DeVry University’s Chief Information Security Officer, Fred Kwong, shares his real-world insights on securing funding for IT security initiatives. In his experience, even if an IT expert has found gaps in an organization’s security posture, they might still face rejection for their proposal to address those gaps. It could happen for several reasons, including ineffective communication, insufficient trust or credibility between decision-makers, or using technical jargon that non-technical decision-makers cannot understand. However, by learning how to tell a good story, building better relationships, and honing presentation skills, IT security practitioners can increase their chances of securing funding to safeguard organizations from potential cyber threats.
A common mistake that IT security experts make is crafting their funding requests in technical terms, assuming that their directors are the ultimate decision-makers. However, it often turns out that non-technical decision-makers, such as CISOs or VPs, are the ones who approve the budget. Non-technical decision-makers are more interested in the risk aspect of the organization’s security posture. Hence, IT security experts must use risk as their primary language while presenting their proposals. The more they can explain the risks and highlight the significance of their project in financial, operational, compliance, and cyber risk terms, the more likely decision-makers will approve their budget requests.
Another tactic that IT security experts can use is to simplify complex concepts, translate technical jargon into layman’s terms, and use relatable anecdotes or real-world scenarios. Such methods help engage the listener and make the message more accessible, leading to better comprehension. Moreover, they should show the return on investment (ROI) to explain the value of building out their cybersecurity program.
Relationship-building skills are essential for IT security practitioners, especially when seeking funding for their projects. Establishing strong connections with stakeholders across various departments is crucial to gain support and influence decision-making processes. By nurturing relationships, IT security experts can position themselves as trusted advisors, gain insight into the organization’s priorities, and accordingly align their project proposals with business objectives.
To build relationships, IT security experts must spend some time getting to know their colleagues as individuals, as well as understand what their role is. By engaging with stakeholders, helping and sharing their expertise, and collaborating with other departments to identify areas where IT security initiatives can contribute to their objectives, they will develop trust and credibility among their colleagues.
Finally, presenting project proposals in a clear, concise, and persuasive manner is crucial to secure funding for IT security initiatives. Excellent presentation skills can help engage decision-makers, instill confidence, and effectively communicate a project’s value and impact. However, before presenting, IT security experts should know their audience, tailor their presentations to their specific needs and interests, and understand their level of technical knowledge. Using visual aids such as charts, graphs, and infographics that simplify complex ideas can also enhance understanding and retention of key information.
In conclusion, mastering effective communication skills, building strong relationships, and honing presentation skills can help IT security practitioners secure funding for their projects. By effectively conveying the value and necessity of their initiatives, IT security experts can safeguard organizations from potential cyber threats and ensure a secure digital future.