-fighting immunoglobulin, and was encouraged to pursue a medical degree. But that wasn’t the only way the lab job influenced him.

“[Dr.] Merrifield wanted to have a volleyball game with his team every week, so we went to a parking lot in the middle of

RU and played volleyball—all these highfalutin folks from all over the world,” he recalls. “The influence on me was mostly that these are regular folks who are bright. That was good to know.”


Medicine, Computers, Medicine, Computers

You studied to be a doctor. You had choice encounters with exceptional scientists and researchers. How did you end up working in computer security?

“I kept falling into these computer spaces. When I got into the M.D./Ph.D. program [at Case], I also did an entrepreneurial job. My adviser pulled me aside and said, ‘Listen, do you want to be a scientist or do you want to be a business person?’ I liked being a scientist and doing the medical stuff, but one thing led to another.”

In high school in Dearborn, Michigan, Peter Tippett was one of only three people allowed to tinker with a 55-baud Teletype machine. During an undergraduate internship at Cincinnati General Hospital, he wrote a program to compile results of a cholesterol study. “I didn’t have a whole lot to do after hours, so I hung out in the emergency room and sewed people up,” he says, “and I sat in the corner and wrote a program.” The program compiled results of the cholesterol study in ninety minutes.

The Tippett Dossier

• Vice-president and chief technologist, TruSecure Corporation, Herndon, Virginia
• Age 51
• Wife, two children
• Residence, Great Falls, Virginia
• Bachelor of science, biology, 1976, Kalamazoo College
• Doctorate, biochemistry, 1981, Case Western Reserve University School of Graduate Studies
• Doctor of medicine, 1983, Case Western Reserve University School of Medicine
At Rockefeller University, he wrote a program to simplify the process of mixing chemicals to create proteins. Working on his doctorate at Case, he designed a program to mathematically model the behavior of the enzyme Glucokinase. A year later, as he was finishing medical school, he developed a mass-mailing program to help raise money for a nonprofit foundation he had started to study unusual diseases of the Pacific Islands.

During his residency and internship at what is now MetroHealth Medical Center in Cleveland (1983 to ’85), his emergent—almost accidental—software business took off. Working 120 hours a week at the hospital, Dr. Tippett struggled to keep up with the demands of distributing software and, later, self-branded PCs to nonprofits. He used the money he made as an intern to hire a programmer. “In the end, I decided, why don’t we just make a company and do this software thing? We made a for-profit called FoundationWare.”

The new company operated out of his dining room. In 1987, as the FoundationWare team contemplated what new software to develop, the world’s first major computer virus hit.

“I read about the Lehigh virus and, being a biochemist, my little brain applied the standard petri-dish type growth. I thought, ‘Jeez, if this works the way it says it does, sooner or later every computer in the world is going to need an antivirus product.’

“I started telling people this and they didn’t believe me. We basically threw away the business plan we had been working on, and, for the next five weeks, created the first antivirus product. We called it Vaccine.”


So, you developed the software that became Norton AntiVirus?

“We took Vaccine to the trade shows. We demonstrated how it worked with three or four viruses that existed at that point.” Over the next several years, Dr. Tippett grew the company, moving it into an actual office, hiring up to fifty employees. He even gave it a new name: Certus. Although the company earned revenue, he continued working in Cleveland-area emergency rooms to help the company remain financially solvent.

“Then, in 1992, Symantec came along,” Dr. Tippett says. “They had a product called Norton AntiVirus, but it didn’t work very well. They called us up and said, ‘Your product is winning all the awards and doing great things. How about if we buy your company?’ So I sold my company and my product became the Norton AntiVirus.”

The Route to TruSecure

• FoundationWare, nonprofit software company, 1987
• Certus, software, computer technology company, 1990
• Symantec, Peter Norton Group, computer software company, 1992
• National Computer Security Association, or NCSA, 1995. In 1998, NCSA became ICSA, which became TruSecure in 2000
• Website: www.trusecure.com
Dr. Tippett followed his software to Los Angeles to direct security and enterprise products for Symantec’s Peter Norton group. The company’s revenues grew tenfold over the next three years, largely because of the Norton software.

But Dr. Tippett liked calling his own shots. When the Symantec contract ended in 1995, he took the CEO position of a fledgling ten-employee company in Carlisle, Pennsylvania, called NCSA, short for the National Computer Security Association (it later morphed into ICSA, then TruSecure). This move also ended his moonlighting in medicine.

Bob Bales, NCSA co-founder, recruited Dr. Tippett. “Peter’s vision is what really attracted us to him—seeing things as they might be rather than as they are,” he says. “We had been struggling for four years and didn’t seem to be able to break even. Here we are ten years later, and the company did close to $50 million in revenue last year.”

