Digital transformations deliver crucial benefits to businesses and customers, but larger digital footprints mean greater vulnerability to cyberattacks or system failures. Enter Splunk, whose platform improves digital resiliency by helping businesses deflect cyberattacks and detect potential system failures, preventing potentially costly business outages. Gary Steele became Splunk’s president and CEO in April 2022, after stepping down as founding CEO of cybersecurity company Proofpoint. In this interview with McKinsey’s Martin Harrysson, Steele explains the critical need to drive business resilience from the top down, shares trends in cybersecurity and resilience, and describes how he has approached his first months in the CEO role at a company double the size of his previous one. An edited version of their conversation follows.
The increasing importance of resiliency in a digital world
Martin Harrysson: How important is it for CEOs to think about resiliency?
Gary Steele: Organizations around the world have adopted a much broader digital footprint to better respond to customers and deal with the pandemic. CEOs need to think about resiliency because of the crucial role these digital systems play in a company’s success and ability to compete; they need to be up and running 24/7 without disruption because, at the end of the day, once a digital system isn’t operational, it affects the customer and can stop the business in its tracks.
In the nondigital past, companies had all sorts of workarounds to continue operations. But when everything’s digital, you have no choice but to be resilient.
Martin Harrysson: Is there a particular example that comes to mind of a customer that’s thinking about resiliency in the right way?
Gary Steele: Many of the next-generation fintech organizations that began with a digital presence think holistically about this need for resilience, because if their systems are down, their whole business is down. They think about it much more broadly than just a cyber point of view.
Trends in resiliency and cybersecurity
Martin Harrysson: What are the big changes you’ve seen in resilience and security during the past five years?
Gary Steele: There have been several fundamental changes. First, because there are more customer-facing applications, the number of cyberattacks has grown significantly. There are more threat actors, be they state or nonstate actors, and organizations are trying to protect a much more complex environment. As a result, you’ve got a combination of more threats, a higher-threat landscape, and more digital assets to protect.
Next, organizations used to think about monitoring their applications in terms of whether they were operating or not. What’s different today is that you need to know not only if they’re up or down but also, if something failed, what caused it? Is it a cyber-related event, or is it just an application failure?
Understanding what caused an incident is vital because it directly impacts the solution. Organizations need visibility into all their digital systems to surface key risks and detect potential issues so teams or automation can respond before they become major incidents. And if an issue requires collaboration and prioritization across multiple teams, a shared understanding of the data helps teams solve problems and ultimately deliver the best experiences to customers.
For example, we focus on enabling technical teams to understand everything about their applications. That means looking at all the elements involved—including the metrics around how applications are operating, test results on the performance of websites and web pages, and analytics on logs—so that our customers can use that information to drive resilience.
Finally, the world of data privacy has fundamentally changed as cross-border movement of data becomes much more complex. You even see it within the United States, where individual states are actively working on data privacy legislation. While that’s good for the consumer, the broad landscape makes it much more complicated for organizations to respond to those laws and leverage their existing security environment to ensure they’re protecting all those digital assets.
Martin Harrysson: Are the threat actors you mentioned new ones? How have they evolved?
Gary Steele: The reality is that threat actors have been successful, whether they are private ransomware actors or state actors, and you see that success fueling additional threats. So there’s greater motivation from a threat actor point of view.
We also live in an unsettled geopolitical environment. Because of the conflict in Ukraine, I don’t think we fully understand the potential for more cyber activity from Russia. Similarly, the increased tensions between China and Taiwan add to the growing list of unknowns right now, and as I speak with chief information security officers around the globe, I think everyone agrees there is a need to be on high alert.
Martin Harrysson: There’s a lot of talk about generative AI applications right now. One use case I’ve heard about is countering cyberattacks by mimicking them and allowing security professionals to come up with a solution. What’s your perspective on that?
Gary Steele: From a defensive security point of view, the industry is already seeing very positive effects of using AI as a primary mechanism to identify anomalous behavior and quicken response time. But from an offensive security perspective, the sophistication levels of threat actors continue to grow as well. That puts more pressure on companies and how they think about their defense mechanisms. Essentially, the level of innovation is growing on both sides, and I think it’s incumbent upon all companies worldwide to be thoughtful about improving their defensive posture.
On the leadership switch: Preparing to take the reins
Martin Harrysson: You took this CEO role less than a year ago. What was that move like for you? How did you prepare?
