A 13-year mainstay of McAfee, Greg Day was among the best-known spokespeople for the company but this summer he switched sides to Symantec. Dan Raywood spoke with him about the move and the future of information security.
Day started out with Doctor Solomons in 1991 and then stayed with the company after its acquisition by McAfee in 1998. At McAfee he rose to become the company's director of security strategy.
In his new role at Symantec, as EMEA security CTO and director of strategy, he explained that he will be leading a team of security strategists across EMEA, whose remit will be ‘security through leadership for Symantec'. Day said that the team will provide content for event and speaking with customers, as well as focusing on trends and identifying where security is going.
“We want to talk to clients about what they should be doing and sharing industry practises. Not only with clients, but engaging with government and their activities,” he said.
“I will remain as vice chairman of the Intellect cyber security group and we will remain engaged with government on guidance to viewpoints on policy and direction. I work for a vendor but I look at it as other directors would.”
Last summer saw the acquisition of McAfee by Intel and recently, Dave DeWalt resigned as president of McAfee to be replaced by Michael DeCesare and Todd Gebhart. Day said that in his time at McAfee, he felt he had worked for ‘six or eight different companies' with his roles in the company's various divisions and under different CEOs, but he felt that it was now a completely different company.
He said: “I hope that they continue to do great things, but McAfee looks at security, while Symantec are making a transition into security and information and these have to go hand in hand and they are the only company bringing them together.”
Day said that another driving force for his decision to move from one security giant to another was Symantec's efforts with cloud technology via MessageLabs and its interest in mobile security.
He said: “More progressive companies have corporate app stores now and this is a big area for Symantec as there are two serious options now: either with more security on the devices; or with a built sandboxed model. Most companies will start with a sandbox and that is often a stopgap, as they need more native control and need to adopt an application quickly.
“People are looking and becoming more efficient and want things to work rather than figuring out whether it works or not.”
With vendors such as Good Technology, MobileIron and Zenprise now firmly setting their mobile management stalls out in the security space, I asked Day if this was a specific move forward for Symantec. He said that the company has had mobile solutions already but they had not ‘been shouted about'.
Looking forward into the future of information security, Day said that along with the advanced persistent threat, the real challenge is regarding information at the broader level and specifically at a business level.
He said: “Cyber crime against the public will continue but against businesses we do not know when it will stop. You start with social engineering that businesses have not woken up to and it is the age-old question of 'if the internet was started again, would we be in a better place?' I say it would be smaller but we would make other mistakes.”
“If someone wants to get in then they will, so you have to think about how long that will be sustained for and when they get in, what is going to stop stuff getting out. How do you defend against exfiltration?
“I am hearing ‘cyber defence' more and more and it is about whether you defend or prevent. You spend relevant to your risk, but you are never 100 per cent secure.”