Tom Conway, a Northern Virginia native, has for the past 25 years worked in the federal IT arena for companies like Northrop Grumman and others around the Beltway. He currently serves as director of Federal Business Development at McAfee. Here, he shares what it takes to be a successful government partner, his take on the recent M&A surge, and how he cherishes the rare moments when he can unplug.
ExecutiveBiz: What do your current duties entail?
Tom Conway: I'm the director of Federal Business Development at McAfee. I've got a small team of people and we look at where our customer base in the federal is going over the next month to four years down the road. We're attempting to track all of the changes that are going on from the Cyber Command being stood up to the Comprehensive National Cyber Initiative to Einstein, budget environment, legislative environment, etc. There may be mandates coming from all of these bills on the Hill to address the government's need to step up its security, as well as the private sector to do the same. My responsibility is to be the eyes and ears of Public Sector; look at market direction, priorities, funding and partners.
ExecutiveBiz: Were you busier during the National Cyber Security Awareness month?
Tom Conway: Yes. I was at the DHS kickoff meeting and participated in the event via simulcast. The main event was in Seattle, where Howard Schmidt spoke along with the deputy secretary of defense. I was here in Crystal City at the partner facility, where it was simulcast. Greg Schafer from DHS, Chris Painter who works for Howard Schmidt and some other folks were there, so it was sort of a bi-coastal simulcast, which is a neat way of doing it.
ExecutiveBiz: Looking at the success McAfee has had, what is the recipe to being a successful government partner?
Tom Conway: I think in our case it is focus. We are focused only on security. There are big companies that dabble in it that have a small percentage of their business in security. At the other end of the spectrum, there are some very small, innovative companies out there that are security focused but lack the R&D. We're successful because of our laser focus, 20 years of experience, and because we address security better than anybody else. Whereas some of these big players may be in one or two aspects of the market ““ McAfee is in the majority of them. Our success in D.C. based on is applying those advantages to the federal space in a unique manner. There is a lot of that directly translates from commercial to federal, but there is an equal amount that is unique. You've got to really understand the government perspective. In addition, I and a lot of my colleagues have had some level of DoD experience and therefore carry some level of security clearance.
ExecutiveBiz: What is your take on the recent M&A surge?
Tom Conway: It goes in fits and spurts. In the early “˜90s, the defense industry went through a huge consolidation. It seems like the IT industry is starting to do that as well, but I think you are always going to have the big companies and start ups because the barrier to entry it is minimal in the IT industry. You have a couple of smart people and all of a sudden, you invent a Facebook. It's nothing new. Every 10 years or so, you see a flurry of activity, things calm down, and then a host of new companies emerge because people like to go to new settings or start their own small business. A couple of years later, they are Google, they are Facebook, or some other innovative technology company. I wouldn't say it is good or bad. It is normal.
ExecutiveBiz: From a business perspective, what areas are you looking to grow within the next year or so?
Tom Conway: We see security as really spreading amongst all of the devices that are connected to the Internet these days. Ten years ago, everybody went from desktop computers to notebook computers. Today, we're heavy into the transition to mobile devices. Five or 10 years from now, you won't ever touch your computer; everything is going to be your smartphone, if it isn't already. And it raises a big challenge: How do we take that mobile productivity and make it secure in an enterprise manner? In addition, $20 billion in federal stimulus money that is starting to be spent on promoting electronic health records deployment in the U.S. How do you do that securely? That has a lot of very sensitive, very personal information. I understand why they want to automate. I want them to automate, because it is going to help contain costs, but I want them to do it in a secure way. I think protecting health IT, protecting critical infrastructure like the power grid to someone's house is going to be the big task. How do we secure that? Those are all areas of threat potentially to someone who is trying to do us ill.
ExecutiveBiz: Health IT is a new market that McAfee is looking into?
Tom Conway: We've verticalized coming into this year. Under Mike Carpenter, who owns McAfee Public Sector, we formed a health vertical that will address that from the federal level all the way down to the private providers like hospitals and such. As I mentioned before, McAfee Public Sector is also standing up a critical infrastructure business unit to go after that piece of the market, looking initially at automating the smart grid. We are still very busy with the traditional DoD, civilian and other segments, as we are seeing the growth of devices that are being connected and therefore need to be protected. Our CEO says our addressable space as of right now enables McAfee to touch 5 billion endpoints worldwide. But within the next five to 10 years, that number is going to be 50 billion, because all of these new devices are going to be connected.
ExecutiveBiz: You guys are going to be busy.
