Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

3 Elite Communication Skills to Help Security Pros Get Projects Funded

It's not enough to know how to better protect the enterprise — you have to be able to convince decision-makers that your plans are necessary.

Steve Shelton, CEO, Green Shoe Consulting

June 9, 2023

4 Min Read
Photo of young bearded businessman giving formal presentation to older colleagues in conference room
Source: Tony Tallec via Alamy Stock Photo

This scenario was built using real-world insights from Fred Kwong, chief information security officer at DeVry University. Fred has held IT security leadership positions with Delta Dental Plans Association, Farmers Insurance, and US Cellular.

Fred was working as a senior manager of information security for a large organization earlier in his career. He had identified serious gaps within the organization's security posture and constructed what he believed to be the best solution. In fact, finding security issues and building solutions was something that excited Fred.

Fred wrote a detailed justification requesting the necessary budget and shared his findings with his director. His director then took Fred's request to the VP, and the VP placed the request with the CIO. Soon thereafter, Fred got the response to his request: rejected.

Fred felt disappointed, invalidated, and frustrated. He did his job but was denied the ability to protect his company. How did this happen?

He took some time to reflect and found a few lessons in this experience. Fred realized that, being new to the role and the organization, he was unaware of a few critical factors:

  • Fred's request discussed the issue, solution, and request in technical security terms. He had created his funding request as if his director would be the one to approve it, but the ultimate approvers on the executive leadership team were not technical and did not see value in the request.

  • The telephone game does not create effective communication. Fred realized his message lost effectiveness through multiple approval levels as it progressed up the management chain.

  • Fred had no relationship with the decision-makers. Because he had yet to build any trust or credibility with the CIO, the CIO was more cautious in approving Fred's request.

Had there been someone coaching Fred, he would have been taught effective communication skills that would have helped him be more effective in performing his job, avoiding the disappointment, invalidation, and frustration he experienced. Here are three core tactics Fred could have used to keep from undermining his own efficacy and unlock the budget he needed.

1. Learn How to Tell a Good Story

First, use language the decision-makers understand. Fred suggests using risk as your primary language. The business is used to speaking in terms of financial, operational, compliance, and cyber-risk. The more you can talk in terms of risk, the more likely the business will understand the importance of your project.

Second, simplify your complex concepts. Translate technical jargon into layman's terms to ensure that your message is accessible to a nontechnical audience. Break down complex ideas into relatable anecdotes or real-world scenarios to engage your listeners.

Finally, show the return on investment (ROI). Help the business understand where the ROI is when building out your cyber program. Work with business to build that program.

2. Build Relationships

Relationship-building skills are essential for IT security practitioners seeking funding for their projects. Establishing strong connections with stakeholders across various departments is crucial to gaining support and influencing decision-making processes. By nurturing relationships, you can position yourself as a trusted adviser and gain insight into the organization's priorities, enabling you to align your project proposals with business objectives effectively.

How do you build relationships? Spend time getting to know stakeholders personally, with no other agenda other than that, as well as what is important to them in their role. There are a variety of ways to do this, and it does not take a lot of effort. It can be as simple as grabbing coffee or spending 15 minutes with them over Zoom. Gorick Ng has some great suggestions for introverts.

Actively engage with stakeholders, help, and share your expertise. It is extremely important to come from a place of humility and meet others where they are at in their understanding.

Collaborate with other departments to identify areas where IT security initiatives can contribute to their objectives, such as compliance, customer trust, or productivity. By showing you care about their work and want to support it, you hit on major psychological needs: being seen, valued, and related to. Leaning into these needs will create stronger connections and trust among your colleagues.

3. Develop Your Presentation Skills

Presenting project proposals in a clear, concise, and persuasive manner is crucial to secure funding for IT security initiatives. Excellent presentation skills can help you engage decision-makers, instill confidence, and effectively communicate a project's value and impact.

First, know your audience. Tailor your presentations to their specific needs and interests. Understand their level of technical knowledge and adapt your content accordingly. Use language that resonates with them and provide relatable examples to make your message more impactful.

Then, visualize your message. Employ visual aids such as charts, graphs, and infographics to enhance understanding and retention of key information. Visual representations can simplify complex ideas and make them more accessible to decision-makers. Done in the right way, you can capture attention and leave a lasting impression.

Developing elite communication skills is essential for IT security practitioners looking to secure funding for their projects. By mastering the art of storytelling, building strategic relationships, and honing sharp presentation skills, you can effectively convey the value and necessity of your initiatives. In doing so, you increase your chances of securing the funding required to implement needed IT security measures, safeguarding organizations from potential cyber threats and ensuring a secure digital future.

About the Author(s)

Steve Shelton

CEO, Green Shoe Consulting

Steve Shelton is on a mission to help people achieve greatness. He has an intimate knowledge of the challenges IT leaders face due to 20 years of experience selling various technologies. At Green Shoe Consulting, Steve combines this knowledge with human and performance psychology and a love of coaching to teach mental performance skills needed to overcome any challenge and perform at elite levels. Steve speaks at industry and corporate events, conducts on-site workshops, and writes articles on various performance skills (including stress/burnout, leadership, emotional intelligence, team building, and more).

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights