DXC Security exec: Yes, I'd have thought we'd spend more on certs and laptop kit for staff, too
Boss makes staggering admission during conf-call to discuss impact of latest cost purge: $60m to be cut from infosec division
Exclusive A senior exec within DXC Technology's global security practice has acknowledged his staff's "puzzlement" at the company's reluctance to fund examinations for infosec certifications.
Dean Clemons, global SC&C services leader at DXC's Offering division who reports to Mark Hughes, jumped on a conference call with staff on 19 March to inform them there will be no let-up on the expense purge: $60m worth of costs are to be squeezed out of the Security division in fiscal 2020, starting 1 April. He also fielded questions from staff on the wider impact of cost reductions on buying new work kit and on keeping up their qualifications.
Even if you are impacted [by redundancies] months down the road, you will know in your heart of hearts that it wasn't for want of jobbing: keep working hard...
Company insiders estimate some 400 heads will roll in the Security business unit during the course of the coming financial year, equating to 8 per cent of the 5,000-strong workforce employed in it.
In a Security, Consulting, Interrogation and Compliance Town Hall meeting, attended by thousands of people in the division – and The Register – Clemons began by reading a disclaimer that "will keep me out of trouble with Work Councils if I misspeak here because a lot of this is fluid. [There are] a lot of dynamics around performance ratings, business alignment, business success or aspirational success."
He said CEO Mike Lawrie and CFO Paul Saleh had decided the Offering division – one of three in DXC, the others being Build and Deliver – needs to jettison $200m worth of costs.
"We (Security) are the largest group, you can imagine we have a big chunk of that, and our cost takeout intent or objective here is $60m of cost takeout for the Security Offering Group. To do that there will be a lot of structural changes," said Clemons.
Former DXC Technology veep accuses 'toxic' CEO Lawrie of bullying staff in lawsuitREAD MORE
I know I said cost-cutting was over, but...
This was a bit of a climbdown for the exec, who admitted that during one of the previous town hall sessions he had told Security personnel he thought much of the cost-cutting actions were done.
"I was simply wrong," he said. "I didn't have the view for FY20, nor what the Wall Street analysts were expecting from us for market share. If you are tracking our market share, I think the market share is up slightly but the price of share has gone up fairly consistently now. The analysts see that we are making the right moves in their mind for the business."
Wall Street seemingly loves businesses cutting costs to maximise profits.
A general reorg at DXC Security has already taken place, with one source telling us it was "precipitated primarily by a thinning of middle management", and juggling people into different spots. More sweeping changes are on the cards to reach that $60m target.
"What's weird is that the emphasis is all on cost reduction. We hardly ever hear any talk about increasing revenue, but maybe they beat the sales folks with a stick," said one of our legions of DXC insiders.
Staff in the Security division told us the performance review is under way – staff get told of their scores on 31 March – and all the talk of cutting costs cast those discussions in a certain light.
Many employees have not had pay rises for three to four years, either at CSC, HPE ES, or since those companies merged and started trading at DXC in April 2017, sources claimed.
On the conference call, Clemons highlighted four priorities for DXC Security in the soon-to-start financial year: the first is to create "Integrated Solutions" rather than operating in silos, a structure that is "not resonating with the market".
Other include moving from a "practice specific" setup to one based around "broader industry verticals", plans to "re-emphasise" the areas of Security that are more profitable (no details on this yet); and make a bigger push around Platform DXC, a methodology of how services are delivered.
Clemons said DXC Security is a "great business to be in" and that it is "very dynamic". He then launched a tub-thumping rhetoric designed to rouse the troops and make everyone feel like they are in control of their own destiny.
"We make decisions on lower-cost centres," he said. "We make decisions on the labour pyramid index, who we hire consistent with our org structure and objectives. We make decisions on who to submit for promotion because of their ability to handle more responsibility. We control the message to the accounts and the clients, that is all on us. Our success is dependent on ourselves and I find that exciting."
Clemons further added he was aware of the "elephant in the room" – the "sense of vulnerability" staff feel due to the planned redundancies.
"And I get it's an elephant in the room because we are seeing some of the labour war-room activity around cost takeout; it is a little unsettling. It is a little nerve-wracking in part because we've been doing this Q over Q since the end of Q2 now," said Clemons.
