Andrew Hay is the CISO at DataGravity where he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.
Maneuvering Management Madness
Why do practitioners have such a hard time convincing their management team about the value of investing in security training, tools, and other initiatives? Is it because they’re too stubborn or busy to take the time to assess the concerns or is it more likely that you haven’t found the best way to communicate the threat to the business in a language that they understand?
Business leaders have implemented their own language, much of which was learned in business school, to better communicate with shareholders, board members, partners, and peers. Unfortunately, this language is often as foreign to most security practitioners as yours is to them. So what can practitioners do to better communicate with management?
This session will discuss several tactics to help convince your management team that your concerns are valid with examples on how to justify requests for headcount, procedures, policies, and human, tool, and training investment.