David Thompson, Symantec

By Brian P. Watson Print this article Print

In what ways are today's innovative CIOs exploiting today's emerging information technologies?

Symanetc's David Thompson: Taking a risk-based approach to I.T.
David Thompson sits in the chair that many CIOs would like to occupy. As Symantec's CIO, Thompson reports directly to CEO John W. Thompson (no relation). As CEO, John Thompson wanted a CIO tightly aligned with business goals. He also wanted to give the CIO the ability to promote innovation—and not be hamstrung by a less direct reporting structure. Since arriving in January from Oracle, David Thompson has engaged in a wide range of projects including becoming the final test bed for products before being made available to customers, including a new tool—code name Hamlet—that combines security and compliance features. Here's what the CIO told eWeek editorial director Eric Lundquist at Ziff Davis' CIO Summit in May.

Baseline: What skills do CIOs need to foster close relationships with the CEO and other top corporate executives?

Thompson: Having a broad base of business experience has been key in my career. I had a background in the military, a background in consulting, and a background in the implementation of technology. And, really being just a pure technologist, you're not going to be a successful CIO. You do have to have a broad base of knowledge and stay abreast of what's happening in your company, but you also have to form relationships with your business leaders. The key factor in being successful is that you have to understand what they do everyday and help them use technology to be successful.

Innovative companies still must understand risk. How do you address risk management?

I.T. has to have a risk-based approach because our technology is a tool for business. If you got risks in your technology, you got risks in your business. We have to measure risks, understand where our risks are. Many CIOs make the mistake of not understanding where their risks are. They assume where the risk is. But, when you look at things, you'll find that your financial systems aren't the most critical things, maybe your customer support system has a higher priority and should be put on a higher priority for recovery in case of an incident.

On security, are the bad guys getting smarter?

We now have moved into an environment where we cannot afford to have any vulnerability. When a vulnerability has been discovered, the product must be patched [immediately]. We, at Symantec, are spending more of our time in the I.T. world, and responding with products with built-in heuristics. The threat landscape has changed. We're looking at our employees, contractors and partners for vulnerabilities more than we have before because the ecosysystem has gotten very, very closely aligned with the use of technology.

This article was originally published on 2007-06-07
Associate Editor

Brian joined Baseline in March 2006. In addition to previous stints at Inter@ctive Week and The Net Economy, he's written for The News-Press in Fort Myers, Fla., as well as The Sunday Tribune in Dublin, Ireland. Brian has a B.A. from Bucknell University and a master's degree from Northwestern University's Medill School of Journalism.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.