It’s easy to imagine that companies stacked full of information technology experts will necessarily have terrific IT themselves. Wrong. While capable of staggering acts of innovation and excellence that reward customers, many struggle in their own IT shops – just ask Charles Southey, CIO of security software firm Sophos for the last three years.

“When I came in we needed to shore up some of the operational things to scale up the infrastructure and make sure we had a platform,” says Southey, with hint of his original Zimbabwean accent remaining.

“Because it’s a technology company you have the old cobbler’s shoes problems, and some of the internal IT was not getting the attention it should have. It was running a lot on Lotus Notes and in-house developed technologies and we had a scalability challenge. I wanted to get ahead of the game because the company has grown for 20 years without a blip and now we’re accelerating for growth.”

Since taking over at Sophos, Southey has been hard at work on making changes to that effect, standardising back-office apps and integrating tools to improve automation and collaboration. In this way, Southey hopes to support growth efforts at the Abingdon, Oxfordshire-based firm that is now established among the name brands in the fiercely competitive sector of antivirus and related programs.

“Hardware standardisation was good but I needed to build in a change of philosophy,” he says of the requirement to scale up. “It’s fine when you’re small, but [having silos for areas such as] HR, sales and technical support required a maintenance overhead.”

Part of the answer has been to use Microsoft Office 2007 as the basis of desktop standardisation and collaboration, and this has had a knock-on effect in fostering other savings, for example in the area of knowledge sharing using IM.

“Office Communicator is a big hit,” Southey says, adding that NetMeeting and Adobe Breeze are also used. “With the credit squeeze we’re taking the natural precaution of reducing the amount of travel that we did in the past. We have a large engineering team and trying to fly them around is inconvenient.”

About Sophos

Founded over 20 years ago, based in Abingdon, Oxfordshire and styling itself as an alternative to Symantec and McAfee, Sophos creates software to defend against threats such as viruses, spyware, adware, phishing and spam.
The company claims it has over 100 million end users at over 72,000 businesses in over 150 countries. For the fiscal year ending March 2008, Sophos had almost $214m in revenues, up 28 per cent on the previous year, and made a profit of almost $42m. Analyst firm IDC ranks Sophos as the largest privately-held vendor in the secure content and threat management sector.
In 2001, Sophos was named Company of the Year in the Real Business/CBI growing Business Awards.

So far, Sophos has had a good experience of audio conferencing but Southey is a little sceptical about telepresence, which requires dedicated rooms and efficient booking systems to operate at full effect.

Sophos is growing, in part through acquisitions that have resulted in the firm having a truly international presence and development centres in Columbus, Ohio and Vancouver, Canada, as well as in the UK.

Conferencing has helped keep teams in sync but other measures are also in place to ensure efficient collaborative working.

“The main benefit of flying someone in is getting the someone in your time zone so we’ve introduced nightshifts,” he says.

Making Microsoft the default choice for productivity apps and conferencing has been a boon, says Southey, but he rejects suggestions that Sophos is becoming a Microsoft shop.

“We’re bringing development teams into a single endpoint product and our development team have to act as one,” Southey says.

“With Office, the power comes in the integration through tools like SharePoint and Microsoft has pretty much won that game but we’re a multiplatform vendor and we encourage great use of multiple platforms internally.”

Charles Southey: CV

1968: Born in Bulawayo, Rhodesia

1985: Developed and marketed paint package for the Sinclair QL while at school

1990: Gained BA(Hons)/MA in Computer Sciences at Trinity College, Cambridge

1992-2001: Worked at Procter & Gamble in UK and Italy

2001-2004: Head of European IT at law firm Allen & Overy in Germany and UK

2004-2005: Interim EMEA IT director at law firm Baker & McKenzie

2005-present: VP of IT
at Sophos

Also, such are the unique needs of professional coders that the development teams themselves can to some extent go their own way.

“There are a lot of people who are technically knowledgeable but I’m not getting shoves to go down any technology route. We provide physical housing and network capacity for the labs but they’ve evolved a wide variety of special tricks that, frankly, IT can’t add value too.”

About 1500 people work for Sophos, supported by an IT team of about 80, and as that relatively large latter number suggests, the company has typically eschewed outsourcing. Even catering and security were in-house until recently.

Prior to Sophos, Southey had a mixture of vertical sector experiences. His first big job was at Procter & Gamble, the consumer goods giant that he describes as “the best management training college in the world”. He spent nine years at P&G with stints as far apart as Newcastle and Rome, where he was responsible for an early attempt at laptop standardisation at a time when the PC landscape looked like the Wild West. “I’d done some good things in the UK but I said really I should do this on a European basis – the fact that meant moving to Rome helped!”

“I went on a presentation course and I was asked to make a presentation on why we should standardise all the laptops in Europe – then someone said ‘go on and do it then’. That’s one of the things I’m most proud of. We were becoming Europeanised and regional rather than national. There were different laptops running DOS, Windows... some people even had no computer, which was a challenge! There was pushback from national IT departments. It was not what we’d done before and the cost was horrendous but I was able to control 3500 laptops with a team of five people and I was able to roll out an application in six hours.”
Southey had plenty of respect for P&G but the company was changing.

“You didn’t get hired except to be a manager and there was a mandate to promote from within. If you were there five years you were there for life but we’d become victims of our own success. We were starting to run out of things to do because everything was running pretty well.”

When P&G extended its standardisation approach across the globe, things changed, however.

“It went from exhilarating to bureaucratic and I got accused of breaching a company standard,” he recalls with a wry smile. “The guy who accused me didn’t realise I’d created the standard, which told me it was time to leave.”

