10 July 2017
Symantec Managing Director for the Pacific Region Ian McAdam joins Ronnie on the couch to discuss Symantec, current security trends in the industry, security threats, barriers to cyber security, the biggest mistakes people make around security, it’s future and more.
SOME KEY POINTS IN THE VIDEO INCLUDE
[3.15] Ian McAdam, Managing Director of Symantec, an Olympic Swimmer?
[12.28] How important user education in cyber security is
[18.26] What is cyber insurance
[28.40] The difference between running your own business and running a business within a business
[33.22] Something about Ian that nobody knows
READ THE TRANSCRIPT
Ronnie: Hey there, welcome to the Download. Today, I’m joined by Ian McAdam, managing director of Symantec Australia and New Zealand. We’re going to have a really interesting chat with Ian because security’s incredibly topical right now. Let’s dive straight in. Ian, mate, welcome.
Ian : Thank you very much, Ronnie.
Ronnie: Great to have you with us.
Ian: It is great to be here, mate.
Ronnie: Tell us the Ian McAdam story. I’m sorry, I’ve obviously read your bio. I’ve known you for a while. You’re an accountant, all sorts of things. I mean, there’s some similarities between us. There’s one clear distinction between us which maybe you can tell us about. Tell us a bit about you.
Ian: It is a bit of a circuitous route to get to security. I am actually a CPA by trade. My first job at the university is working for KPMG. I’ve worked in advisory firms, then I worked at law firms. I had a legal background as well. Then I met my wife at QANTAS Treasury, so actually, I have a treasury background regarding their systems there. After that, I decided to run my first business. That was for about three years where I joint venture with a company called Orco Finance Group.
I learned a lot about running a business. Moving out of, I suppose, the large firm, moving into your own responsibilities. From then, I then decided to move into software. Worked at PeopleSoft for six years, It was acquired by Oracle. After that had a number of MD roles at Mincom and other roles. It took me to Paris as well. I worked there for 18 months, it was quite a unique experience as well.
What happened was I was working at Oracle for the last four years and I was approached by someone at Symantec. It was at a time where I thought I’ve been at Oracle for four years, I was looking at actually having a bit of a change. He said, “Look, there’s a gig going on at Symantec. You may have heard of them.” I said, “I’m very familiar with Symantec.” I think, maybe, this wasn’t my cup of tea.
It wasn’t till I actually went home that evening and said to my wife, “I had an interesting offer today. She said, “What is it?” I explained it to her. My wife is on the board of a Tier 2 bank. She said, “Ian, at the end of the day, this is a topic.” This is a little over two years ago, right? It’s before there has been obviously significant changes in security landscape. She said, “If I can get somebody to come in and help me understand my risk profile in order to dispense my fiduciary duties, without doing any technical babble, that’s really valuable to me.”
It got me thinking that there is actually about to be a significant change in the landscape. I was watching what was happening at Symantec just prior to announcing their splitting of Veritas Business, et cetera. I thought there is definitely a– I see change about to happen here and I like changing things up. I like doing things to sort of make things a little bit different in my life. This certainly hit the mark for me.
Ronnie: That’s just fantastic. I mentioned some similarities and one key difference.
Ian: You got to come back to that. [laughs]
Ronnie: Your humility, just left that behind. I’m going to make you talk about it.
Ronnie: You were an Olympic swimmer as well. You swam in 1998 at the Olympic in Seoul.
Ian: I swim at the Seoul Olympics, wonderful privilege, obviously. I spent the 10 years prior to that following the black line up and down the pool. I must have been the most boring teenager ever. It was, obviously, something that I was driven to do. I always wanted to swim in the Olympics. My father said, “You could pick a different sport from swimming.” It was a great experience. I swum the 100 and 200 breaststroke. I swam the breaststroke like the medley relay, we made the final. The experience was really quite incredible.
What it did do for me was it showed that our work ethic is a little bit like a sport ethic. If you actually process it, if you actually go through the same methodology, they can transpose. Obviously, I’ve taken that through my career as well. A great experience. Lots of parties at the end of it, everyone smirks about. You have to appreciate that all athletes have had a number of years whereby they’ve been starving themselves of entertainment. They all go crazy at the last week of the Olympics, but it was a great experience.
