A Memoir of Secure Computing Corporation

Now that Secure Computing Corporation is a memory, having been acquired by McAfee, I’m going to write up a few memories of my own experiences. At one point I posted much of this in the appropriate Wikipedia entry, but that’s actually not kosher. Since much of it is based on personal recollection, these words fall in line with what they call “original research.” So I’m posting it here.

SCC Lock Header

I joined Secure Computing about a year after it came into existence. It was called “Secure Computing Technology Corporation” at the time. By the time I left, they’d gone through three more company presidents, 4 corporate logos, several mergers, and bounced the corporate headquarters from Minnesota to Silicon Valley.

Before I arrived, many of the thirty-odd engineers, developers, managers, and associated staff had worked at Honeywell as part of the “Secure Computing Technology Center.” The Center had a snazzy logo, showing a computer inside an inaccessible maze.

Honeywell SCTC Maze Logo

Every organization at Honeywell had a snappy acronym, and this one was, of course, “SCTC.” Even after the corporate identity was overhauled, the acronym remained. SCTC spun off from Honeywell in 1989. This was the era in which Honeywell shed all of its computer products, and various other things that didn’t fit its “roots” in thermostats and other building controls.

Bull, the French computer company, stepped up and bought most of Honeywell’s computing assets. Two things went elsewhere, and both involved high security computing for defense applications: the SCOMP group in McLean, VA (my original home town) and the SCTC group in Minnesota (my adopted home).

Both were involved in building high assurance systems that provided multilevel security (MLS) capabilities. Such systems had to be endorsed by the NSA (technically, a separate organization called the NCSC, but essentially the same thing). There was strong interest in the DOD to avoid selling these organizations to a foreign corporation.

Both spun off into separate companies. SCTC was given a board of directors consisting of investors and some defense industry people. A CEO was chosen, but it’s not clear to me if he ever spent much time at the company. In any case, his tenure was short: the company existed because of its technical talent, and all the engineers revolted at one point. This was before I arrived.

The technical guiding light at SCTC was Earl Boebert, who had a background in crypto, computer architecture, and had made some shrewd observations on how they could or should work together. This led to things like type enforcement, discussions of infosec threats (as opposed to comsec threats), and various strategies for securing high-value networks.

A month after I started in 1990, the company hired Kermit Beseke to be CEO. He was from Motorola’s STU-III secure phone organization. His background was in selling tech hardware, and this became important as the company’s products evolved.

Kermit introduced our first corporate logo:

SCC Lock Header

For the full, historic effect, though, you should imagine the same thing saying “Secure Computing Technology Corporation.” We started using the logo before we switched to the new company name. But the new company name arrived quickly behind it.

Kermit was rightly proud of that logo. He was especially proud of the ‘deal’ he got on it. If I remember correctly, he said the price was around $8,000. I don’t know how much a great logo costs, but I really liked that logo.

Until 1994 and the introduction of the Sidewinder firewall,  the company focused primarily on DOD contract work in secure computing. Our main project was LOCK and its progeny. LOCK was a highly secure computing system that supported MLS. Its special contribution was type enforcement, which gave us a better way to construct the system both at the lower levels and at higher levels.  LOCK led to the Standard Mail Guard (SMG).

Meanwhile, the company was trying to find its way into the commercial sphere. I’m told that stock analysts and such had decided that the company would be more valuable if it was in commercial systems instead of focusing on government systems. Earl came up with an idea of how to build a firewall that exploited type enforcement, the architectural centerpiece of LOCK. This led to Sidewinder.

As we embarked on commercialization and mergers, Kermit stepped down as CEO. [I’ll have to edit this later after I look up names, but] The new CEO arrived with his own VP of Marketing, who naturally needed to replace the old logo with one of her own, the “dumb box” logo:

Silly Box Logo

I heard a series of explanations of how this uninspiring thing was better than the padlock – others used padlocks, while this one illustrated how we defended computers by putting them inside a perimeter. But I suspect the real reason was that the old logo was created by an earlier administration, and this was a step by the new regime in exerting “control.”

After a while, even the new marketing VP recognized that this was an awful logo, replacing it with a ‘death star’ logo, which appeared just before the shakeup that jettisoned that regime, CEO and all.

And that’s enough for now.