Chronister Turns ‘Ethical Hacking’ into a Business
 

By Jason Rosenbaum
St. Louis Business Journal
May 6-12, 2011

When he was an IT employee for a bank holding company, Dave Chronister saw firsthand the inadequacies of network security.

Chronister saw two types of companies that analyze network security. Neither, he said, got the job done.

“One company would say, ‘We’ll get you compliant with whatever compliance you need.’ Being compliant is a far cry from being secure,” Chronister said. “Or it would be companies that would say, ‘Hey, we’ll come in and give you a free security assessment or free security scan.’ And then the only issues they found were miraculously the issues that they were able to fix.

“I was a technical guy. I had a full staff of IT workers working for me. I didn’t need somebody to fix it. I just need somebody to give me an unbiased opinion.”

Those inadequacies prompted Chronister and his wife, Renee, to start Parameter Security, an “ethical hacking” firm aimed at finding vulnerabilities in an entity’s network. With the backing of a few investors, the couple secured a “very small” loan to help finance the company’s launch in 2006, Chronister said. The St. Peters-based company since has been steadily growing in clientele and in scope.

One of Parameter Security’s main functions is to break into a client’s network in a way similar to a malicious hacker. The difference, Chronister said, is that at the end of the day Parameter will provide a report on how they got in so that the client can secure itself. Since its inception, Parameter also has expanded its services to security training and computer forensics.

But one thing that sets Chronister’s business apart from other technology security companies, he said, is that it only provides assessments of vulnerabilities-as opposed to solutions.

“We don’t come in and fix the issues. The reason is if we’re coming in and making money fixing the problems, how can you … be sure there really was a problem?” Chronister said. “Were we just trying to get extra money?”

Chronister’s field has grown in recent years. The International Council of E-Commerce Consultants, or EC-Council, has trained more than 90,000 people as of January and certified more than 30,000 security professionals.

“The demand for (training) has increased significantly-evident by the increase in the number of partners we have and the number of certified members,” said Leonard Chin, director of marketing, conferences and events for the EC-Council.

One of the problems Chronister faced when launching Parameter was competing against long-established firms.

“With any type of auditing, there has to be some type of reputation,” Chronister said. “We were going up against some of the big three auditing firms, firms that have been around 50-plus years. And here we are, Parameter, with no name. It was a real challenge to get someone to say ‘come with us.’ Fortunately we were able to get some fairly big names, some state and federal clients, and use them as our references.”

He said the recession presented another sizable challenge in expanding his business.

“While we’re in IT security, we’re not a solutions provider,” Chronister said. “So we don’t sell firewalls. We audit. One of the first places companies started cutting was actually their audit schedule. So instead of doing an audit every 12 months, we may do it every 18 months. And so we really started seeing the pipeline getting very, very, very bare.”

Chronister said the training portion of the business helped pull things together. While his company doesn’t release financial information, Chronister said the business grew 300 percent last year and is on track to grow about 200 percent this year. Chronister said his company audits about 800 clients, trains 2,000 students and works with 150 clients on the forensics side of the business.

Chronister said he wants his company to be a growing presence in the St. Louis region.

“We want to expand with acquisitions, but we want to be the ones acquiring [and] bringing more jobs to the St. Louis area,” Chronister said.