Ronnie: It’s just fantastic. I did a training course a while ago with some ex-Olympians who did this peak performance training. I think the disciplines that you learn from being a high-performing athlete like that, and obviously, being at the top of your game to do so. You’ve taken that through your career and you’re at the top of your game right now having been MDs at multiple different companies.
Now, it’s Symantec. Which is really, effectively, it’s almost a new organization now with the split off of Veritas, the acquisition of Blue Coat. How’s all that settling down? It’s been a little while now. You guys, I think you just closed your first quarter as two companies together. How’s all that going that the stuff we’re seeing coming to market is significant, obviously, as a long-term Symantec partner?
Insentra’s very attached to the things you’re doing, but I’m sure a lot of people who are watching this aren’t as much. What would you say was the two or three things that have made the biggest differences or result of the split and the coming together of Blue Coat?
Ian: I’ll go back to one of the key features for me to join Symantec was the fact that I did actually buy into the process of wanting to split the Veritas business from the core security business so it can be solely focused on cybersecurity. Obviously, the Veritas business is a wonderful business. Getting back to core competencies is something that I really like. It’s a bit like following the black line I mentioned before.
For us, looking at the journey, what’s happened at Symantec in the last two years, with the split obviously, there was a lot of work that had to be done to make sure that we did hit the ground running being solely focused on cybersecurity. But then, in August of last year, obviously, the big change was the acquisition of the Blue Coat systems. Now, what was good about Blue Coat systems was that there was elements in that team– in that technology, I should say. I’ll talk about team in a second.
On the technology side, Symantec was not very strong at all in the networking. We didn’t have a Cloud access security broker at all. It was two elements that we didn’t have in our portfolio, and it helped quite smooth it all out. The challenge, however, from a team perspective, is obviously bringing two teams together. As you mentioned, we did actually have our first quarter together. I must say, the two teams have come together exceptionally well.
We’re really pleased with our results. Obviously, I can’t disclose what has happened because I only finished on Friday. We, obviously, need to disclose it to Wall Street. I have to say, I’ve been really pleasantly surprised with how well the two teams have integrated. Not just from a go-to-market but also the ability to actually learn the opposite side of the technology.
Obviously, the biggest challenge, and you would have seen this from the number of technologies that you support, Ronnie, that sometimes the people want to self-specialize and you don’t make the most of the portfolios in front of you. I think that’s the thing that I’ve been trying to drive, particularly, in the last six or seven months in preparation for what has been just their first quarter together.
Ronnie: I think, as well, security is such a broad portfolio now. Years ago, it was Endpoint firewall, thanks for coming. Now, it’s so much more than that. We went through a phase of governance, compliance and risk. That’s still tantamount. What we’re seeing now, it’s actually now something that mom and dad at home know about. They know about WannaCry, they know about Petya, they know about these things that are impacting organizations.
Obviously, the media’s fantastic at that. It’s just so easy for people to be called out. What was once this thing of IT Propellerheads, is now something that’s so much more well understood by the general market.
Ian: Putting the media aside just for a minute because I totally concur with your view on that one. I also think that now that because boards are now getting involved. Going back to the story about my wife, the boards need to understand the fundamentals of this now. As a result of that, the number of conversations that have been given back to the CEOs, they make sure you get ready for this next presentation to me. Has meant that from a enterprise perspective, yes, there’s definitely a lot more coverage.
My personal view is there is going to be probably a lot more consolidation going on in this industry. Probably a bit like what we saw in the ERP sense from the late ’90s and early 2000. There was a lot of point solutions that then came together in the consolidation. I think we’re about to go through the same thing in this space in cybersecurity.
I also think that Symantec itself, with the new chief executive, with Greg Clark, who is quite inquisitive in historical perspective, sees that there are opportunities to continue that consolidation process as well. If I then take the consumer’s side, I think the media, to your point, have done a really good job of making people aware of good and bad behavior. At the end of the day, it comes down to education, really.
It’s getting the right information out to consumers as well as the enterprise. What’s happening is the enterprise and the consumer world is starting to blur together because people take their work home. They work at home, therefore, there’s a threat element they need to be aware of, what could go on within their four walls.
Ronnie: Obviously, the consumer is a very important part of your business as well with the old Norton side of it. That’s still a very important part. That’s why the interesting things about Symantec is that play from top to bottom and across, and also now getting a whole lot deeper with Cloud access security broker you just said, that you were talking about. That just broadens the story.
