Last week I had the opportunity to talk to John Thompson as part of The Reimagine Series. The Reimagine Series sees the leadership team at Netskope host discussions with technology trailblazers as they introduce thought-provoking ideas that transform the way enterprises work. Across the series, we have been exploring innovative approaches to solving today’s technology and security challenges and I was really excited to catch up with John to hear his ideas.
John, now the chairman of Microsoft, describes himself as being in the fourth chapter of his career which spans more than 20 years at IBM starting in 1971 to running Symantec as its CEO.
You can catch the full conversation here, but if you don’t have the chance to watch the whole 30 minutes, I have captured a few of John’s thoughts below.
The first thing John and I discussed was the evolution of organizational expectations of security, and the resulting changes in requirements for security architecture. He told me that there are a couple of things we need to acknowledge:
- Every company, of any size, is now an IT company of some sort or another, and they are all making decisions about how much of the IT infrastructure that enables their service proposition they want to manage for themselves.
- It is inevitable that the world will move to the cloud — just as it was inevitable that the world moved to the web back in the mid-90s, and the cloud will become the platform of the future. But the question we need to ask is how much will people do to protect their content and data and what will they look to organizations to do for them. Over time more and more organizations are going to want it done for them.
John’s view is that while on-premises technology will always be important to *some* organizations, cloud-based services will become the most important platform for every company as time goes on. And he believes that security will be one of the top items that they are most concerned about.
Following this prediction of inevitable structural change, John talked about the fact that CISOs will need to build out their sales skills in the coming years. “You won’t get approval to do something unless you have convinced others that it’s the right solution.” He talked from his great experience about selling ideas and concepts to a group of internal stakeholders. The advice I found memorable was that:
“Selling doesn’t start until someone says no, and then a good salesperson works to understand why they said no so they can start to turn it into a yes.”
With boards of directors made up of people from diverse backgrounds with a range of technical understanding, we took some time discussing the best ways to present cyber security issues to the board. John gave three useful tips:
- Develop a programmatic initiative specifically for the board to help them get up to speed on the issues, risks, leading products, and companies, and to give them some context for understanding issues as they arise.
- Give the board an assessment of the organizational cybersecurity status, with context of the company alongside the market and specific competitors.