Are you getting the respect – and budget – you believe you deserve when it comes to network security? Do you feel like your environment is truly resilient? If security is fine and dandy and you have complete buy-in and support, I want to meet you, shake your hand, and learn the specifics of how you’ve reached this pinnacle of IT. On the other hand, if there’s some room for improvement in and around security in your business, there are a few things I’ve learned over the years that just might be what you need to get management on your side and your security program on track.
Here are the three main things you have to do in order to get the right people on board – and keep them interested in security for the long haul:
Nothing is easier than solving the wrong problem yet it happens a lot with security. Many people believe that continually forcing their ideas upon management or acquiring more and more technology is the way to succeed in security. There couldn’t be anything further from the truth. As new security ideas and needs arise, introduce them slowly over time, in terms of the business. Never forget that people do things for their reasons not yours. Phil McGraw once said, “If I’m going to sell Bill what Bill buys I’d better see things through Bill’s eyes.” Your executives need to be able to digest what you’re proposing and understand how it fits in with their goals.
Focus on these areas and I know the results you’re looking for will emerge. Continue studying sales, persuasion, and negotiation techniques. As philosopher George Santayana said The wisest mind has something yet to learn. You may know a lot about security but you can’t afford to be the person in IT that management doesn’t respect. In the end, like practically everything else involving human beings, it’s all about relationships.
About the author
Kevin Beaver, CISSP, is an information security consultant, expert witness, writer, and professional speaker with Atlanta-based Principle Logic, LLC. With over 25 years of experience in the industry, Kevin specializes in performing independent security assessments in order to help business executives understand their information risks that actually matter. He has written 11 books, over 700 articles, and over 100 guest blog posts on information security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Kevin is the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver.
Receive notifications of new posts by email.