To your point about consolidation in the industry, the thing that I think is really interesting is that just about every other week, I’m hearing about another new security technology. Something that does something that nobody else does or does it in a way that nobody else has thought of doing. I even heard about an organization who had this technology which, basically, just lays booby traps and almost baits the hackers to come through, and makes the hackers excited that they got somewhere. They get them to a point and it’s like, “Got you.”
Ronnie: Some of these technologies and the way it’s moving, how are you finding that Symantec is keeping up with that? I mean, clearly, you’ve been innovating a whole lot lately. There’s getting focused and sticking to your needing and going back to what Symantec used to do. How are you finding that innovation driving through the culture? Indeed, your sales teams and your techs being able to talk an entire cybersecurity strategy rather than just a point strategy.
Ian: If you take the RSA Conference, annual conference, which is now like the largest cybersecurity conference, globally. If you look at the number of unique vendors that keep on coming up the stalls, to your point, there is no shortage of new technology that’s popping up, that is the latest silver bullet. Symantec, itself, actually has a group that’s being up called Symantec Capital Ventures.
Whereby, we are looking at the smaller startups to see what is the technology that fit into a broader play. Symantec, itself, went along. As I mentioned, Greg Clark, our chief executive, does look at what is the up and coming. We’ll have this actually fit the portfolio, but there is a lot of noise out there. There is a lot of point solutions that effectively can do that much. Unfortunately, there’s multiple vectors, as you’re aware of, that cyber criminals will use in order to get the information they’re not entitled to.
It’s that fine balance between get the best technology, the shiniest new toy. Finding a way that it can actually still integrate into the broader portfolio, and at the same time, how can that be then consumed by both enterprise and consumer. That’s the key because, as I mentioned before, it’s blurring between consumer and enterprise now. How is it that it’s going to be easily consumable all the way through the supply chain effectively of us using technology?
Ronnie: I think you’re absolutely right. You mentioned education before, something you touched on. My view on it is it’s fantastic. You can have wonderful different tools that they’re going to help do prevention or detection. The biggest problem that was to you and me, it’s the human element-
Ronnie: -and educating people. I read a blog, a couple of weeks ago, from a guy in the industry who’s the security expert. He just about got down himself because he happened to click on something. By his own admission, I should have know better, but you’re busy. You’re doing things, you go click and go. I think that user education part is something that I’m not seeing Symantec address. It’s not something that necessarily you focus on. You focus on providing those tools and rely on your partner community to do that. Well, I have that accurate?
Ian: You do, actually. The partner communities incredibly important. I will actually admit to something. We actually phish ourselves. We do see people within Symantec organization that click on the element they shouldn’t be clicking on. We test ourselves.
Ronnie: Our plumbers pipes are often leaky. [laughs]
Ian: Still, there’s a bit of wall of shame. They come to that as a result to that. It does go to your point, is that most secure savvy people can still make those errors. The other thing is, in the scheme of things, where 250-300 people just in Australia in Symantec, that’s very difficult for us to get across absolutely everything to be part of that education process.
Our partner community is incredibly important for that because this is what we believe good looks like. If our partners agree with that analogy, then that’s really the way that we can scale that through the community. Once again, both through consumer all the way through the enterprise as well. Education’s a funny thing. It’s something that we feel as though, if you’re a parent, obviously, you want to protect your children.
At the same time, we are finding a lot of enterprise as well as large government departments are saying, “I like what I’m doing on the enterprise sense here, but can you now also package up what we can do so I can give Norton to all my staff when I take it home so I can have that end to end.”
I think the other reason why Norton is very, very important to us is, at the end of the day, there’s another 65 million endpoints that people are actually using every single day that feeds back through our global intelligence network. It gives us greater reach beyond just the enterprise. We’re seeing what’s happening on the consumer side as well.
Ronnie: You have the largest global intelligence network on the planet, right?
Ian: Yes, that’s correct. Actually, I’ve mentioned 65 million consumer endpoint. We actually have 175 million endpoints when you actually put all the enterprise and consumer together. Certainly, also, from what we now see from the proxies that have actually been feeding into our global intelligence network, is that we see more than any other global intelligence network in the world.
