David Thompson, SymantecBy Brian P. Watson | Posted 2007-06-07 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
In what ways are today's innovative CIOs exploiting today's emerging information technologies?
Symanetc's David Thompson: Taking a risk-based approach to I.T.
David Thompson sits in the chair that many CIOs would like to occupy. As Symantec's CIO, Thompson reports directly to CEO John W. Thompson (no relation). As CEO, John Thompson wanted a CIO tightly aligned with business goals. He also wanted to give the CIO the ability to promote innovationand not be hamstrung by a less direct reporting structure. Since arriving in January from Oracle, David Thompson has engaged in a wide range of projects including becoming the final test bed for products before being made available to customers, including a new toolcode name Hamletthat combines security and compliance features. Here's what the CIO told eWeek editorial director Eric Lundquist at Ziff Davis' CIO Summit in May.
Baseline: What skills do CIOs need to foster close relationships with the CEO and other top corporate executives?
Thompson: Having a broad base of business experience has been key in my career. I had a background in the military, a background in consulting, and a background in the implementation of technology. And, really being just a pure technologist, you're not going to be a successful CIO. You do have to have a broad base of knowledge and stay abreast of what's happening in your company, but you also have to form relationships with your business leaders. The key factor in being successful is that you have to understand what they do everyday and help them use technology to be successful.
Innovative companies still must understand risk. How do you address risk management?
I.T. has to have a risk-based approach because our technology is a tool for business. If you got risks in your technology, you got risks in your business. We have to measure risks, understand where our risks are. Many CIOs make the mistake of not understanding where their risks are. They assume where the risk is. But, when you look at things, you'll find that your financial systems aren't the most critical things, maybe your customer support system has a higher priority and should be put on a higher priority for recovery in case of an incident.
On security, are the bad guys getting smarter?
We now have moved into an environment where we cannot afford to have any vulnerability. When a vulnerability has been discovered, the product must be patched [immediately]. We, at Symantec, are spending more of our time in the I.T. world, and responding with products with built-in heuristics. The threat landscape has changed. We're looking at our employees, contractors and partners for vulnerabilities more than we have before because the ecosysystem has gotten very, very closely aligned with the use of technology.