Download as PDF, PPTX
Uploaded byDenim Group
Getting Your Security Budget Approved Without FUD
The document discusses strategies for security leaders to secure budget approval without relying on fear, uncertainty, and doubt (FUD). Key principles include exploiting key projects, adapting requests to organizational culture, tailoring communications to specific sectors, building credibility and relationships, leveraging timely events, and documenting successes. The conclusion emphasizes that successful security budget requests are grounded in proactive and strategic engagement rather than fear tactics.
More Related Content
Similar to Getting Your Security Budget Approved Without FUD
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
Getting Your Security Budget Approved Without FUD
- 1. SESSION ID: Getting YourSecurity Budget Approved Without FUD CISO-W04A John B. Dickson, CISSP Principal Denim Group @johnbdickson
- 2. #RSAC Why Is SellingFear So Compelling? u Is it like selling insurance? u The security industry is struggling for parallel models and metaphors u FUD Distorts the Process 2
- 3. #RSAC CEO CFO CIO VP Development Development CISO Security Leaders Are at A Structural Disadvantage u They have a staff advisory role and not a “line” operator role u They have different world views that drive their perspective u They talk differently u They have less power 3
- 4. #RSAC The Key Principlesof Selling Security 1) Exploit Pet Projects 2) Account for Culture 3) Tailor to Your Specific Vertical 4) Consciously Cultivate Credibility & Relationships 5) Capitalize on Timely Events 6) Capture Successes & Over-Communicate 4
- 5. #RSAC 1) Exploit PetProjects Always bundle security into CAPEX or other critical projects as defined by the CEO 5
- 6. #RSAC 2) Account forBusiness Environment Radically adapt your “Request for Resources” to your organization’s culture and risk appetite 6
- 7. #RSAC 3) Tailor toYour Specific Vertical 7 Tailor security requests to your specific vertical, sub-vertical, & sub- sub vertical
- 8. #RSAC 4) Capitalize onTimely Events Use near-death experiences of others to justify security spend 8 “You never let a serious crisis go to waste. And what I mean by that it's an opportunity to do things you think you could not do before.” -‐ Rahm Emanuel
- 9. #RSAC 5) Consciously CultivateCredibility & Relationships Credibility and relationships must be established prior to “Making A Security Ask” 9
- 10. #RSAC 6) Capture Successes& Over-Communicate Document security wins and communicate these successes so they become the new operating norm 10
- 11. #RSAC Conclusion Successful security leadersexhibit certain consistent approaches to get their security budgets approved – without using FUD! 1) Exploit Pet Projects 2) Account for Culture 3) Tailor to Your Specific Vertical 4) Consciously Cultivate Credibility & Relationships 5) Capitalize on Timely Events 6) Capture Successes & Over-Communicate 11
- 12. Q&A John B. Dickson,CISSP john@denimgroup.com @johnbdickson