What that does is not necessarily about who is the biggest. It’s about what you do with that data lake, and what are the analysis that you use, and what are the analytics that you use in order to be able to do predictive elements in there. That’s the key. You’re going to have a big lake, but what you do with that is the key. The lake is big for us. There’s no two ways about it.
Outside large government organizations in North America, they do actually come to us for information on that because we see a lot more as a result, and then feed that back through to our government bodies.
Ronnie: Let’s just change tack a little bit because we’re speaking a lot about cybersecurity. There’s a couple of interesting things that are happening right now, obviously. In Australia, we’ve got the privacy, the mandatory breach notification. Globally, GDPR over in AMIA. There’s been a bunch of things in the US already. It’s almost like the rest of the world now is rallying around what the US had done.
Ronnie: That’s obviously driving a lot more interest in overall cybersecurity because breach is not– Look what happened to Target. No CEO typically survives breach in a public form.
Ronnie: It’s something that boards are very, very concerned about. If nothing else, reputationally, let alone the impact to their clients where their data may be leaked. I saw a few weeks ago that the US government had 200 million electoral records via a breach, and they were stolen. People are out there looking for this stuff. People are doing it. What’s the impact of the up and coming Australian mandatory breach notification? What are you seeing the impact to your business has been?
Ian: Phenomenal. If there’s one thing that we are driving very hard at Symantec is trying to help with disseminating that information across the boards as to what it really means. To your point, the US has actually had mandatory disclosure laws for a number of years. We think, “Hey, here we go again.” There is actually some fundamental differences between what we’re doing here in Australia, which is due to come into effect in February of next year.
25th of May next year, GDPR, in particular, is even another layer again. From a European perspective, I mentioned that I lived in Paris for a couple of years. You got to appreciate that Europeans really are quite protective of their privacy. It’s something that’s really tantamount to their existence. Obviously, history has proven that privacy is absolutely a front of mine from people who’ve experienced two world wars in their backyard.
What has happened is that the level of damages that could come out, that corporations have to pay the result of it, is the thing that’s probably the most alarming. When I said the most alarming is that privacy and the protection of your privacy is something that boards really do need to get their mind around fairly quickly, because February and May of next year, really aren’t that far away.
I think if anything that we have noticed lately is that a lot of the questions that are coming back into Symantec say, “How do I prepare my board for it?” A lot of the time, it’s like, “I got plenty of time, I have an eye on them.” Unfortunately, the case of the matter is that if you look at what happened to the US, it’s actually not exactly the same as what can happen here, and also in Europe.
The world’s become a global village. As a result, your intricacies that you could trip up, thinking that you’re only looking after just your strain interest, may be a European usage that you might not be aware of. What ends up happening is that sea level, talking to their boards and talking to their legal counsel, has now started this triangle that we haven’t seen in Australia. I think that that’s really the key for their getting on top of.
Ronnie: There’s a direct correlation as well between a security posture and cyber resilience as it relates to what is another up and coming area within technology, which is effectively cyber insurance. There’s a lot of people now chattering about cyber insurance. The insurers today is still struggling to work at how to value data. It’s not like you can take them into a garage and say, “There’s my 10 cars, tell me what the insurance premium’s going to be.”
Often, the insurers are like, “Well, you tell us what it’s worth,” but we breach. There’s a lot of chatter as well about the value of data, and data, ultimately, being something that’s going to end up on a balance sheet. How are you finding discussions? Are you having a lot of discussions at the board level around cyber insurance and how that’s connected?
Ian: Absolutely, Ronnie. You’ve raised a really interesting point. Insurance companies obviously need their actuaries so they could look at what historical data is. Normally, if a flood data, or for rain, or for fire, you only have 100 years worth of data. In this case, we actually don’t have that in cybersecurity. What’s happened is, to your point, is a little bit of an unknown, it should feel like this, looks like this, it should feel and look like this.
If you take in Symantec’s perspective, is that up until recently, we self-insured. For as our thinking, “Well, we’re safe. Why will we need to do it?” What ends up happening is that even as your security posture improves all the time, there is a residual risk that cyber insurance could actually cover that covers off all the bits that you mature on the way through, but then there’s this residual risk. I think this residual risk conversation back to the board is once again a key thing.
