1 / 10

Tips and Ideas to Help Sell Your Security Program

Tips and Ideas to Help Sell Your Security Program. Practical Lessons Learned as the Principal Security Officer in Systems at the Social Security Administration. Agenda for This Talk. Periodically, assess the health of your security program Network to maximize your resources

Gabriel
Download Presentation

Tips and Ideas to Help Sell Your Security Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tips and Ideas to Help Sell Your Security Program Practical Lessons Learned as the Principal Security Officer in Systems at the Social Security Administration

  2. Agenda for This Talk • Periodically, assess the health of your security program • Network to maximize your resources • Stay abreast of new governing directives, emerging technologies, audit reports… • Communicate with management regularly • Let KISS be the rule for all briefings and presentations to sell your security program

  3. Determine the Security Health of Your Work Environment • Know your management’s expectations – Check periodically because it is not static • Review previous audits, reviews, etc. that can help you determine known challenges • Depending on your scope of responsibility and authority, make a list of things to do and/or delegate to others based on NEED • Keep management abreast of security accomplishments/challenges/key changes

  4. Networking is Important • Establish and maintain internal/external networks – peers are a valuable asset • Find ways to partner with managers and other key people outside of security staff • When you have more to accomplish than the resources available, be creative in finding others who will benefit from project • Share the glory and show your gratitude in ways that COUNT to the recipient!

  5. Stay Informed • Maintain primary references and know where/how/who to find secondary sources • Basic KSAs are needed to perform well • Stay tuned to NIST, GAO, OMB, OIG, etc. • Keep alert about new projects, challenges, organizational changes, policies, laws, etc. • Read about new technologies/techniques • Review audit reports, security reviews, etc.

  6. Communicating with Senior Management • Communicate at the level of relevance • Communicate regularly by being creative • Focus on the business case vs. penalty • KISS test all briefings, be specific, never mention a problem without solutions, ask open questions and seek council/advice • Always include some good news • Be prepared and provide timely follow-up

  7. Selling Security • Document substantive security briefings as a security awareness activity. • Meet program/project managers regularly to assist them in assessing risks, knowing their security responsibilities, etc. • Customize interesting awareness activities to meet the needs of the audience • Be committed, enthusiastic, simplistic, and relevant to real world needs/experiences

  8. Stay Informed and Share knowledge Willingly • You may need to do homework again! • Stay focused on the business reasons for mitigating risks vs. the legal requirements • Efficient, almost non-disruptive strategies to address weaknesses are easier to sell • Seek innovative ways to teach the ABCs of security outside the classroom setting • A series of short relevant briefings may be easier to sell than a lengthy training class

  9. Concluding Thoughts • A positive attitude and your willingness to make all communications relevant are essential • Routinely sharing articles and websites of potential interest are best when accompanied by a synopsis and comment on relevance. • Communications are often better late in the day • Volunteer: join project teams, prepare briefings on security related documents, sell yourself as one who prevents, detects and solves problems!

More Related