Gary Steele: First, I took some time off. Then, for me, the most important part of stepping into this new role was really understanding the state of the company. So one of the things that I committed to on my first day was meeting 100 customers in my first 100 days. It was a pretty aggressive goal, but I met it. Spending that much time with our top customers provided increased clarity about the role that Splunk plays for them. Prior to that, as part of my onboarding, I met over a hundred employees before I even joined the company.
The combination of spending time talking to people and understanding exactly what’s happening in the company helped inform the approach I wanted to take, both where I felt we could continue to deliver great value to our customers and where we could improve.
Martin Harrysson: Could you share an example of a learning from these conversations that surprised you?
Gary Steele: One of my initial observations after arriving at Splunk was that while we were solving critical cyber problems for some of the biggest, most complex companies in the world, there was an opportunity to tighten our alignment with the leaders of those organizations.
While customer satisfaction was very high, I felt like we could be much closer to our customers. Building that obsession around customer success is something that I think is absolutely critical to this generation of the company. And there’s been no resistance to it; it just hadn’t been part of how we thought about culture.
Martin Harrysson: How, if at all, did you feel like you needed to adjust your leadership approach coming into this role—for example, either based on the culture or the larger size of the company compared to Proofpoint?
Gary Steele: Splunk has double the employees, double the market cap, double everything, but there were some similarities in how I would manage, so I’ll start with one of those. I learned at Proofpoint that it’s effective to provide direct communication from me to employees on a high-frequency basis so that employees have a direct narrative about what is going on. As an example, we have a town hall every single week at Splunk where people can ask me any question they want. In a time of change, both coming out of the pandemic and a leadership change, I think it’s important to communicate way more frequently than people think you need to.
Because of the scale of the organization, you do manage differently. You’re much more reliant upon your direct teams and more focused on managing outcomes through your leaders. But I tend to be a very hands-on person who’s engaged in the business in a lot of detail, and I still think that is important, too.
Taking care of talent
Martin Harrysson: You’ve been in leadership positions for a while now. We’ve had some tumultuous events in recent years, with the pandemic being just one of them. Has your leadership style changed based on the state of the world today?
Gary Steele: Over the course of the last ten years, I think employee sentiment has really changed. You have to be much more cognizant of the events around the world and an employee’s sentiment toward them. Ensuring that we’re supporting our employees in the views that they may have about different events around the world is super important, and I don’t know that I would’ve said that ten or 15 years ago. We’re just living in a very different world where you have lots of issues, whether it’s a pandemic issue or whether it’s—pick a topic.
Martin Harrysson: What do you find is most important in terms of attracting and retaining the kind of talent that you want?
Gary Steele: The key to attraction is having a combination of compelling problems for talent to work on, a great culture, a flexible work environment where more people can choose how they can best be productive, and an amazing mission.
On retention, one of our big focuses is on how to help people find professional development within the company, either through job rotations or making it easy to do internal transfers, so people can manage their career effectively and get a great variety of experiences without leaving the company.
Another big one is making it easy to get their job done. It sounds so simple, but it matters. If people find it hard to get their job done, that’s not fun.
Navigating an uncertain economic environment
Martin Harrysson: We’ve all seen what’s happened to software company stock prices over the past year-plus, and at the same time, we’ve seen a little bit of a rebalancing between how much companies are focused on growth and how much they’re focused on profitability. How much of your plan is about this type of strategic repositioning?
Gary Steele: When I joined Splunk, I came in with the point of view that good companies are run with balance. This means delivering long-term, durable growth in combination with increasing profitability. Frankly, I’m not a fan of growth at all costs.
I felt like the company had plenty of opportunity to improve its overall profitability profile and cash-flow-generation profile, and I got very quick alignment with the board to pursue that. So we were early and proactive about how to control our cost space regardless of what the top line looked like.
Martin Harrysson: As we get 2023 under way, what’s keeping you up at night, and what are you most excited about for the year?
Gary Steele: What’s keeping me up at night is where exactly is this economy headed? There’s a lot of uncertainty in the market, and not just in tech. Everyone has to be thinking and operating differently. At the same time, for Splunk, that presents a lot of opportunity, because we can have significant impact on our customers because the environment is so complicated and the need for digital resilience will continue to be center stage. I’m very excited about that.
