Thompson, whom I met while chairing IT World Canada’s first-ever GovSym event in Ottawa this week, was referring to an internal program at Symantec called “eating our own cooking.” The idea being to show how the company is its own best user.
“There’s no way to do that with all the 200-plus products at Symantec,” he admitted, “our team is laying out a specific roadmap for the deployment of Symantec products and services.”
Thompson started out in the U.S. Air Force and later became CIO at PeopleSoft. He moved into the same role at Oracle, and since making the jump to Symantec he has been a key player in integrating the technology and operations of its many acquisitions, including a mammoth ERP project related to the purchase of Veritas. I wondered how they managed to keep things running smoothly amid those kinds of changes.
“It really comes down to portfolio management, which has been an approach in the industry for a long time but is really something I try to apply,” he said. “We take a look at each integration and put that up against the risks and rewards. In some cases we slow down on projects or even put off projects completely.”
When Symantec bought service-oriented management software maker Altiris, for example, Thompson’s team charged forward with all the back-office integration, which was deemed extremely critical. Licensing integration, however, was too complex and challenging to tackle immediately.
Like other tech company CIOs, Thompson is as much a spokesperson as he is an internal strategist. He spends a lot of time meeting his counterparts, giving Symantec the opportunity to approach CIOs in a peer relationship rather than a simple sales-client relationship. It also means he has the added pressure of making sure his firm lives up to its reputation as a security expert. Can you imagine if an incident of major data loss at Symantec went public?
“There can be additional risks of having so many technologists in a tech company,” said Thompson, discussing the sophistication within Symantec’s employee base. There are some steps it can take, such as having very tight control over source code, but a lot of his job includes policy reinforcement, even if it’s just putting up signs. “You go in the office cafeteria, and you’ll see it everywhere: that you’re working for a security company and you have to behave appropriately. We’re in their face a lot.”
The problem in regular companies, of course, is that people may think through purchasing the products they will also acquire the processes and values associated with the company that makes them. Instead, IT managers and CIOs need to figure out a way to get their organizations to pretend they work at Symantec too, and treat information as though they had an image to protect. Which, whether you’re working for Symantec or not, you actually do.