All companies need a little bit of risk in order to have a return, but what is an acceptable risk is the key. Cyber insurance is of those interesting, “Where do I cut in and where do I cut out?” I need to obviously have my backyard in order to get to a point where I’m feeling comfortable with it, but there is still elements there that I can’t see. Therefore, cyber insurance would actually fulfill that requirement. As I said, Symantec vendors sells in this situation quite recently. Whereby we no longer self-insure, we actually do take up cyber insurance as another layer of protection.
Ronnie: Again, that’s where the industry seems to be heading.
Ronnie: There is no doubt.
Ian: Australia follows from a IT perspective, we follow the US fairly closely. If you think about even like the adoption that we had as a service will be, SAS Pass, IS. It was pretty close to what happened in the US side of it, and we adopted it fairly quickly. Certainly at a faster rate we’ve noticed in the rest of Asia Pacific, in Japan.
Ronnie: In fact, I think, if you look at some of the statistics, we’re adopting all of those services now faster than anywhere else. New Zealand is way the hell ahead of us. As they are very much nearly adoption kind of nation. Australia’s right up there too. We might have followed suit, but it’s almost like we’ve followed and leaped off.
Ian: If you take that onboard, which is I agree with those findings, Ronnie, but cyber insurance is fairly similar. We’ve seen a blowout in inquiries in the US in the last six to nine months. I think it’s not going to be far before, in Australia, we’ll be exactly the same situation here. New Zealand, to your point, is obviously a testing ground for a lot of technologies. Once again, we’re fielding a lot more questions from that country as well.
Ronnie: Right. With the exception of your wife, who’s a board member, what are the top three conversations when you’re in talking to boards? Which no doubt you do on a regular basis, called in as an expert in the field and talking about what we do. Boards, and government agencies, large government agencies, what are the top parts of cybersecurity that you’re seeing that are on their agenda and the advice that you’re providing?
Ian: The first one, we’ve already spoken about, the mandatory disclosure laws. That’s definitely topic number one, and what does GDPR mean to me. That, in itself, takes up the first part of the conversation, but I need to park that. The other thing is the skill shortage. At the end of the day, we found that, “Hey, how do I find the ability to protect myself? If I wanted to protect myself, where do I go?” We’re looking at an industry whereby the demand is outstripping the supply at a great rate. I have a son, he’s doing engineering at universities, now going, “I want to get into that industry because there’s no unemployment.”
Putting that joke aside, not a joke but that point aside, that’s saying there is obviously a demand for it, we are finding that the boards are finding it difficult to say, “Well, hang on a minute. That is the reality. What do I need to do in order to be able to give myself some protection? To give myself some comfort that I’m still in the good hands, given that I can’t do anything about it if the banks soak up all the excess capacity. There’s nothing else left over, who do I do?” That’s where we talked about using our partners. Obviously, using our main services, et cetera on the way through in order to be able to give them that layer of protection.
They start off with a governance perspective which is the legislation, the first one, then it becomes a reality of skill shortage. You got to marry those two conversations together with the boards. That conversation is quite difficult to have because, once again, a lot of board members aren’t IT savvy. They just want to say, “Well, how much do I need to pay to make myself feel safe?” Unfortunately, there isn’t an arrow and model that we can actually give you direction, give you that solution, so let’s talk about what good posture looks like every period of time. That’s a longer term conversation. It’s the only way around it.
Ronnie: Right. You’re finding the ASD Top-8 is something that is inextricably linked with your go-to-market strategies and conversations you’re having, or is that largely still focused at government?
Ian: It used to be largely government. It’s interesting how the last 6-12 months that, particularly, the federal government is now becoming a lot more involved in cybersecurity. That people now start asking questions, “Well, what does the Top-8 really mean to me and how do I follow that as a step?”
What is being historically– and even when I say historic, 12 months ago saying, “Let ASD’s what good looks like and I can’t afford it. I better down this time for myself to work out what is good because the government is getting far more involved.”
We saw that even just like before yesterday, the government announced that ASD is now going to be doing some proactive attacks in order to be able to protect us as citizens. This is actually a fundamental shift in the way that the government is moving about. As a result, ASD will have a different role to play, in my opinion.
Ronnie: No doubt that that’s going to have ripple effects right throughout all manners of industries. It’s interesting. Often, when we’re in outside of the fence and we’re on the cell side, it’s like mandatory breach is manna from heaven for an organization like yourself with data loss prevention tool sets and all of those things to help protect information. I think one of the things that gets lost in the industry is people see security, it’s a Propellerhead thing, it’s a tech boffin thing.