"Remember I joined this organisation in August, so literally every day since I've been here, we've been in some activity around the sense of this elephant in the room of cost takeout."
The advice he gave to staff to counter this nervousness? "Just keep on jobbing," he said.
"We know if we stop and we are reluctant to explore, innovate, then we are dead in this business. If one is not changing and grows intolerant of the dynamic then we are dead. We just won't survive in this innovative world, so here is my answer: just keep on jobbing.
"Even if you are impacted months down the road, you will know in your heart of hearts that it wasn't for want of jobbing: keep working hard, innovate, bring solutions, bring recommendations, how do we improve our business."
Three-quarters of the way into the hour-long conference call, Clemons started to field questions from staff, one of the early ones specifically on training for consultants as it relates to professional qualifications and security certifications.
He admitted DXC had been "really slow" to get its act together by forcing staff to seek "RTA (Request for Travel Authorisation) support" for conferences and to attend exams.
DXC Technology utters words 'hiring' and 'digital' 105 times in Q3 earnings car-crashREAD MORE
"I think we have the language specific for RTA [to] exams and certifications, now we have that more clear but it isn't as robust as some of our competitors. Some of our competitors are grandly – even if it is a secondary or tertiary certification, they will pay for it outright. I think DXC, we recognise the importance of it and we encourage self study.
"I found it surprising in that we were not paying carte blanche for certs that are fundamental to our business – CISSP, CISM, ISO 27000. We are revisiting that."
Clemons said more investment was being funnelled into security certs around IoT and the cloud "to look after the priorities".
"But I fully recognise the puzzlement of people in our business cocking their head sideways and going 'What the heck?', because our competitors do it much more grandly than we do. My view, and I'm an old guy, most of you can tell, so we've got to do better there," he added.
Training? We've heard of it...
Historically, both CSC and HPE paid for workers to attain and maintain certs – including CISSP and CISM.
"The trend over the past few years has been on offloading those expenses to employees," said a person familiar with the setup at DXC. "The whole situation is not clear – I hear some people are paying out-of-pocket, and others have managed to get it through the expense systems."
He claimed that with the exception of training from the DXC University (aka Skillsport), "paid training is virtually impossible to obtain, and employees are expected to upgrade skills on their own time".
Staff at DXC's Security practice are ill-equipped in other ways too, it seems, judging by a question on the conference call that centred on laptop refreshes.
"We cannot do this more poorly," said Clemons.
He told how Peter Usherwood, director of security consultancy for the UK, Ireland India and the Middle East, had requested a new laptop because his model is five years old, doesn't run newer apps and has "latency in it".
"What I would say is don't wait. Keep raising those [purchase orders]," said Clemons. "There is some delay, some hesitation, but in the end game, people end up with the right equipment. It might take longer than it used to. Those of you who were in HPE and CSC, there was a different strategy. Cost takeout and cost awareness does add interesting behaviour for things like that but don't stop doing it, just keep pushing them. And Peter, I approved yours yesterday."
The process to get a new PC at DXC is to file a request via the ServiceNow platform, which needs to be signed off by a line manager or Clemons himself, otherwise the request is immediately rejected.
CSC, years before it merged to become one-half of DXC, halted its regular refresh cycles, a source claimed. Some staff are still being upgraded to Windows 10, we also heard.
Most Security staff are not given work mobiles or printer and some "employees gave up" on DXC's internal procurement department to provide equipment and "use their own PC", a DXCer said.
"DXC has no idea where confidential customer information is stored," our contact claimed.
DXC axes Americas boss amid latest deck chair musicalREAD MORE
It is understandable why some folk within DXC's ranks are disillusioned with senior management. One told us: "It's all about stock prices. Spend on marketing, send execs to the RSA show and keep putting lipstick on the pig, while gutting delivery to cover for lack of revenue.
"Employees and customers suffer. Executives put more money in their pockets. The sad part is that this could be an awesome company. There are still some bright, hardworking people left. But not for long."
DXC continues to struggle to offset declines in its legacy outsourcing business with newer revenue streams, including cloud and application services.
The company started out with 170,000 employees in April 2017 but at last count, several months ago, this was down to 130,000. This included the departure of a great many former HPE execs. ®
Sponsored: Becoming a Pragmatic Security Leader