Steve Richards is used to the insinuation, jokingly made by customers of Network Associates International, that the security company writes the viruses themselves.
But when you talk to people inside NAI, where Richard works as chief operating officer, you get an incredulous reaction.
say to me, ‘If we wrote the viruses, there’s no way you’d ever be able to deal with it,'”” he says, adding that while the firm does not employ former hackers, they have developed top-notch skills that could endanger corporate networks. “”These guys know all the tricks.””
Richards was in Toronto this week to speak at a meeting of the local Society of Financial Analysts. He took some time to speak with Computing Canada about how the company parlays its unique expertise.
Computing Canada: Explain your role as chief operations officer.
Steve Richards: I joined a year and a half ago as chief financial officer and over the first year we needed to get a lot done. As we began to look at what needed to get done within the organization we decided the company needed to be broken up into three pieces. Each of us would take the areas of the company that were our core competency and ride those areas of the business. Our chairman (George Samenuk) took growing international. Gene Hodges has a technology and marketing background and can take a product from cradle to grave. The operational side–the backend of the business, the IT department, things that bring efficiency that aren’t necessarily customer facing–is what I retained.
CC: Have cut backs made creating efficiencies harder?
SR: Not really. When I joined we had about US$600 million in cash and we have a little under US$1 billion today, so it gives us the ability to go out and make strategic investments in our business. We aren’t looking to get into a fourth business, but we are looking for opportunities to either build, buy or partner technologies that integrate with what we offer our customers.
CC: How do you integrate these acquisitions?
SR: We’ve done two since I’ve joined the company and I’d say most companies don’t do them well. I think what distinguishes our management team is all of us have done acquisitions before so we know what doesn’t work. And we put our development teams on very aggressive delivery deadlines.
CC: Do you plan on acquiring more companies?
SR: We’ve looked at 100 companies and we’re getting very close on a couple, but they are adjacent products.
CC: Is it harder or easier to incorporate a company like McAfee that was yours in the first place?
SR: McAfee was probably easier because they were part of us and the root technology is the same. The majority of the people were there when we went public and now they’re part of Network Associates again. There is some overlap, we’ve identified US$5 million a year in expenses that will be cut out.
CC: Any concern from McAfee employees about a loss of independence?
SR: There’s a little of that, but we’ve really gone out of our way to make sure they feel part of Network Associates. We have an all-hands meeting after each earnings call and for the first time all the McAfee.com folks participated for the first time.
CC: Are your acquisitions based on need or competitive strategy?
SR: Valuations are way down; cash value hasn’t changed. I have the opportunity to walk into a company that might have been way too expensive to acquire a year ago and has become more realistically priced.
CC: How willing are customers to invest?
SR: We’re in an interesting space. Despite shrinking IT budgets, a greater proportion of that budget is being spent in security. Security is like buying insurance–not having it is a risk choice. The banks, brokerages, insurance companies, your business, their livelihood, their ability to do business is dependent on the network. So not having that 99.999 per cent up-time is not an option anymore. If you’re going to have to spent money to secure your network, you may do that in lieu of a CRM or a new ERP.
Our ability to grow is one clear indication customers are taking security seriously and they are spending money.
CC: How do you measure the return on investment for a product that doesn’t make money?
SR: There is always that challenge, but Sniffer is probably the better example and easiest to articulate. What it does is monitoring traffic on the network and get more utilization out of existing bandwidth. In the heyday people were just buying new routers, they were buying new bandwidth, it didn’t matter how efficient their network was because they could continue to buy more capacity.
CC: Does interest in security fall then when the economy bounces back?
SR: I don’t think security is ever going to very far from the mind. If you wind back the clock and go back to what we’ve been through in the last year, from Code Red to SirCam in July, Nimda in September, Goner and Badtrans in December, and Klez, Bugbear . . . the viruses just keep coming. You are reminded on a daily basis hackers are out there.