Southey’s next move was to ‘magic circle’ law firm Allen & Overy, although this was a return of sorts as his father had been a lawyer in the City of London and a young Southey had helped create an early content management system.

“He said to me ‘My secretary keeps losing the documents’. I looked around his office and said ‘You seem to have a LAN and a fileserver here’ and he had no idea. It was quite typical in those days that people would sell you a piece of kit and just leave it there!”

As with P&G, A&O was growing but had large, distributed offices with very poor IT support. “IT people would fly out to fix problems, without anyone knowing what they were doing,” he says.

“My role was to get a grip on that. We had to give every office a person on the ground. They were totally lacking anyone to raise their issues to, and London was a distant place with nobody they recognised to complain to.”

Southey moved again, this time to Frankfurt, and helped create order from chaos. However, having worked at A&O’s London HQ he learned a valuable lesson. “In London, a lot of important stuff happened informally at the coffee machine or in a meeting. I learned that you need to face people and need to experience the culture to really know what’s going on.”

The CIO Questionnaire

Q. Which business books have been influential in your career?
A. Up The Organisation (now revised and republished as Further Up The Organisation) by Robert Townsend is in my opinion by far the best business book ever written. It is witty, concise and as relevant today as when it was written in the 1960s, although he is a bit down on IT. The byline, ‘How to stop the corporation from stifling people and strangling profits’, says it all.

Q. Who have been the most influential people in your career?

A. My wife, for being a great sounding board and staunch supporter (and has put up with all the relocating), and my father, for pointing out early in my career that no-one ever got promoted for keeping their head down and doing what they’re told.

Q. Do you believe in mentoring?
A. Mentoring and coaching are the bread and butter of people management: I believe your primary goal as a manager is to try to develop your people until they can do your job better than you can. Without coaching this will never happen.

Q. Which tools or tactics have given you most success in communicating up/down/across?
A. I’ve found that the most important aspect of communication in any direction is face time. If travel is constrained, use videoconferencing or webcams. Seeing someone’s face and hearing their voice builds trust and understanding, and can defuse an email flame-war in minutes.

Q. What has been your biggest mistake? A. At university I turned down an offer to join a startup being set up by Stephen Hawking’s son to pioneer CGI in films, out of a misguided sense of loyalty to the company that I had a sponsorship from. I don’t know what became of that particular venture, but I know it would have been a whole heap of fun, and I don’t need to tell you how big CGI has become.

Q. And your greatest success? A. Getting married and having four kids.

Q. What is your greatest strength? A. I think it’s that I get on well with people, have learned how to listen to them, can sense when people aren’t really understanding each other, and help to translate for them. That and being very much at home in the worlds of both business and technology.

Q. And your greatest weakness? A. I tend to give people the benefit of the doubt for too long.

Q. How do you keep up to date with the march of technology? A. I work in a tech department in a tech company, and have four kids. My problem is keeping the march of technology under control.

Q. How do you deal with stress? A. Doing anything non work-related that requires my total focus and attention, for example, I do a lot of challenging DIY projects – putting up partition walls, building tree-houses, that kind of thing. I fish, play tennis, cycle and recently I’ve started learning the guitar. I’ve always had lots of hobbies and like to have a diverse portfolio of activities on the go.

Q. What profession would you most/least like to attempt? A. Most: it’s a toss-up between politician, journalist or chef. Least: anything clerical
in nature.

Later, at another law firm, Baker & McKenzie, there was exactly the same problem, albeit on a larger scale. Somewhere along the line, Southey realised that he had discovered his metier – being a trouble-shooter. “That’s what I thrive on,” he says. “I’m not business as usual. I go in where there’s a problem and sort it out.”

That wealth of experience has, since 2005, been applied to Sophos, where he says he is able to challenge some conventional wisdom about IT management.

Take ERP, for example. “At P&G when we brought in SAP it was seen in the market as something one does, but there’s no real driver for us to do that at the moment at Sophos,” he says. Instead, the firm relies on a locally developed, little-known piece of software for managing relationships with partners – Oxford-based Foundation Network’s RelayWare.

He also says that he has “no religion” about the achingly trendy web-based on-demand generation of software but will continue to pick the right tool for the job at the right price.

Why the move to Sophos?

“A&O had been a Sophos user,” he says. “I had a yearning to get into the tech sector because it’s fast moving and an intriguing place. It’s very important to me to have an affinity to the business. At P&G we got exposed to consumer goods and I know more about pricing of diapers than I ever wished to know! It was trickier at the law firms – if you’re not a lawyer, it’s trickier to get into it.”

At Sophos, Southey and his team can also play a part in providing feedback to product developers.
“We’re only one customer but I’m often asked about my experience,” he says. “We run all our own products and we upgrade more frequently than other people and we are aiming to be an example of best practice. There are real-world problems we have here.”

Southey says that this close awareness of Sophos products, together with exposure to the big, bad world of life outside the firewall has helped make Sophos more aware of challenges that other enterprises face every day. Being able to feed back information helps make Sophos a better support to customers.

Southey adds that he spends as much time thinking about pure business as pure technology and that he can help the company by detecting buying patterns and through sifting for other “secrets” held in the company’s data.

Sophos is a company at an interesting juncture: UK-based, growing but not a giant and still punching above its weight in competing head-on for business against some real heavyweights.

Or, as Southey puts it: “We’re not as big as Symantec or McAfee but in corporates it’s closer – and this a company going places.”