Back 
Last week I had the opportunity to talk to John Thompson as part of The Reimagine Series. The Reimagine Series sees the leadership team at Netskope host discussions with technology trailblazers as they introduce thought-provoking ideas that transform the way enterprises work. Across the series, we have been exploring innovative approaches to solving today’s technology and security challenges and I was really excited to catch up with John to hear his ideas.
John, now the chairman of Microsoft, describes himself as being in the fourth chapter of his career which spans more than 20 years at IBM starting in 1971 to running Symantec as its CEO.
You can catch the full conversation here, but if you don’t have the chance to watch the whole 30 minutes, I have captured a few of John’s thoughts below.
The first thing John and I discussed was the evolution of organizational expectations of security, and the resulting changes in requirements for security architecture. He told me that there are a couple of things we need to acknowledge:
- Every company, of any size, is now an IT company of some sort or another, and they are all making decisions about how much of the IT infrastructure that enables their service proposition they want to manage for themselves.
- It is inevitable that the world will move to the cloud — just as it was inevitable that the world moved to the web back in the mid-90s, and the cloud will become the platform of the future. But the question we need to ask is how much will people do to protect their content and data and what will they look to organizations to do for them. Over time more and more organizations are going to want it done for them.
John’s view is that while on-premises technology will always be important to *some* organizations, cloud-based services will become the most important platform for every company as time goes on. And he believes that security will be one of the top items that they are most concerned about.
Following this prediction of inevitable structural change, John talked about the fact that CISOs will need to build out their sales skills in the coming years. “You won’t get approval to do something unless you have convinced others that it’s the right solution.” He talked from his great experience about selling ideas and concepts to a group of internal stakeholders. The advice I found memorable was that:
“Selling doesn’t start until someone says no, and then a good salesperson works to understand why they said no so they can start to turn it into a yes.”
With boards of directors made up of people from diverse backgrounds with a range of technical understanding, we took some time discussing the best ways to present cyber security issues to the board. John gave three useful tips:
- Develop a programmatic initiative specifically for the board to help them get up to speed on the issues, risks, leading products, and companies, and to give them some context for understanding issues as they arise.
- Give the board an assessment of the organizational cybersecurity status, with context of the company alongside the market and specific competitors.
- When issues occur, make sure you are briefing the board on what prompted them and what has been done to mitigate the risk in the future.
Perhaps inevitably we also discussed the current pandemic and the impact that it is having on our world of IT and security. We can track remote user rates in the companies we work with and have seen the average remote user base leap from 27% to 70% since the start of the year. John’s perspective is that this pandemic is going to accelerate the movement to cloud and cloud-based security — something we are seeing from our own customers and the many enterprises we meet every day across the world. John told me that companies are having challenges accessing talent to come work on-prem and so there will be an aggressive movement to cloud to stabilize the functionality of business operations.
One of the webinar attendees asked John a question about what he is seeing in his role as an investor that we should be anticipating and again I took heart from John’s response as he believes, as we do at Netskope, that while there is no shortage of ideas for functionality and single-purpose products, the real value for both customers and investors will come from technology companies that are taking a horizontal platform view.
“Just solving one problem in the security world may not be enough and [a] horizontal [platform offering] is not about the price list, it’s about the products being integrated.”
We have more webinars coming up in The Reimagine Series with other excellent leaders in their field — next up is another former CEO from Symantec Enrique Salem. You can register here to find out about all the events in advance.
Read the blog