Executives want value out of every dollar spent. Demonstrate value and increase your chances of being funded.
Scale is a compelling rationale in conversations with
executives. Getting more spend for a cyber security program means scaling the
program beyond just the cyber security team. Scale demonstrates value
If a cyber security program is essentially the team,
security can only scale to the ability of team to do work. And if the work of
that that team is to secure business processes, the work is far larger than any
team can handle.
You see the tactical problem that more heads are needed, but perhaps don’t see
the strategic problem.
Add a team member. Add a linear increase in productivity.
Add a disruptive incident or unplanned work and there is a corresponding
decrease.
Linear scale becomes linear expense.
A potential band-aid on a broken leg.
An alternative is to include business process owners in the
security program. The folks that will share in the work of securing their
processes. IT processes. Non-IT processes. All of the processes. To the
standards established by the security team. Under the governance of the
executive team.
Not just in formal committee meetings or compliance checkboxes. Real participation.
Then you have scale.
Add a team member to define more standards and engage with more
business process owners. The program will be able to measure more outcomes.
Add a disruptive incident or unplanned work and the real
work of the security program continues unabated.
Same expense. Exponential scale. Less friction.
With secure outcomes fostered and facilitated by the cyber security
team.
One that has a chance of keeping up.
Follow me on Twitter for discussion and the latest blog
updates: @Opinionatedsec1. Or, start your own discussion using
#crazygoodcyberteams on twitter or Linkedin and I'll read it.
SEE ALSO
No comments:
Post a Comment