Everyone is in sales. Most of us don’t even know it, but we are doing it everyday.
If you work in an IT security capacity, no doubt you are constantly pushing (selling) for improvements in technology, processes and policies that will help you to do your job more effectively. You’ve probably had your share of frustration in helping those executives or other personnel at your organization who manage the purse strings to understand the value that you are working to add.
Here are three tips that can help you to better communicate the challenges you are facing and assist you in showing the value you can add to your organization.
1. Show Them That IT Security Is Critical to the Success of the Core Business
BizTech magazine recently published an excellent article entitled Why Every Business Is in the Business of IT Security. In this article, the author uses a great example of how he got push back from execs when attempting to address glaring IT security needs. Management insisted that they were in the business of making widgets not the business of IT or security.
Last time I checked, Zappos was in the business of selling shoes and clothing. Do you think, after the recent compromise of their systems, that the execs at Zappos are telling their IT security people they’re in the shoe business not the IT security business?
No way! Right now the execs at Zappos are getting a crash course in intrusion prevention, secure web gateway, data loss prevention, and other IT security solutions. Now would be a great time to use Zappos as a case study to show your execs how the business of your organization could be brought to a screaming halt due to weaknesses in your IT Security policies and systems.
2. Use Language that Will Help Them to Understand the Risks You Face Instead of Acronyms and IT Security Terms
Terms like DLP, FINRA, PCI DSS, SWG, and the like are not going to create the desired effect on most executives. Telling them that “we are at risk of having our intellectual property stolen” is going to spark a more productive conversation than telling them that “we need to put a DLP solution in place”.
Telling them that you are not compliant with legal regulations that could allow the government or other governing bodies to shut down the business will go much farther than wading through the vagaries of IT specific jargon.
3. Use Real World Events (Especially Current Cases) to Build Solid Presentations of Plans to Mitigate Your Risks
Spend time to build intelligent presentations on your organizations risks and plans to address those risks. You will be taken much more serious if you present your case or findings in a more formal manner than by dropping by an executive office for an impromptu conversation.
Take time to gather examples from real world companies that have been compromised. Use that data to draw comparisons to risks that your organization has, and build a case for implementing the needed fixes in terms of hours and days of lost productivity or thousands and millions of lost dollars.
Even a small slide deck presentation with a half dozen slides will show that you have taken time to make an important point. Without going overboard, the effort you put into the presentation will lend credibility to your cause and cause others to take your proposal more seriously.
Call this a shameless plug, but realize that their are outside resources you can leverage to help you build your case. A good IT security solutions provider will be glad to engage and help you to gather data and build your proposal. They will see it as an opportunity to build rapport with you and earn your business by helping you to solve your problems.
A qualified IT security solutions provider will have experience gained from many other customer engagements that will help you to not only prepare your proposal, but help you to get the right solutions as well. There is value to be had from using the experience of others to avoid making mistakes that others have made. Take the time to consult with someone who has already been where you are going.