As my boxing coach used to say, if you want to punch someone in the face you need to make it count and “aim for the back of the head” – follow-through is everything.
This may sound like completely useless advice in modern-day information security, but let’s look beyond the concussion into the reasoning behind that bit of wisdom.
As an information security leader today, if you walk into your yearly budget planning meeting armed with statements like “heightened threat levels in cyberspace” and “preventing petabyte DDOS attacks,” you’d be lucky to get enough money to restock the vending machine outside the server room.
Traditionally, businesses have grown to see information security as a cost center – they know it’s needed, but they’re not quite sure why it costs so much. The information security person reports to the CIO, and the CIO reports to the CFO or maybe the CEO, but data security concerns are rarely at the leadership level unless there’s been a breach – at which point you’re the person most likely to be shown the door.
You may need headcount and appliances to achieve your goal, and to get those, you’ve got to “aim for the back of the head” the next time you’re planning your budget, demonstrating how these changes allow the business to achieve its goals.
Security is an enabler – not a feature or a product. It’s far more than just hardware and software that you’re protecting – it’s the wealth of the business and the livelihood of every employee.
This isn’t drama for drama’s sake. You’ve got to communicate those facts to get results.
*For the full article, including four key steps to making your case for an infosec spend actually stick, check out my piece on LinkedIn! It might help you “aim for the back of the head” yourself!*