Home » Security Leadership » Metrics/Budgets

Security Budgets: Money Well Spent

When it comes to security budgets, less can be more. Here are seven tips for discovering how to squeeze every bit out of yours.

But the reality for CSOs is that no matter the size of the security budget, it never seems adequate when weighed against the growing risks and responsibilities they need to tackle. "Is it enough?" asks Greg Avesian, vice president of enterprise infrastructure and security for Textron, where the security budget increased this year. "It's never enough. I have to make the most efficient use of those valuable dollars."

We asked CSOs to share with us their strategies for making the most of their security budgets, and we gleaned their advice on the best, and worst, areas to make cuts.1 Be the Chief Self-Esteem Officer Think of it as taking a Stuart Smalley moment. Recalling the Saturday Night Live therapist who began each skit with his daily affirmation, CSOs are good enough, smart enough and, doggone it, people like them. So have the confidence in your own judgment, and push back for funding when it's necessary.

To many, CSOs are the guys who step in at the last minute and delay business-critical projects by adding expensive controls of which only they can see the value. Many suspect that their peers have internalized those perceptions, affecting their ability to push through the funding for necessary initiatives.

And because they often have military and law enforcement backgrounds, CSOs also tend to be individuals who have a great deal of respect for authority, says Marene Allison, director of global security for Avaya. "In many situations, the security person is used to being compliant, and I sometimes think we need to learn to be a little more aggressive, to toot our own horns a bit more," she says. That doesn't mean getting in the face of every executive who disagrees with you. "You don't want it known that the security director took down some executive over business continuity planning," she cautions, but CSOs have to be more forceful about pushing back on important budget issues instead of taking "no" as the last word.

Regis Becker, global director of security and compliance for PPG Industries and former president and chairman of ASIS International, was actually reprimanded early in his PPG career for being too compliant. "I have a law enforcement background, and I was told that I had an almost unhealthy respect for hierarchy," he says. Becker's manager at that time told him that he was too deferential to the chain of command and suggested that if he had a funding request he felt was critical, he should take it straight to the CEO and dispense with the often fruitless process of bouncing the initiative off a succession of underlings.