Published on March 11, 2014
SESSION ID: Getting Your Security Budget Approved Without FUD CISO-W04A John B. Dickson, CISSP Principal Denim Group @johnbdickson
#RSAC Why Is Selling Fear So Compelling? u Is it like selling insurance? u The security industry is struggling for parallel models and metaphors u FUD Distorts the Process 2
#RSAC CEO CFO CIO VP Development Development CISO Security Leaders Are at A Structural Disadvantage u They have a staff advisory role and not a “line” operator role u They have different world views that drive their perspective u They talk differently u They have less power 3
#RSAC The Key Principles of Selling Security 1) Exploit Pet Projects 2) Account for Culture 3) Tailor to Your Specific Vertical 4) Consciously Cultivate Credibility & Relationships 5) Capitalize on Timely Events 6) Capture Successes & Over-Communicate 4
#RSAC 1) Exploit Pet Projects Always bundle security into CAPEX or other critical projects as defined by the CEO 5
#RSAC 2) Account for Business Environment Radically adapt your “Request for Resources” to your organization’s culture and risk appetite 6
#RSAC 3) Tailor to Your Specific Vertical 7 Tailor security requests to your specific vertical, sub-vertical, & sub- sub vertical
#RSAC 4) Capitalize on Timely Events Use near-death experiences of others to justify security spend 8 “You never let a serious crisis go to waste. And what I mean by that it's an opportunity to do things you think you could not do before.” -‐ Rahm Emanuel
#RSAC 5) Consciously Cultivate Credibility & Relationships Credibility and relationships must be established prior to “Making A Security Ask” 9
#RSAC 6) Capture Successes & Over-Communicate Document security wins and communicate these successes so they become the new operating norm 10
#RSAC Conclusion Successful security leaders exhibit certain consistent approaches to get their security budgets approved – without using FUD! 1) Exploit Pet Projects 2) Account for Culture 3) Tailor to Your Specific Vertical 4) Consciously Cultivate Credibility & Relationships 5) Capitalize on Timely Events 6) Capture Successes & Over-Communicate 11
Q&A John B. Dickson, CISSP email@example.com @johnbdickson
SESSION ID: Getting Your Security Budget Approved Without FUD . CISO-W04A . John B. Dickson, CISSP . Principal . Denim Group . @johnbdickson
The abstract for this talk is: Getting a security budget approved is a challenge, but it is arguably the single most important task a security leader can ...
Getting a security budget approved is a challenge, but it is arguably the single most important task a security leader can accomplish. This ...
Share FUD C# Backdoor. ... Getting Your Security Budget Approved Without FUD Getting a security budget approved is a challenge, ...
... holder using your SIA badge, a circumstance which without your prompt ... Getting it out in the open ... which your SIA security badge ...
... is treated in federal budget ... Security benefits without someone paying Social Security payroll ... You are exiting the Social Security ...
View 795 Fud posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn.
Budget Estimates & Related Info ... How You Apply; You're Approved; ... If you qualify now but you stop working under Social Security, you may not continue ...
How Nonprofits Take Action: Getting Board or ... In order to comply with the law and maintain your ... are usually handled by staff without board ...