It’s actually not about that. It’s much broader, and deeper, and wider than that. It has such profound impacts on so many different areas of our lives. IOT, for example, the whole Internet of Things. I was reading just yesterday about, I think it was 16 different threats that were specifically targeted at IOT devices like cameras, IP cameras, and things like that. How are you finding that from a Symantec standpoint with the huge surgence of IOT now? The Internet of Cows, for example.
Ronnie: How are you finding that?
Ian: In 2004, there was an experiment that was made whereby a computer that had no protection at all was put on the net, and see how long it took to actually get hacked. It took four minutes. In 2016, an IOT, a device was actually put out to see how long it took. It took only two minutes. Now, I’m thinking, “Okay, four minutes to, two minutes, that’s no big deal.”
It’s the extent of IOT devices that are actually going to be in part of our entire day. You can have IOT devices in your barbecue, for goodness sake. Self-ignition and temperature readings that you can actually do it from your phone. Point is that, in the home, there’s somewhere between 11-30 different IOT devices that generally don’t have security attached to it. It’s just actually an IP address waiting to be infiltrated.
Ronnie: I think so. Just to pause you there, I think part of the issue with that as well is that the manufacturers of these IOT devices, like a traditional barbecue manufacturer, doesn’t think security.
Ronnie: A fridge that orders its own groceries, those manufacturers just traditionally, at that part of their business, have not thought security.
Ian: Correct. It’s speed the market, obviously, was the key to them, not necessarily the strength of the security, and it has been that afterthought. We have found that if you take the Tradex run that was done quite recently, that was started off as an IOT attack. The elements that we are not considering, that the manufacturers haven’t considered until now is where we’re at that. Once again, another reflection point. At Symantec, we are saying that this is definitely a threat of the future.
How you actually deal with smart CDS, or actually how you deal with even the interaction of IP addresses that are not necessarily part of mainstream is where the threat vectors are going to be. Criminals are always looking for an easy in. It’s a bit like the house. You put the locks on it, you put the locks on your windows, et cetera. There is always going to be something that you haven’t actually have protection. Then you got a little doggy door down the back that is big enough to let something through. That’s where I think the IOT is actually buzzing itself right now.
Ronnie: If we come back to where we started this conversation, you started as an accountant. You ended up going through all different machinations, running your own business. I have a question about that. I’ll come to that in a minute. You’ve clearly landed in the right spot, there’s no doubt. My security is, you look at the different analyst reports. Security is definitely in the top three, if not number one, for every CIO. It’s right up there now. It’s an agenda item onboard. In board discussions, it’s a regular monthly agenda item to understand security posture and to understand what they can do to be more resilient.
You’ve clearly picked another great winner there. The question I do have for you though in terms of, you’ve ran your own business, and then you’ve been a senior individual in a number of other global organizations. Now, you’re running Symantec in Australia, New Zealand and the Pacific region. Tell me about the difference between running your own business and running a business within a business.
Ian: Wow, okay. How long do we have?
Ian: The decisions that you make, ultimately, it comes down to as a leader of whether you’re running your own business or running as a multinational. I believe you still have to think about what is the horizon for the next year to two years. The decisions that you make now from staffing, financing, expensing, et cetera do actually have an impact. I think you cannot escape that, whether you’re running your own business or whether you’re running a multinational.
I think that in order for you to create a culture that you start from your own business, or whether you’re trying to create a culture in a multinational, can also come back from the same genesis as well. Let me explain that. If you’re starting up your own business, you can create your own culture on the way through, which I have done in the past, in an environment where people like to work.
For example, when I moved across to Symantec, obviously, I was going through the split with Veritas. There was obviously a time whereby the culture needed a bit of a kickstart on the way through. If there was anything wrong with the Symantec culture, it was hard to find its new identity. I made a conscious decision not to bring in my friends into the organization, but rather, work with the culture that it has in order to be able to make them feel as though there’s sense of destiny over the one to two-year horizon.
I keep on talking about the three-year horizon. Even if you just break it down to one to two, was something that the staff started buying into, saying, “I can do this. I need the ability to have the autonomy to make certain decisions.” It comes back to the word, culture. Whatever you’re doing, running your own business or running a multinational. If you don’t have that, then all the best speeches in the world are going to be for naught because the team has to buy into what the region is going to be. And then you start thinking about what the horizons are, backwards from there.
