While security teams are tasked with securing their business’s people, operations and assets, they’re often faced with resistance from internal stakeholders when establishing their program budget. For security leaders to successfully defend their funding, they must effectively communicate what security vulnerabilities are costing the business, know how their program supports each department, and learn how to counter common objections.
In our recent webinar, a panel of security experts shared valuable insights on how to get key stakeholders to understand why proper funding is critical to protect their organization’s assets, employees and bottom line while ensuring business continuity.
Ontic’s Vice President of Security and Intelligence, Chuck Randolph, hosted the panel comprised of Arian Avila, VP of Enterprise Safety and Security at Capital One, Bert Oliveira, Head of Physical Security and Investigations at Citizens Financial Group, Corey Vitello, Sr. Director of Safety and Security Strategy at Roku, Inc., and Eduardo Mills, Director of Security Risk Management at Gartner.
Below are some of the key takeaways from the webinar.
What are some specific ways corporate security teams can start positioning themselves as a strategic department that supports the overarching business roadmap?
Oliveira: As security professionals, it behooves all of us to – if you haven’t already – start to establish those key strategic partners within your organization, especially groups like legal and HR. That way when it comes to decision time for them, you’re engaged right at the beginning to demonstrate the value and impact of security components. You want to be aligned with those business leaders by ensuring you are an intelligence lead connected to your risk assessments.
What are some of the key factors that make receiving the financial backing you need possible?
Avila: The times I was successful when making an ask, it was inclusive of what’s happening external to the organization and what’s happening to the business. I was more intentional with my ask. I did the homework, gathered research, pulled the reports, and understood what the problem was, and what the outcomes were. Also, it’s important to remember that doing nothing is also an option. Show the risks and benefits of each option and give your opinion. Be really crystal clear about which balls are going to drop and what is going to be impacted by each decision.
Mills: Have your response to each potential answer thought out in your head as you build a strategy that you want for your program – otherwise you’ll be caught like a deer in headlights. If you think about yourself as a support function that you’re offering the company and how your ask will support the mission of your department and therefore further the goals of the company, that conversation will be a whole lot smoother.
Cost is a language that makes sense to business units throughout the company – how would you tackle the task of placing a monetary value on a risk?
Mills: Your language should resonate with the rest of the business. If you understand how enterprise risk is deriving monetary value to certain risks, then you can apply that methodology to your own program and to your own security risks which then makes your conversation with business leaders a whole lot easier because you’re going to have that common operating language. Also, ensure that you’re benchmarking. Bring to the table what other companies are doing and how they’re thinking of those risks and how they’re placing monetary value on them.
Vitello: The best thing you can do is find a senior business leader advocate that understands your vision and get them to share your vision. That takes building a network, many virtual coffees, asking what keeps them up at night, etc. There’s an opportunity to show we provide value when we’re addressing the needs of the company. If senior leaders feel like security is a priority of the company, there’s no question that they’re going to support you and go to bat for you when you’re seeking those resources. Get intelligence products in front of them that have a business impact section so they understand how things could potentially impact their vision and what they’re trying to do and know that you are a partner in helping them achieve that.
How do you promote effective collaboration between corporate security and other departments to help build your roster of internal champions?
Vitello: If you’ve already done the hard work of getting to know the people who make decisions in the organization and you’re aligned on priorities, there’s always an opportunity for security to work on a project. You just have to be creative enough to figure out what that is. Share your vision because most of the time, they want your help. Security is the most global department of the company. We know what’s happening geopolitically, what’s happening from an incident-monitoring standpoint, we can tell the leaders what’s going on and how it impacts us.
Oliveira: Positioning your program as a service has tremendous benefits and will help earn your seat at the table. You are providing others with the information they need to do their jobs. You’re supporting legal, communications, facilities, properties, etc. with your service. You need security for intelligence. You also want to be embedded with the leaders. The networking aspect is key – it shows you’re aligned with the strategic roadmap of the company and puts you in a position to be a trusted resource that they can go to. People won’t be putting security on the back burner – you’ll be part of the equation.
What advice do you have for those who are building their business acumen to just “get in the room” in order to have the funding and resourcing conversations?
Avila: Understand your business and develop routines for the leaders on your team to understand the business. It’s important that we know what’s happening in the industry, what’s happening internally, what’s happening economically, and champion that for your team. Champion your team to learn and understand the business. Also, as a leader you should always have items on your shelf that you always need funding for. There will be times – especially at the end of the year – when the company needs to spend money right away. You should be prepared just like a crisis that may come out at any minute and have your proposals ready. Always have something on your shelf.
Looking for more ways to get the budget, respect and support you need? Download our Proving the Value of Corporate Security Whitepaper.