Tom Conway: We are always busy, because the threat doesn't sleep. The threat volume is going up tremendously, the attack means are going up and the level of sophistication and risk are going up. Why? Because we are automating everything. If you are sick and you go to the doctor's office and they probably have a paper record, but it’s paper and it’s there. Imagine if it is all digitized and someone takes down your doctor's office or the health network? You can't get treatment. What if you really need treatment? They don't have your medical records. They don't know what past history you have, what medications you are on. Everything has become very mission critical. It started with the DoD, and it's grown out to the civilian, government and all of that. Everything is becoming mission critical, because everything is just in time now.
ExecutiveBiz: What are some of the business practices you employ in the current economic environment?
Tom Conway: You have to stay focused on your customer, not yourself. When the economy is tough, there is usually a major shakeout in the industry. I think that ties into your merger-and-acquisition question as well is that the strong tend to survive and the folks that are really not strong, or not focused, tend to perish. Go back to basics. Taking care of your customers is number one. Make sure they are getting everything they need and prepare them for what they are going to need next year. Buckle down but always be looking for areas to grow beyond your current customer base. Look for like customers that you can extend that same infrastructure to, because on the Internet, if I'm secure and you're not, I'm not really secure either because they will come through you to get at me. We're all in this together. We all need to raise our collective game in terms of security.
ExecutiveBiz: There is a lot of talk about doing more with less. How do you achieve that?
Tom Conway: That is one of the keys to security. We've seen a lot of companies dabble in security. You need to have a lot of different types of security, but your budget is not growing at the same level that the threat is and the agencies' workforces are not growing that extent either. Start integrating what you have and as well as new technologies that you are bringing in. We are in all areas of the security market but are driving it all to a single-management console – whether you are managing your desktop, smartphone or protecting critical data in your infrastructure. You can control most, if not all, of that from a single pane of glass. This means you don't need to train five people in five different management consoles. You can do it with one person. We helped DISA deploy the Host Based Security System for DoD – extending advanced security for five to seven millions of devices that are being controlled by very few places. They are really doing more with less by basically having fewer management layers and having the management layers that do have provide more breadth and coverage.
ExecutiveBiz: Looking back at your own career, what is the best advice that you've gotten?
Tom Conway: I forgot who told me this, but they said in this world there are three types of people: There are people that make things happen, there are people that watch things happen, and then there are people that wake up and go, ‘what just happened?!’ Be the first. It's not good to be the second or the third. Be the person that makes things happen. Lean forward and be creative.
ExecutiveBiz: If you weren't in business development, what other career would you consider?
Tom Conway: While I did my undergraduate work at James Madison down at Harrisonburg, Va., and my MBA at George Mason University, I probably would have broken down, listened to my parents and went to law school like my dad did. I've come from a long line of law enforcement, where people went into law or law enforcement. My dad is a retired attorney and my late uncle was a judge in California. I've also had a number of uncles who were detectives in various police forces. They were also in security, the traditional security side. The key there is you are really trying to prevent things from happening. If a crime has occurred a good cop or good lawyer will admit that something has failed. What you want to do is prevent bad things from happening.
ExecutiveBiz: What kind of law would you go into?
Tom Conway: That's a good question, because I haven't even thought that far.
ExecutiveBiz: Criminal law?
Tom Conway: There are lots of different areas of practice. My father was in regulatory law. My uncle was a judge, obviously. I've got other uncles who are in insurance law. It's a pretty broad subject.
ExecutiveBiz: What is something most people would be surprised to hear about you?
Tom Conway: I live my life sort of WYSIWYG – what you see is what you get. I don't tend to surprise a whole lot of people, because I am who I am. I guess I say what I mean and I mean what I say.
ExecutiveBiz: What do you do when you don't work?
Tom Conway: I like to hike ““ get out in nature, especially during the fall when the temperatures get really nice. I go up in the Virginia mountainside and hike; Blue Ridge, Appalachian Trail. I like to get out and off the grid. I went on vacation two weeks ago earlier in the fall. We rented a lake house and literally, I got off the grid. I did not connect, or answer phone calls. I got off the grid for a week; let my mind settle in a little bit and recharge.
ExecutiveBiz: For a week, you didn't use your cellphone or laptop?
Tom Conway: I wouldn't go that far. I wasn't tethered to it. I had them there, so that when I would come in off the lake at night, I would see what came in. I didn't respond. I monitored in case there was an emergency. I wasn't tethered to it or it wasn't tethered to me.
ExecutiveBiz: That was a nice experience?
Tom Conway: Yes, it was very nice. I just literally sat and relaxed and also swam in the lake, fished and boated. It was that week when we had those 90 degree temperatures, so it was beautiful and quiet. It's like going to the beach after Labor Day; the weather is still nice, but there aren't a whole lot of people there.
ExecutiveBiz: That was probably your last opportunity to go to the lake?
Tom Conway: Yes, I think so, especially with the weather turning as cool as it has the last week or two.