Interview: McAfee’s new chief executive

Dave DeWalt, the new chief executive of security firm McAfee, talks about the threats facing enterprises, the security industry and his plans


On Monday 2 April at 6am, Dave DeWalt stood in front of McAfee's Texas offices to greet employees with coffee, doughnuts and a handshake. "They were wondering, 'Who's the guy in the suit?'" says the former EMC vice president who became McAfee's chief executive that day.

But it will take more than a hearty handshake to win over the market for IT security buyers, which is DeWalt's plan. The executive sees his company as well positioned to become the dominant player in the security industry, given McAfee's breadth of offerings, army of researchers and alliances in the greater technology industry.

As the market matures, DeWalt believes am increasing number of enterprise and consumer customers will turn to McAfee for its range of products, rather than pick, chose and stitch together offerings from smaller, less-stable vendors. No doubt executives at Symantec feel the same about their company's opportunities, and DeWalt acknowledges he faces formidable competition.

On day three at his new job, DeWalt talks about why he took the position, where the security industry is going and where McAfee fits in.

What interested you about taking the helm at McAfee?

A lot, but the foremost factor was the security industry itself. It's a market segment that's very dynamic, very fluid. It's a consolidating market, but it's still got a lot of growth opportunity. There's no single, dominant vendor. We want to be the vendor who can drive the strategic agenda of the security marketplace, to be the pure-play dominant provider of security.

Do you believe it will be tricky to lead a company with a dual focus on consumer and enterprise?

Yes, there's no doubt. But what makes this a little less of a balancing challenge than it may appear is the same products we sell to the consumer we sell to the enterprise. It's not like there's a different set of products for each market segment, with some exceptions. I have products that are very elastic and go from consumer to enterprise, so that becomes a more scalable and power model.

The security market is consolidating. Where does McAfee fit?

Every major market segment goes through periods where they go from best of breed to best of suite, or I like to call them, the Little Six to the Big Three, until you have a couple of gorillas in the space. Look at the database market: how many database vendors did you have in the beginning, 15? Now there are three. I went to the RSA Conference [in February], and there were 2,000 vendors, companies I'd never heard of and so many that do the same thing.

McAfee probably had the most powerful balance sheet at the show, and there's lots of opportunity to expand the footprint of the company. A lot of analysts believe this market will mature to the point that most enterprises and consumers are going to look for packaged suites, and they need trusted advisers for their [security] problems. With 2,000 new threats every day, would I trust this to a start-up company? Not really.

Everyone has their opinion of where we're at in the consolidation of the security game. There's a very predictable maturation process. The last two to three years we've seen a very big growth in the underbelly of security that results in thousands of security companies, but the market won't sustain that.

Is security becoming commoditised?

Security will be everywhere. It's going to be a critical component to IT infrastructure moving forward for every type of device platform. But it's changing dramatically so it's almost impossible to commoditise the components of it. Security in the last few years has largely been relegated to PCs.

Now we've got mobile devices . . . storage is still a nascent security market, and the world of network security – bringing a lot of technology into switching – is a nascent market. Maybe parts of the market commoditise with basic functionality, but it's so dynamic and changing with the number of threats and challenges happening and the complexity of infrastructure, I don't think you'll get to [commoditisation] any time soon.

Will the compliance frenzy settle down once organizations get used to regulatory frameworks? Eventually does compliance just become a part of doing business?

I think a lot of companies are going to get to the state where compliance is a part of doing business, but not everyone is there yet – the market is very young. Not many companies have a records infrastructure, not many are able to prevent data leakage, and IP protection is a problem for any company that has supply chains overseas. So most companies aren't there yet. There's not a public company in the world that won't face making compliance a fabric of how they do business, and they will have to get there over the next couple of years.

What will be the most important security initiatives for enterprises during the remainder of this decade?

Establishing a policy infrastructure with a delivery infrastructure that complements it. Getting this delivery infrastructure in real time to deliver new signatures and stay ahead of new threats, but to also expand the amount of security you deliver to include compliance and reporting. The next wave of enterprise security will be a complete ubiquity of infrastructure that will allow you to get real-time updates of patches, manage policy reporting and compliance reporting. It's a very early market, but it's an important one.

Another one is going to be the consolidation of features in unified threat management at the network level. Enterprises are looking more and more to say: 'Take the VPN firewalling capability and combine that with antivirus and some filtering with a suite of services that also does some packet analysis . . . and can we get it in real time?'

What keeps you up at night?

I'm probably most worried about the shifting consolidation [in the security industry]. Right now I have a very clearly defined competitor. In the future that might not be as clearly defined, as other large vendors may want to enter the [security] market. Clearly, Cisco and others have begun to make their direction known, while not yet competing with us in the bulk of our business. But I don't think [Cisco chairman and chief executive] John Chambers is shy, nor do I think Oracle, HP and IBM are shy.

What keeps me up at night is [the thought of] waking up and reading about a large acquisition that creates a new competitor for me that's larger in scale than me. I was encouraged when I saw Cisco buying WebEx.

I'd like to see them buying more companies like WebEx and not more companies in security. But that's probably what worries me most. I feel like I have a window of opportunity here to help drive this company and be the consolidator before a larger competitor can enter the space.

"Recommended For You"

Insights from McAfee Focus McAfee security chief talks business