Security pros must be master negotiators to gain executive support

Share this article:
LONDON – Professionals in charge of protecting data and limiting risks at organizations must be tactful in how they approach executives and ultimately "sell" their strategy.

A panel of current chief security officers at the annual InfoSecurity Europe conference being held this week said adequately engaging the C-level suite is just as important as creating a security strategy.

"The business is there to make money," Avtar Sehmbi, head of information security and risk management at Centrica, a British utility company, said during Tuesday's panel discussion. "If you are heading a security department, you are selling what you're doing in terms of risks. Having an engagement strategy is quite crucial."

While it's no secret that communicating the needs of the IT security department to executives to gain high-level support is essential, the challenge is speaking "the same language," said John Meakin, CISO of the marketing and international banking division of RBS.

Just as with any other type of enthusiast, information security professionals tend to talk at length about the intricacies of the discipline, leading listeners to lose focus, Meakin said. One of the greatest lessons he has learned in his career is to communicate in a way executives can comprehend.

"99.9 percent of people don't speak the same language as security geeks," Meakin said. "The key challenge for CISOs is to be able to speak convincingly in a language that mere mortals can understand."

The overarching goal for any security professional is to have high-level support. However, in order to reach that they must correlate how security investment meets the risk and growth strategy of an organization, Matthew Ford, information security offer at consumer goods company Reckitt Benckiser Group, said.

"It's the CISO that has to step forward and give [executives] the common framework and common language," Ford said. "Taking communication one step further [means] using negotiation and influencing skills."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.