Q&A: Future McAfee CEO Chris Young On New Products, Spinout From Intel And Cybersecurity In The Election

Young On The Record

Focus 16 in Las Vegas this week was all about outlining the investments around products, business operations and messaging that will pave the way for the company's independent path forward as McAfee in the months to come. In an interview with CRN at the event, Intel Security Senior Vice President and General Manager (and soon to be McAfee CEO) Chris Young talked about what those investments mean for partners, and how the company is looking to transform its strategy and road map to drive better security outcomes for customers and the industry overall. Young also talked about the upcoming election, and how cybersecurity needs to play a key role in the public conversation going forward.

What are some of the key takeaways from Focus 16 when it comes to the separation from Intel?

Certainly, I'll talk about our new future as a stand-alone company under the name McAfee and what that means for everyone. … We are going to unveil a new logo as well for the company McAfee. That will be really powerful and really cool for all of our customers, partners, friends in the media and employees who are tuning in online. That's a really nice symbol of the future for us, even though until April we're still Intel Security so we have to operate under that. But we're getting ready for that.

Intel Security is rolling out a bunch of new products here at the event – can you talk about those?

You heard from [Corporate Vice President of Global Products] Brian Dye [pictured] about all the different things we're doing on our endpoint suite, our Dynamic Endpoint, our cloud capabilities, our data center capabilities, and our threat management capabilities. I'm really proud that over the past year all the investments we made: We're up over 21 percent year over year in engineers, 25 percent more product managers, we have more customer-facing people in support, we have 19 percent more professional services men and women … and we're adding another 11 percent to that team in the next couple of months. … It's really exciting this year to be able to show the results of all that work, which results in pretty much a major release across every part of our product portfolio. That is something we have never done in the history of this organization. That is something that is really exciting and powerful for us. … We're not just delivering point products. We're really going after automated, use-case-driven, workflow solutions to really help customers get to outcomes, as opposed to saying we have a widget that's better than this other widget that they should use in some way.

What do these new releases signal about the future road map coming under McAfee?

You saw us last year at Focus talk a lot about integration and integrated capabilities. We used to have Security Connected as one of our core taglines, where we're bringing together the different components of your security architecture and a lot of focus on total cost of ownership. Those are all very important. This year, you'll see the next phase in our evolution, which is about automated solutions and those use-case-driven workflows. … As we look forward with our vision and our road map, you'll see us deliver on that orchestrated vision through doubling down on our investment in cloud, doubling down on our investment in analytics, introducing new capabilities like human machine teaming, which we think is really powerful. … Getting this human machining model right is going to be critical to a truly orchestrated cyberthreat defense architecture. That's really what I'm excited about as we exit this conference and we go into the next year, to take our automated capabilities and drive towards a more orchestrated model.

How much of this new strategy is enabled by the spinout from Intel?

I view the standup of McAfee as a stand-alone company as an accelerator. Yes, everything we're announcing we've been working on and we're still Intel Security today. The value that we will deliver to partners and customers right now is value that's being delivered to them under Intel, but we view ourselves as a stand-alone company as having the opportunity to accelerate even faster. There's something to be said for companies that are completely dedicated to cybersecurity as a core mission at the company level. While it's incumbent on all of the platform players to be part of our solution set, as an industry we need people who focus on this problem every day, when they wake up in the morning and when they go to bed at night this is what they are focused on. We will be one of the biggest and we will be the best for our customers.

How are you positioning Intel Security/McAfee to handle that transition from a business perspective?

That's a big part of our focus for 2017. We have changed our training model. We are going to much more rapid and dynamic training, for our sales teams, our technical teams, for our partners. We are moving away from the more punctuated training models to drive more rapid-fire training. We are introducing a series of new programs … and that's based to enable our partners to evolve with us and our portfolio. Then, it's really about getting our partners hands on with the technology. One of the things I talk to our partners about is that the average customer will be behind us at least a few versions when we release Endpoint 10.5. We need our partners to work closely with us and our customers to bring the customers forward on the new capabilities that we've got so they can have a better threat defense architecture.

How will you integrate that strategy with third-party technology partners?

Those automated solutions and that orchestrated future is not just about our own products and capabilities, it's about bringing together the different products and solutions that our customers use from our industry partners. We have more than 125 partners industrywide. We've added a tremendous amount of partners over the course of the past year. … Underpinning a lot of it is opening up DXL. If you think about it, we're putting our money where our mouths are when it comes to threat intelligence sharing, automated capability. … Opening up DXL is just our first step in our contribution to the industry model that we think is going to be critical for our customers to get the value and the outcomes that they need. It is going to take all the excuses off the table for our industry and, frankly, for our customers to truly integrate their security architectures. I'm going to give a call to action for the industry and our customers to pick up DXL, use it, and really get after an automated, integrated and, ultimately, orchestrated cybersecurity architecture, as opposed to my best-of-breed widgets. … The world is going to expect something different and we're delivering that.

Why is that next step in the evolution toward automation and orchestration important for partners and customers?

