Monday, April 28, 2014

New Blog

Hello there, followers!

I am starting a new blog that focuses more on information security. Please check it out! junksec.blogspot.com

I have also migrated to @stevehigdon for Twitter and +SteveHigdon for Google+. Please update your contacts lists.

Saturday, January 18, 2014

Wednesday, December 11, 2013

4 Ways to Sell Security Expenses to Business Executives

image from: corporatementors.in
One of the most challenging parts of being a security administrator is asking for more money, especially when it appears as though everything is working fine. The old adage comes to mind, "If it's not broken, don't fix it."

Unfortunately, this philosophy can be disastrous in the security world. New technology acquisition is often much easier for the CIO than for the CISO for one simple reason: business executives like new, shiny toys. They don't however, like to invest in technology that they are unable to see and play with.

For this reason, you must always address new security capability procurements in business terms that executive management understands. In other words, you have to show them the money. The following are 4 ways of getting business minded people to see the benefit of making security expenses that they do not fully understand.

1. Create a "What If" Scenario: This suggestion is often the easiest, especially since the most of the associated research is has already been performed if you are an active and aware security professional. Compile a list of the most recent vulnerabilities and exploits, whether they pertain to your organization or not. Then, take the data from your business continuity and disaster recovery plans (hopefully they are up to date and accurate) to calculate the amount of money lost each day when information and information assets are not available. Many times this kind of scare is enough to continue the conversation.

2. Capitalize on Competition: Business executives are always trying to compare their business with similar organizations because they do not want to be driven out of the market. On that same note, they often enjoy a good story about their competition's shortfalls. Find some similar organizations around the world that have suffered from security incidents, especially those that have lost a considerable amount of money. When you give this presentation and provide a solution, it can easily be seen as a win/win. Not only does it look like you are a better security professional than what the "other guys" have because it did not happen to your organization, but it also gives the executives an opportunity to make a decision that will give them a leg up on other members of the industry. Business people like to think that their company is an industry leader. All you have to do is give them an opportunity.

To put a cherry on top, it might be a good idea to reference the same profit loss data as in the previous suggestion when comparing against the competition.

3. Do Your Research: Nothing turns business people off more than speaking with someone who has no business sense. If you are unable to show a positive return on investment (ROI) for the procurement, they can feel like you have wasted their time. For this, make sure that you don't just research solution capabilities, but also the associated costs. Another tip is to only suggest solutions that fulfill the current need, along with projected organizational growth and near-term future requirements. It is fine to go up a size or two when buying a winter coat for your child, but it might be a waste of money to splurge on an adult large that they will never grow into.

Make sure you do research and find the best return on investment

4. Role Identification: When all else fails and you are sure you are absolutely right, it might be a good idea to remind your executives that ultimately they are the information owners. You are doing your job by identifying the problems and presenting solutions, but it is their responsibility to approve or disapprove the security measures. It is also their responsibility to protect their information. If a security incident occurs that would have been avoided if they chose to approve your suggested investments, it won't be your picture on the front page of the newspaper.

This is a bold step, but it has the possibility getting your recommendation funded AND changing the way they look at the security of their organization's information.

These 4 ways to sell security expenses to business executives could help you make your organization more secure, avoid security incidents, and ultimately keep your job. If you have any suggestions or additional tips for performing this task, please let me know in the comments section down below and I might add them to the list.

Read, Love, Comment, Share!

Sunday, November 10, 2013

20 Thoughts of an American Who Cares



1. I think hard work and responsibility should be rewarded.

2. I think that there should be fewer programs for helping people without insurance, jobs, or homes because more likely than not it was their own poor life choices that put them in whatever situation they are in to begin with.

Rob Davies, http://www.redbubble.com
3. I think that if we eliminated or suspended these programs, it would force members of the next generation to make better decisions and plans for their lives.

4. I think the biggest problem in our country is not our government, but our national culture.

5. I think the jealousy that many lower and middle class Americans have for the “Rich” is absurd and discourages ambition.

6. I am not a Republican.

7. I am not a Democrat.

8. I think the two party system of government in our country causes much more harm than any one person ever could.

9. I want to see political candidates who are options because of their leadership abilities, not simply because their party thinks they are most likely to win.

10. I could certainly be wrong, and I welcome that possibility with the hope that whoever is right will succeed.

11. I think social programs should exist, but only after our culture has changed for the better. Otherwise, they will continue to be abused.

12. I think all government benefits should require voter registration, if not also participation.

13. I want change that works and I think that involves a swift kick in the rear for most Americans.

14. I think it is sad that many Americans don’t understand how percentages work when it comes to taxes.

15. I think “facts” I learn on TV are spin until proven to be truth through actual research.

16. I don’t tell my kids that everything will be okay because that won’t be the case if they make poor choices.

17. I don’t like that I am supposed to feel empowered by the fact that I went to public school and my parents didn’t pay for my education, yet my kids will likely be criticized for “having better opportunities”. Whatever happened to creating your own opportunities, like I was forced to do?

18. I am hopeful for my children’s future because I focus on teaching them how to be good, hardworking people. They will automatically have a leg up on their peers.

19. I am not raising good kids. I am creating responsible, successful adults who (with any luck) will care about their community, their country, their children, and the future enough to stay informed.
 
20. I am afraid that there aren’t many other Americans like me.

Thursday, October 10, 2013

Congressional Lesson: Case for a Third Party


image from politico.com

During the last presidential election, I tried to spread a single point across my personal social circle as well as social media. Everyone seemed to be focused on reelecting President Obama or Governor Romney, but almost nobody was looking at the alternatives. I said it then, and I still say that the two party system of government in our country has the capability of doing far more harm than any one man ever could.

Now we find ourselves in a government shutdown and on the path to “falling off the fiscal cliff.” We want to blame our federal government, but what could we have done differently? Did we not vote our leaders into office?

People are often afraid to commit to any third party often because the simply doubt a third party could ever be as popular or powerful as the Republican or Democrat parties. That is the beauty behind this concept. 
Third parties never have to be the majority in order to be effective. They simply have to be strong enough to make sure no single party has over 50% of the House of Representatives or the Senate.

This scenario would help to eliminate the deadlock that is often associated with party line voting in Congress. It is up to us. We have the ability to change the future for our children and grandchildren. 

What do you guys think?