The process security leaders need to get the funding and support you want

Getting the funding and support you need to create and operate a successful security program is a process. Here are the steps successful security leaders follow and how you can get started.

1 process

Getting funding and support is a process

Successful security leaders count on support and funding in order to provide the services and drive projects that create value.

It’s important to distinguish between budgets and funding. Budgets tend to be line-item actions and amounts, decided in advance. The process of budgeting often feels mysterious, the final result sometimes limiting.

The key is funding. Most organizations, including yours, has funds available to invest in ways that solve problems and create value. The key is making the case that the available funds are better spent on the effort at hand than something planned, an action already-in-progress (cut your losses), or doing nothing.

This slideshow lays out the process for you to get the funding and support you need to build a successful security program.

2 help

Get Help

One of the things successful security leaders understand is the need to ask for help and learn from others (link). This is essential when it comes to making the case for funding.  

This may surprise you, but start with your CFO. Not only do they want to help, but they have insight into funding sources and opportunities within the company. You can also look for newly minted MBAs, team members with a growing interest in economics, and others looking to use a different set of skills to help you make your case.

The key is collaborating in a mutually beneficial way. Get some ideas on engaging with others here: Tapping into overlooked talent to improve your security career

3 prioritize

Prioritize (and demonstrate alignment)

If everything is a priority, then nothing is.

When it comes to making the case for funding, dispassionately consider the priority of your need. After assessing the priority for your team/efforts, broaden your view to consider the priority for the organization.

The more aligned with addressing a business priority, the more likely your case for funding will meet with success.

You can read more about how to help decision-makers properly assess priority and allocate funds here (link).

4 map out

Map out how you compare to others

“How are we doing relative to our peers?” is a common and valid question. In fact, if it isn’t asked, it should be. The answer provides insight into the challenge, how the industry is (or isn’t) handling it, and the relative risk of pursuing the recommended course of action.

Understanding position relative to others is also motivating.

Few people want to be behind the curve. Too far in front of others typically means using less proven solutions. They tend to be a bit more expensive (in part due to the learning curve) and carry more risk. Most executives seek a position of action on the leading -- not bleeding -- edge of the curve. Leading others generally represents the right mix of investment risk and reward.

The more candid and accurate your ability to answer this question and use it to frame the risk/reward of moving forward, the more likely your chance of success.

Read more here: Answer these 3 questions if you want to get your security projects funded

5 explain

Explain how this improves your condition

Leaders focus on creating value by improving conditions. Managers focus on time and materials, count hours and collect deliverables.  To be recognized as a leader, focus on how the funds (not the budget) drive improvement.

While the concept of return on investment (ROI) stirs a lot of emotion for security folks, the underlying need to map the outcome to the investment - by any means - is essential.

Successful security teams support the business. The investment in security needs to demonstrate a result to the business. This doesn’t mean learning to compute a complex ROI analysis. Instead, aim to cogently answer this basic question: how does spending this money improve our condition and create value for the organization?

Read more here: Answer these 3 questions if you want to get your security projects funded

6 translate

Translate from technical to functional

Most of your colleagues aren’t versed in technology like you. They don’t need to be. Leaders aren’t concerned about technical and minute details. Your role as a security leader is to capture, distill, and translate the relevant aspects.

The key is to share what the audience needs to know, not everything you know. It takes time and effort to capture and demonstrate the outcome that benefits the business -- and leaves you flexibility to get the right solution in place.

Focus on shared experiences and describe -- through the right security story -- how the proposed solution impacts people, solves the problem, and increases value.

Read more here: Which security story are you telling?

7 balance

Consider the balance

The way we practice security is changing for the better. As we adjust for our “prevention bias,”  more organizations are allocating budget (and attention) to detection and response.

Track spending across all three areas (these broad buckets are fine) to get a sense of percentage of allocation. Measuring the outcomes relative to investment in these three areas provides a wealth of insights into what is working and where to focus. Over time, you’ll discover the blend of prevention, detection, and response that works best for your organization.

Read more here: Do these 3 things to get the security budget you want

8 build case

Take the first step and build the case for funding

If you need something to improve your security program, make the case and ask for it. It’s a mistake to confine yourself to a budget. Worse is not asking.

Find more success when you make it easier for decision makers with funding to consider your request and support your efforts.

Follow the process, enlist some help, and make a compelling case to create value. Then guide your colleagues on a journey to understand the priority and opportunity -- in the context of the organization.

Copyright © 2015 IDG Communications, Inc.

Related Slideshows