TruSecure now employs nearly 300 people and serves some 700 clients—private companies and government agencies—in forty-three countries. Ernst & Young recognized Dr. Tippett in 1998 with its Entrepreneur of the Year award. In 2002, InfoWorld Media Group named him one of the “25 Most Influential CTOs.”


More Questions, More Answers

TruSecure takes a different approach to computer security. Please elaborate.

“Last year, there were more than 4,000 new vulnerabilities. What the rest of the world does is run around saying, ‘Wouldn’t it be horrible if somebody attacked that vulnerability? I better fix that.’ We wind up with this tremendous amount of work, and nobody succeeds in getting a quarter of it done. So when attacks do come, everybody’s still vulnerable.

“When you actually do the science, 25 out of those 4,000 things were used as an attack against any organization—well under one percent.”

Dr. Tippett doesn’t talk about eliminating each threat; he talks about reducing risk. TruSecure helps clients use resources they already have—no expensive new software, no need to hire computer experts—to protect themselves against threats. TruSecure expects clients to adopt certain defensive strategies and respond when they get warning alerts. TruSecure takes care of the rest; namely, figuring out what vulnerabilities pose problems and how to fix them. To this end, the company tracks hackers, collects samples of attacks worldwide, and develops sophisticated models to predict future events.

Not everyone buys into Dr. Tippett’s way of thinking, just as not everyone believed him when he predicted the magnitude of the threat posed by viruses back in 1987.

But Marcus Ranum, the man credited with building the first commercial firewall, and who once counted himself among the naysayers, says he was swayed after spending time with the technologist. He also considered how he safeguarded his home computer—smart habits and a few sensible precautions—and realized it was not unlike what Dr. Tippett advocated. Last fall, Mr. Ranum signed on as a senior technologist at TruSecure.

“As much as Peter sounds like he’s always talking marketing, he’s one of the better thinkers in security these days,” he says. “He’s the Energizer Bunny. He’s this constant flood of bubbling ideas: ‘Have you thought about this, have you thought about that?’ He’s very good at sketching out the big picture of a cool idea and then starting people charging off down it.”


Intrigue and Interactions

Your biography on the TruSecure website says your company provided key information to the US Department of Justice about David Smith, the writer of the Melissa virus.

“Two days after the FBI called, we gave them 200 documents with personal information. On the FBI website, you’ll find them thanking us for finding and helping prosecute Smith. He pled guilty to in excess of $80 million of damage.”

Dr. Tippett calls the work “computer forensics.” Combing through masses of accumulated information, TruSecure can generate clues such as what state a hacker may live in, whether the person has pets, what his or her hobbies are. In David Smith’s case, TruSecure was able to produce what Internet service provider he used in New Jersey.

Such work may sound exciting, but Dr. Tippett doesn’t play detective himself. “It bores me stiff. Mostly what people talk about on the Internet is drivel. It’s like listening to teenage kids talking on the telephone.”


I’m curious: Why were you at the White House?

“Just meeting with the computer security czar, Howard Schmidt [former vice-chair of the president’s Critical Infrastructure Protection Board]. He’s worried about what government can do to make [cyberspace] safer, or lead the charge for the rest of the country. But they’re following traditional Earth-is-flat thinking. They’re telling people every time there’s a new vulnerability, go fix it,” he says.

“I get involved in things down there too often. Last time, they called me and four other security experts. They said, ‘Whenever you guys put out alerts about viruses, you’re almost always right. Whenever we put out alerts, we’re pretty much always wrong.’ We spent a day talking about how we get it right. In our case, it’s models and interactions.”

Dr. Tippett, married for fifteen years and the father of two, travels often but still finds time for family, skiing, biking, a little TV (The West Wing is a favorite), and flying planes, a lifelong passion. He flew at the earliest age allowed: lessons at fifteen, soloing at sixteen, becoming a private pilot at seventeen, and adding a commercial license to his collection at eighteen. He painted houses to pay for the lessons, then taught flying and worked as an engineer at a Top-40 radio station to pay for college. He sometimes pilots one of his own planes for business trips: a six-seater Beech Baron or an eight-seater Piper Cheyenne propeller jet.

All that and a visionary too, if you ask TruSecure’s Mr. Bales. “He’s the classic overachiever,” he says. “He has a Ph.D. He’s a pilot. He’s a doctor, but just being a doctor isn’t enough for Peter; he’s an emergency-room doctor. He’s that he-won’t-be-happy-unless-he’s-going-Mach-2-with-his-hair-on-fire kind of guy.” end


Jolie Lewis (CWR ’94) is a longtime contributor to Case Magazine. She is a graduate student in the creative writing program at the Ohio State University.

Photography by Nathan Lankford

hrule Respond to this article hrule


Close Window