If you think about the talent shortage that we have in our industry, our customers need better automated solutions to deal with the challenges that they've got because they simply don't have enough people to throw at the problem anymore. If I think about where we're going and where we're headed in the future is to go from automated to truly orchestrated solutions, where you orchestrate multiple automated workflows in a way that cybersecurity architecture is dynamic, it's resilient and it can flex with your infrastructure. The way, increasingly, our customers are trying to flex their infrastructure is they go to cloud, they connect more devices, they bring new data centers online and test new business models. … If you put it in the perspective of the customer, they don't have enough people, they have a lot of attacks coming in their direction, it's unclear where those attacks are coming from and going next, and their infrastructure is more dynamic. … You have to have a resilient orchestrated infrastructure to really deal with, or to really extend, your cybersecurity program into the future with where we're going.

Are most of your customers sophisticated enough when it comes to security to implement this strategy? Or are they still getting there?

We've begun the process a while back. You can even go back to June at our partner conference in Florida, where we were talking to our partners about the solutions. ... We're not waiting until this event to tell our partners about our new stuff, we've been bringing our partners along the whole way so as they show up at this conference we've got these announcements and no one is surprised. Many of them have been preparing for this and we've started to train some of them on it. Most of the partners I talk to are very excited about where we're headed.

What can partners expect between now and April when the deal closes?

We're business as usual. My goal is for it to be stay business as usual when we become a stand-alone company. Our partners are key to our success and our customers' success. As we cut over to become a stand-alone company, we are working feverishly to make sure there is minimal to no disruption in anything that they need to service customers and transact business. That's what's important.

How do you look at the dialogue that's happening around security in the election?

I won't endorse any candidates. … No. 1, cybersecurity is going to need to be a top agenda item [for the next president]. Certainly, when President Obama was elected the first time, cybersecurity was nowhere near the top of the agenda. It wasn't a fault of his, just as a society it wasn't there. Now, whoever the next president is is going to need to be [focused on cybersecurity.] It's become a top priority for the Oval Office and for Obama, but when we look forward into the next president this is going to have to be one of the top issues that they deal with. Cybersecurity – we keep saying it is something that can play a role in the election. Some people are saying we should treat the election's infrastructure like critical infrastructure so we can do a better job of protecting it against cybertampering. I think most importantly cybersecurity needs to be at the top of the agenda for our next president.

What would you like to see the next administration do around cybersecurity?

I continue to call upon our government to play an active role in developing the next generation of professionals we're going to need to deal with the problem. Whether it's in the military, law enforcement, people that might come into the private sector after they learn, I think governments around the world possess the scale and the impact to deal with problems like a broad-based talent shortage in a critical industry such as ours.

Education is going to be important. Seventy percent of the people that we survey, because we have a big consumer business as well, they don't even know what ransomware is. Seventy percent. It's kind of mind-boggling. Ransomware is a big deal – it's the fastest-growing cyberattack out there right now. It's affecting consumers pretty broadly. I think one of the reasons it's not more well-known is because you don't have to report a ransomware attack because it's not a data breach. I think education will be important because as computing becomes more pervasive in our physical existence, cyberattacks are just going to become more present for all of us.

Is there a role for companies like Intel Security to work together with the government to help educate them on these problems?

We do. We do a lot of sessions where [Intel Security CTO] Steve Grobman, myself, many others participate in government forums. I'm on the National Security Telecommunications Advisory Committee, which is a presidential appointment. That's one of the ways I'm participating in working with the government around some of these problems we face in cybersecurity. We do briefings. We are very active with, not only the U.S. government, but governments around the world in working with these problems. Raj Samani, who is one of our CTOs in EMEA, does tons of work with government agencies in Europe. He's done a tremendous amount of work around ransomware. … Those are just some examples of many where we're working closely with governments around the world to make an impact on this problem. … This problem is never going away. Public-private partnership will be important in perpetuity, I think.

You're talking a lot about the 'Second Economy' at Focus – can you explain that?

We wrote a book recently called the 'Second Economy' and I'm going to talk about that book and some of the ways the things we point out about that economy are becoming more and more pertinent to the overall cybersecurity problem. … You don't have to go back very far to when cybersecurity was just a back-office function of IT and the C-suite wasn't pay attention to what's going on in security and not en masse. … Now, cybersecurity is a top-of-mind agenda for CEOs, for boards of directors and it will be a top-of-mind agenda for our next president. … The 'Second Economy' is about bringing those non-cybersecurity practitioners into the fight with us, by bringing them stories, anecdotes in plain language that will help them understand what we're dealing with here. Not just what we've dealt with in the past, but where we're headed in the future. … [The book is] giving people a framework, a way to process this, because this hasn't been part of the mainstream and it hasn’t been part of the dialogue – or it hasn't been but it is increasingly becoming such.

Looking back at 2016, what do you look back as some of the seminal events or takeaways from the year?

I think the attack on Dyn a couple of weeks ago will be critical. I think that's pivotal. We've been saying as an industry for a while now that connected devices would play a role and open up a whole new surface area for attack. I think for the first time we really saw the role of connected devices in a large-scale cyberattack.

I think the election – what we've seen with exposed emails and the calls for better protections for the election infrastructure are pivotal in the role cybersecurity is playing, not just in protecting data in corporations but in our mainstream society.

I think this is the year where cybersecurity really has moved mainstream. It is obvious to everyone that it is impactful in their own life. It's not just something that happens on their computer or in a data center or in the cloud, it's impacting our lives. … Cybersecurity, three or five years ago, was a back-office function of IT. Now, boards of directors and CEOs are paying attention and people are spending money. People are paying attention and there's lots of dialogue around it.