This talk will aim to teach senior engineers and first-time managers how to sell security to the business. Security teams are frequently forced to do more than they want to with less than they would like. This talk will walk attendess through the process of selling projects to the business, from first conception of the project through to the start of execution.
Identify Your Targets
- Think like the business - Approaching business leaders with technical justifications is often a mistake. We’ll cover how to know your audience, where this information can be found, and how to frame your security outcomes in business terms.
- Understand your environment - Who are the real decision makers, and who influences them? Is your organization top-down or bottom-up? Who can you recruit to your cause that aren’t security people?
Arm Yourself with Knowledge
- Enlist Allies - Now that we know what data we need to bring to bear to make a compelling case, where do we find this data? Who better to help with this than our service providers, vendors, and industry leaders?
- Metrics - There is no better data than the data that is from your company. Gather metrics from your existing programs.
Making the Sale
- Create an attack plan - Go after your identified targets in order.
- Create a short pitch presentation. Basic presentation strategy.
- Ask for what you want - All of the work and effort put in does nothing without asking for what we want.
There will be a template for creating this type of pitch strategy made available to attendees
