Security pros must be master negotiators to gain executive support

Share this article:
LONDON – Professionals in charge of protecting data and limiting risks at organizations must be tactful in how they approach executives and ultimately "sell" their strategy.

A panel of current chief security officers at the annual InfoSecurity Europe conference being held this week said adequately engaging the C-level suite is just as important as creating a security strategy.

"The business is there to make money," Avtar Sehmbi, head of information security and risk management at Centrica, a British utility company, said during Tuesday's panel discussion. "If you are heading a security department, you are selling what you're doing in terms of risks. Having an engagement strategy is quite crucial."

While it's no secret that communicating the needs of the IT security department to executives to gain high-level support is essential, the challenge is speaking "the same language," said John Meakin, CISO of the marketing and international banking division of RBS.

Just as with any other type of enthusiast, information security professionals tend to talk at length about the intricacies of the discipline, leading listeners to lose focus, Meakin said. One of the greatest lessons he has learned in his career is to communicate in a way executives can comprehend.

"99.9 percent of people don't speak the same language as security geeks," Meakin said. "The key challenge for CISOs is to be able to speak convincingly in a language that mere mortals can understand."

The overarching goal for any security professional is to have high-level support. However, in order to reach that they must correlate how security investment meets the risk and growth strategy of an organization, Matthew Ford, information security offer at consumer goods company Reckitt Benckiser Group, said.

"It's the CISO that has to step forward and give [executives] the common framework and common language," Ford said. "Taking communication one step further [means] using negotiation and influencing skills."
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.