Security pros must be master negotiators to gain executive support

Share this article:
LONDON – Professionals in charge of protecting data and limiting risks at organizations must be tactful in how they approach executives and ultimately "sell" their strategy.

A panel of current chief security officers at the annual InfoSecurity Europe conference being held this week said adequately engaging the C-level suite is just as important as creating a security strategy.

"The business is there to make money," Avtar Sehmbi, head of information security and risk management at Centrica, a British utility company, said during Tuesday's panel discussion. "If you are heading a security department, you are selling what you're doing in terms of risks. Having an engagement strategy is quite crucial."

While it's no secret that communicating the needs of the IT security department to executives to gain high-level support is essential, the challenge is speaking "the same language," said John Meakin, CISO of the marketing and international banking division of RBS.

Just as with any other type of enthusiast, information security professionals tend to talk at length about the intricacies of the discipline, leading listeners to lose focus, Meakin said. One of the greatest lessons he has learned in his career is to communicate in a way executives can comprehend.

"99.9 percent of people don't speak the same language as security geeks," Meakin said. "The key challenge for CISOs is to be able to speak convincingly in a language that mere mortals can understand."

The overarching goal for any security professional is to have high-level support. However, in order to reach that they must correlate how security investment meets the risk and growth strategy of an organization, Matthew Ford, information security offer at consumer goods company Reckitt Benckiser Group, said.

"It's the CISO that has to step forward and give [executives] the common framework and common language," Ford said. "Taking communication one step further [means] using negotiation and influencing skills."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

More exploits, including Silverlight attack, packed in Nuclear kit

More exploits, including Silverlight attack, packed in Nuclear ...

Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.

Researchers discover Tinba variant with 64-bit support, other tricks

Researchers discover Tinba variant with 64-bit support, other ...

Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.

Policy violation letters trick SMB workers into downloading malware

Bitdefender researchers detected an uptick in computers infected by Zbot via dozens of ARJ-compressed files.