Ronnie: It’s interesting that of all of the areas you could have gone with that question, it’s a very, very broad question, the part that you focused on was culture. That’s something that I am personally very, very passionate about. It’s something that I’ve driven through Insentra, being able to bring and help to create a culture. A culture that’s got us into the great places to work.
You touched on something as well. It’s really quite thematic now as we’re going through these different discussions that I’m having with people here on the couch. I had a discussion with Zrinka from Great Places to Work, he runs Great Places to Work. And then I had a discussion with Nick Ferrugia. It’s interesting, there’s definitely a theme. You’ve picked up on it too which is corporate culture is absolutely critical.
Giving people the ability to bind to a vision is the next big thing that you touched on. Something that Nick also touched on was let people get on with their jobs. Empower them and let them do what they do. That’s something that no matter whether you’re in a global, or whether you’re your own business, or you’re a subpart of another business, that’s something that’s within your control and your ability to do for at least the people that you have within your sphere of influence.
I think it’s fascinating that you’ve chosen that. For me, I’m thrilled that you chose that because that’s the thing that lights me up entirely. Tech’s great and I like tech, but culture is really something that I’m so passionate about.
Ian: I made up my mind many, many years ago. I mentioned that I worked for a company called Minkum. What I knew about mining before went to Minkum, you could fill in a cup. Coming to a company like Symantec, where my very limited knowledge of cybersecurity, it could have been seen as, “Oh my goodness, what has the corporation done to me?” It comes back to the culture, it comes back to the self-belief system.
Clearly, what is evident in Insentra and for the people I talked to in your organization, they just love coming to work. When you have that, you just know you’re onto a winning form from the beginning.
Ronnie: Absolutely. I say this, it’s not easy. It’s not easy to make a great place to work. You got different personalities, different expectations, all sorts of things. You’ve done a great job with Symantec. For someone who came in in turbulent times, there’s been enormous stability through your team. You’ve been doing your numbers quarter, on quarter, on quarter ever since the day that you arrived. Congratulations to you. I think it’s just an outstanding–
Ian: Thanks to your help in making it happen, Ron.
Ronnie: We’ve been very happy. We’ve been long-term partners now since day zero of Insentra’s business and we see that continuing, without doubt, in the future. Just to change tack entirely now and the last question I have for you. Tell us something about you that few people would know.
Ian: Obviously, we spoke about the Olympics. There are a few people who do know about that, but I tend not to broadcast that. Glad you brought that up because sometimes I can go with that. Some of the things that people are not aware has happened. When I was in high school, I always wanted to be in the army. One holiday with the parents, we went up to the Gold Coast.
Ronnie: When you’re dressing like Navy Seals or something, is this–
Ian: You would think so. I went up to Queens on a holiday. I went to a disposal store and bought a replica pistol, not knowing that you couldn’t actually bring it. This is the day when we used to drive up to Queensland, drive back down. Not thinking that you can’t bring it into New South Wales. My mother, God bless, was out shopping one day and I’ve left this replica pistol in the back of the car. She’s come back from her shopping. Suddenly, there’s police surrounding her.
Suddenly, myself, who’s at the time was a school captain as well, were then pulled out of school by the police, saying, “You’re in possession of an illegal weapon.” I had to explain the story, what was going on. Luckily, common sense prevailed and I said, “Please, take this away from me. I don’t ever want to see it again.” I’ve put that out on the net. That’s the story that not many people know about. My mom, to this very day, is still quite embarrassed about the fact that she got pulled up by this police for the possession of an illegal weapon.
Ronnie: Let’s make sure your mom doesn’t watch this.
Ronnie: Ian, mate, thank you very much.
Ian: Thank you very much, Ronnie.
Ronnie: Thank you very much for joining us. This is a great time to chat with you. I appreciate it.
Ian: Thank you.
ABOUT IAN MCADAM
Ian McAdam is the Managing Director of Symantec in the Pacific region encompassing Australia, New Zealand and the Pacific Islands. Based in Sydney, McAdam is responsible for leading and driving growth across Symantec’s enterprise security business. McAdam is also charged with growing the company’s presence and market position across the region.