Your SlideShare is downloading. ×
0
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Getting Your Security Budget Approved Without FUD
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Getting Your Security Budget Approved Without FUD

979

Published on

Getting a security budget approved is a challenge, but it is arguably the single most important task a security leader can accomplish. This session reveals the six common factors that successful …

Getting a security budget approved is a challenge, but it is arguably the single most important task a security leader can accomplish. This session reveals the six common factors that successful CISO’s use to quantify needs and justify security budget with non-technical executive leaders. Research and data gleaned from over 40 interviews with high-profile CISO’s provide some interesting results.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
979
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SESSION ID: Getting Your Security Budget Approved Without FUD CISO-W04A John B. Dickson, CISSP Principal Denim Group @johnbdickson
  • 2. #RSAC Why Is Selling Fear So Compelling? u  Is it like selling insurance? u  The security industry is struggling for parallel models and metaphors u  FUD Distorts the Process 2
  • 3. #RSAC CEO   CFO   CIO   VP  Development   Development   CISO   Security Leaders Are at A Structural Disadvantage u  They have a staff advisory role and not a “line” operator role u  They have different world views that drive their perspective u  They talk differently u  They have less power 3
  • 4. #RSAC The Key Principles of Selling Security 1)  Exploit Pet Projects 2)  Account for Culture 3)  Tailor to Your Specific Vertical 4)  Consciously Cultivate Credibility & Relationships 5)  Capitalize on Timely Events 6)  Capture Successes & Over-Communicate 4
  • 5. #RSAC 1) Exploit Pet Projects Always bundle security into CAPEX or other critical projects as defined by the CEO 5
  • 6. #RSAC 2) Account for Business Environment Radically adapt your “Request for Resources” to your organization’s culture and risk appetite 6
  • 7. #RSAC 3) Tailor to Your Specific Vertical 7 Tailor security requests to your specific vertical, sub-vertical, & sub- sub vertical
  • 8. #RSAC 4) Capitalize on Timely Events Use near-death experiences of others to justify security spend 8 “You  never  let  a  serious   crisis  go  to  waste.  And   what  I  mean  by  that  it's  an   opportunity  to  do  things   you  think  you  could  not  do   before.”     -­‐  Rahm  Emanuel    
  • 9. #RSAC 5) Consciously Cultivate Credibility & Relationships Credibility and relationships must be established prior to “Making A Security Ask” 9
  • 10. #RSAC 6) Capture Successes & Over-Communicate Document security wins and communicate these successes so they become the new operating norm 10
  • 11. #RSAC Conclusion Successful security leaders exhibit certain consistent approaches to get their security budgets approved – without using FUD! 1)  Exploit Pet Projects 2)  Account for Culture 3)  Tailor to Your Specific Vertical 4)  Consciously Cultivate Credibility & Relationships 5)  Capitalize on Timely Events 6)  Capture Successes & Over-Communicate 11
  • 12. Q&A John B. Dickson, CISSP john@denimgroup.com @johnbdickson

×