To Justify Your InfoSec Budget, “Aim for the Back of the Head”

Security

As my boxing coach used to say, if you want to punch someone in the face you need to make it count and “aim for the back of the head” – follow-through is everything.

Aim for the back of the head

This may sound like completely useless advice in modern-day information security, but let’s look beyond the concussion into the reasoning behind that bit of wisdom.

As an information security leader today, if you walk into your yearly budget planning meeting armed with statements like “heightened threat levels in cyberspace” and “preventing petabyte DDOS attacks,” you’d be lucky to get enough money to restock the vending machine outside the server room.

Traditionally, businesses have grown to see information security as a cost center – they know it’s needed, but they’re not quite sure why it costs so much. The information security person reports to the CIO, and the CIO reports to the CFO or maybe the CEO, but data security concerns are rarely at the leadership level unless there’s been a breach – at which point you’re the person most likely to be shown the door.

You may need headcount and appliances to achieve your goal, and to get those, you’ve got to “aim for the back of the head” the next time you’re planning your budget, demonstrating how these changes allow the business to achieve its goals.

Security is an enabler – not a feature or a product. It’s far more than just hardware and software that you’re protecting – it’s the wealth of the business and the livelihood of every employee.

This isn’t drama for drama’s sake. You’ve got to communicate those facts to get results.

*For the full article, including four key steps to making your case for an infosec spend actually stick, check out my piece on LinkedIn! It might help you “aim for the back of the head” yourself!*

Follow-throuh

About Nader Henein

A staunch advocate of Data Protection and Privacy, Nader brings over two decades of tactical experience in the architecture, development and management of secure, scalable systems. He has worked in a wide range of organizations from startups to multinationals allowing for both depth and breadth of experience focused on enabling business without compromise of corporate security or individual privacy. Today, his role hinges on providing solutions to current challenges faced by BlackBerry’s strategic customers in banking, governance, security and beyond.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus