What the Snowden scenario proved is that the weakest link is not the technology, the weakest link is the individual; we shouldn't kid ourselves.
— John W. Thompson
My friends and family are amazed I've done so well. I was not a model student. No one expected that I'd build a Fortune 500 company at Symantec.
But what Web services suggest is that the connection is always there between an application that is resident somewhere in the cloud, and a user who is somewhere on the other end of a connection.
I don't think there is any franchise more powerful than ours around securing the consumer experience and we will not concede that to anyone including Microsoft.
Over the near term there is clearly the opportunity to work with Microsoft to do to a better job of creating a more secure Windows experience for users around the world.
So ensuring the integrity of the data and integrity and validity of the connection is a very important element in any company's strategy that is moving towards a Web service paradigm.
There has been no appreciable improvement in our country's ability to produce the kind of talent we need in this space. There have been some small initiatives around the country that have been noteworthy.
Well we have a good working relationship with Microsoft at the development level. But let's not kid ourselves, this is a company with enormous resources and talented people, and there is a certain pride that comes along with that for them and for us.
While there have been terrific advances in the state of technology around heuristics, behavior blocking, and things like that, technology is only a part of the approach to solving the problem with the more important aspect involving putting the right process in place.
I'm an intensely competitive guy who is driven by the idea that accepting mediocrity or accepting defeat is not the way you succeed in life.
I've learned several lessons over the years. First, never take yourself too seriously, or work is boring. Next, people make the difference. You can have great technology, but if it's not complemented by great people, it won't go anywhere. Finally, customers buy from people they like.
First, I do not think there is any silver bullet to solving the technology side of the security equation.
If you accept that security is a process, and if you can eliminate the human interaction or intervention in that process by automating more, that is a good thing.
Right now we have a closure rate between discovery and exploitation of four to six months. We need to be more in the realm of seven to 10 days. That is an enormous challenge.
So you will see us continue to advance the state of the art or take information that we have in our response data bases and have that drive automation or an automated response by some of our products.
We need to shift the paradigm from reactive technologies to more integrative solutions that deal with the variety and complexity of the threats that are out there today.
Well Web services are nothing more than a way for users to interact with applications.
The thing we have to be careful of is that the Internet is a global communications medium, and if one country tips the balance in regulating its use or regulating what companies or individuals do on the web, it could have an economic impact that might be unintended, quite frankly, by the regulations themselves.
I grew up in West Palm Beach, Florida. My dad took me hunting, trapping and fishing when I was a kid.
First, our focus on security is on the infrastructure itself. So it is all about how you protect the network, the device, and the application that is riding on the server.
One of the things that has been truly incredible to observe though, is the amount of venture investment that has gone into early stage security technology.
Second issue is the rapidly accelerating increase in the number of vulnerabilities that get discovered every day. And, equally importantly, is the shortening of time between the discovery of the vulnerability and the release of an exploit.
The U.S. and Israel probably lead the way in terms of venture investment in technologies companies focused on the security paradigm. That is quite encouraging.
We think the managed security services opportunity is enormous and so we have been an active participant and probably the largest firm in this space outside of an IBM or EDS, which does large outsourcing contracts.
What we are seeing now is customers shifting their attention from security products like firewalls and intrusion sensors, to the policies that need to be in place, and the technologies that help them enforce policy compliance.