Home » Security Leadership » Metrics/Budgets

Build Business Cases Like Steel Pistons!

Seven quick-and-dirty tricks for using numbers to strengthen your case

Likewise, make sure that PowerPoint slides are backing you up rather than repeating your entire message and then some. And most of all, make sure they're legible. Weissman has seen too many presentations where legends are indecipherable or the gridlines are impossible to follow. (Haven't we all, really? And don't they always happen right after lunch?) And don't get Weissman started on people who don't right-justify columns of numbers, leaving an inebriated-looking column of commas and zeros. "Any one of these violations of the depictions of the numbers is a distraction from the presenter and the presenter's message," Weissman says. Keep the slides simple, label charts clearly, and try to get people to look at younot your numbers.6| DO Leave something eye-catching behindA better bet is numbers that people can take away, not ones they'll squint at while you're trying to make your case. At jobs in the past, Hayes liked to hand out an annual wallet card that summarized what the security department had accomplished in the previous year, compared with what it had done in the past. (See a mock-up on Page 34.) The trifold card showed, for instance, year-to-year changes in the number of attempted virus attacks and successful virus attacks, and it highlighted the cost per hour of a full-time security employee versus a consultant. (FTEs are a bargain, of course; generally, they earn two digits an hour instead of three. So why not point it out?)

You can either create a wallet card on your own, or, better yet, try to adapt whatever kind of dashboard or scorecard is used in other parts of the business. And whenever possible, Hayes says, focus on outputnot input. "I had a senior vice president once say there's a big difference between activity and results," Hayes says. "Yeah, you were busy, but is that all you got? Lots of people are busy. What would happen if you didn't do your job?"7| DON'T Ignore the alternativesDecided that your chance of finding a ROSI is about as good as your appearing on the cover of Esquire? The ability to directly tie the work you're doing to the business goal can be a good substitute for hard-and-fast numbers. Alan Mayer-Sommer, an associate professor at Georgetown's McDonough School of Business, even believes that the popular Balanced Scorecard approach can be applied to security in a very effective way.

This business strategy, in a nutshell, ensures that every action you take ties back to stated corporate goals. You can spend lots of money on a consultant who will help you set it up, or take the quick-and-dirty approach of spending 35 bucks on The Balanced Scorecard: Translating Strategy into Action by Robert S. Kaplan and David P. Norton. "If you can show that there are certain objectives within your department that will directly help the organization achieve its broader set of objectives, then you have a basis for making a presentation to top management," says Mayer-Sommer, who gives a seminar to security pros every year through a joint program with the International Security Management Association.