Innovating with Dave Chronister, President of Parameter Security

Source: St. Louis Post-Dispatch
By: Rachel Melcer
Date: June 20, 2007

The Company

Parameter Security's certified experts in computer networks, banking technology and ethical hacking offer independent security audits to the financial services industry.

The Industry Challenge

Banks, credit unions and other businesses that hold consumers' private financial information are required under the federal Gramm-Leach-Bliley Act to safeguard it. This process includes hiring an independent firm to conduct an annual computer network security assessment.

Lots of companies popped up to meet this need, but many offer only vulnerability assessments.

High-end firms that serve corporations with big budgets offer penetration tests, which are attempts to hack into a client's network, and then recommend solutions for problems they find. The tests would be valuable, but are not affordable for many smaller financial institutions, Dave Chronister said.

The Aha! Moment

Chronister was working as information technology director at Lincoln County Bancorp, a bank holding company, and ordering vulnerability assessments to comply with Gramm-Leach-Bliley regulations. "I was so frustrated that every year I had to pay these companies to do this, without getting anything that actually made my bank more secure," he said.

Chronister discovered that roughly 70 percent of financial institutions nationwide are not obtaining penetration tests. He and his wife, Renee, decided to start Parameter to fill the gap by offering the service at a lower price.

What he did — Chronister attended the Chicago-based Hacker Academy and became a certified ethical hacker, combining that expertise with his knowledge of banks and how they operate to form the basis of Parameter Security.

As the son of a St. Louis County police officer and a church secretary, "I always liked to be on the side of good in everything," he said. But with the right training, he and his staff — who are put through rigorous background checks — are able to emulate the bad guys in order to defeat them.

"We are going to hack as many ways as we can and find as many holes as we can," he said. Plugging those holes and making a network difficult to penetrate is sufficient to discourage most attackers, who will turn to an easier target.

Progress report — Parameter is forging marketing relationships with associations of banks and credit unions, accounting firms and other groups with relationships in the financial services industry.