If I were the next CEO of Symantec – redux

I just read a Bloomberg article, proclaiming that Symantec cut its quarterly revenue forecast and announcing that CEO Michael Brown will step down. Unfortunately for Symantec, the company has had a revolving door of chief executives — four different individuals since 2008, and now onward to a fifth.

Executive_at_desk.jpgWhen Symantec went through a similar CEO transition in 2014, I posted a blog to suggest what I would do as its next CEO but surprisingly my phone never rang. Nevertheless, I reviewed my two-year old recommendations this morning and many of Symantec’s issues back then still need fixing. Given this, allow me to review and update my CEO action plan for Symantec:

  1. Become the leading provider of managed and professional security services. This was my number one priority two years ago and I’m sticking to it. Managed security services are growing twice as fast as product sales while the information security skills shortage gets worse each day. This is why Dell SecureWorks (and others) are killing it in this space. Meanwhile, Symantec already has a very strong MSSP business so this opportunity is there for the taking. If I were the next CEO, I would invest heavily in this area by hiring personnel, doubling down on sales and marketing, and creating high-value enterprise-class managed services in areas like security analytics and incident response. The enterprise MSSP market is there for the taking.  
  2. Become active in M&A again. Yup, I’m sticking on this one too. While Symantec was distracted with CEO transitions and the Veritas divestiture, Cisco and IBM went into aggressive acquisition mode and scored big time by grabbing companies like OpenDNS (Cisco) and Resilient Systems (IBM). Each one added valuable startups to their portfolios and continue to ride the cybersecurity growth wave. Symantec has the cash and should be filling in its portfolio accordingly.
  3. Streamline, streamline, streamline. Aside from the Veritas divestiture, I suggested that Symantec streamline its product portfolio by abandoning second-tier products and services. There is still a lot of work to do here. Symantec has to decide where it wants to focus, invest in these areas, and sell off everything else. The good news is that Symantec does have some very good products that it never figured out how to sell and market. The company should be able to find buyers for these.
  4. Establish a cybersecurity architecture and ecosystem. Symantec has started to do this with its own products but hasn’t become a nexus for other cybersecurity vendors. Meanwhile, Cisco, IBM, Splunk, and others are executing on this with aplomb. This must be a high priority for the new CEO or Symantec could find itself on the outside looking into the enterprise security market.

I made a few other suggestions back in 2014 and these still apply as well. Given the passage of time however, let me add two more recommendations as well:

  1. Adopt a laser focus on endpoint security. The good news is that Symantec is the world’s largest endpoint security vendor. The bad news is that this lucrative market is proceeding through a transition into an amorphous category called “next-generation endpoint security.” In spite of the industry hyperbole however, the threat to Symantec is very real, as enterprise organizations supplement or replace traditional AV with tools from vendors like Carbon Black, Countertack, Cylance, Crowdstrike, DigitalGuardian, Invincea, and SentinelOne. Symantec needs to defend its turf as if its life depended upon it since this may actually be the case. In spite of Symantec’s knowledge of endpoint security technology, it may have to acquire here to reverse course quickly.
  2. Capitalize on the opportunity in data security. This is actually another area where Symantec has done relatively well, growing its DLP revenue around 30% last year. Still, Symantec has not been aggressive enough in a market where it can build on its leadership position. Symantec needs to invest in data security-centric professional services, get serious about a data security CASB play, integrate its PGP assets more tightly into its DLP technology and its go-to-market strategy, and partner with data management leaders like Box, Microsoft, and Oracle. With the right investments, Symantec could own this market.

Of course, investment bankers and Wall Street investors will push the next CEO to sell the whole enchilada to a company like Dell, HP, Microsoft, or Oracle. This exit would please some fat-cats, but Symantec may still have some runway to turn things around.

Okay, I’ve still never run a multi-billion dollar company but I do believe that my old and new recommendations could help Symantec get back on track. Hmm, I better increase the volume on my cell phone so I don’t miss any calls this time.

Endpoint Security Infographic

Topics: Cybersecurity