How to Talk to Management About Security: Part 3 of 3 – Guest Blog

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!
This entry is part of a wonderful series, [slider title="Talking to Management"]Entries in this series:
  1. How to Talk to Management About Security: Part 1 of 3 - Guest Blog
  2. How to Talk to Management About Security: Part 2 of 3 - Guest Blog
  3. How to Talk to Management About Security: Part 3 of 3 - Guest Blog
[/slider]

In this third and final Installment, Chris Hayner sums up his recommendiation on

 

How to talk to management about security

Specific strategies for talking security

So it’s finally time to ask for approval for your project. What are the best ways to get your ideas across?  How can you get show senior management the importance of your project without alienating or boring them to death? Here are a few essential elements of a successful business presentation.

You should:

  • Speak clearly and explain the issue in basic terms. Do not try to impress them with technical language.
  • Avoid business language as well. Managers talk to one another in Management Speak. If you start spouting off about ‘revolutionary’ ‘shift paradigms and the like, you will just come off as patronizing.
  • Stress that information is the life blood of an organization. Protecting customer data, employee data and intellectual property has got to be a priority.
  • Remind them that the majority of security issues come from within the enterprise. This is often a glaring hole in the security structure that is easy to overlook from the boardroom. This can get managers interested quickly, providing a springboard into the rest of your presentation.
  • Identify project goals and attempt to define ROI.  No manager on earth will sign off on a project that doesn’t have concrete goals to justify the cost of the project. Try to include charts and graphs, if applicable, as graphical information is easier to digest than abstract numbers.
  • Show case studies of where security failed, and what it cost other organizations. This will remind managers that while no one ever got a raise for not getting hacked, plenty of people have been fired for security breaches occurring on their watch.


Be prepared to back up your assertions with data and case studies, but don’t fill a presentation with needless slides just to fill time.  Be prepared to answer questions, and try to anticipate as many as possible. Practice your presentation so you don’t stumble or lose the flow.  All senior managers are by necessity practiced speakers, and you need to sound professional in their company.

Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *


*