Sophos has appointed the highly-regarded Gerhard Eschelbeck as its new chief technology officer (CTO), almost six years after the Austrian crossed the Atlantic to join US-based Webroot in the same role.

Before his Webroot days, Eschelbeck made his name as the CTO and vice president of engineering at vulnerability management company Qualys, where he was a major influence on the then emerging field of vulnerability security, coining the idea of ‘half life’ to describe the time it takes for a known software flaw to be patched in the real world in his Laws of Vulnerability conference presentations.

He went on to help create the Common Vulnerability Scoring System (CVSS), a system used to rank and prioritise the severity of security vulnerabilities. Despite working in the commercial sector, his intellectual influence and insight extended well beyond  his headline role to promote one company.

He became less visible to European security professionals after going to work for Webroot a situation that might change in the light of his new job.

“Gerhard is a great addition to the Sophos management team. He is a renowned expert on vulnerability management and cloud security, both of which are becoming more important to our customers and to IT staff worldwide, in the wake of new and increased threats,” said Sophos CEO, Steve Munford.

Sophos: Facebook failing to tackle likejacking

With the emergence of cloud security, a lot has changed since Eschelbeck last worked in Europe, not least the status of Sophos itself. In May 2010, the company was bought out by venture capitalists Apax Partners.