Justify your requirements with real numbers to get support for security investments.

Richard Amburgey, Chief Security Officer (CSO), Bureau of Labor Statistics

April 1, 2021

3 Min Read

Are you having trouble receiving buy-in from senior leadership for your security programs? Are you having difficulty obtaining funding for your programs outside of the usual three G's — guards, guns, and gates? Let me share how I have been successful in gaining buy-in for investing in security from senior leadership.

The goal is to focus on changing senior leadership's mindset and culture. How do I do it? The answer is data. Security is in the customer service business. Our customers drive the services that we provide to our organization. Data tells our story. Most senior leaders do not understand the depths of security and our daily duties. Security typically operates in a vacuum, which makes it difficult to tell our story. And if we are unable to tell our story, we will never receive buy-in from leadership. Still not sold? Allow me to elaborate.

For each security program you have, start tracking each service you provide. A perfect example of this would be how law enforcement tracks its calls for service. For instance, when a dispatcher sends a police officer to a call, that call is recorded in a tracker that is used to generate working hours at the end of the calendar year.

You can apply the same concept to each of your IT security programs. For example, in February, the Security Department's Identity Credentialing and Access Management (ICAM) program compiled the following numbers for ID cards:

  • New Issuance: 83

  • Pin Resets: 43

  • Physical Access Control Mapping: 84

  • Certificate Updates: 37

  • Lost/Stolen/Missing Card Replacements: 12

  • ID Card Destructions: 7

  • Employee Separations: 8

  • Employee Onboarding: 12

Now, imagine tracking the services for all your security programs, administrative taskers, staff hours, and so on. Sure, there will be growing pains when you're formulating a tracking sheet and asking your staff to take on the added workload. I can assure you, though, that the extra effort is worth it and will return on your investment of time.

Another benefit to the process of recording these numbers monthly is that your senior security officer can also use this data to provide weekly, monthly, and year-end reports to senior staff. Having the ability to provide data, at any given time, for essential security services is vital to the organization and its mission.

The most significant element is that you now have the data to justify your security program's needs. The data will also help security officials determine whether security programs provide value to an organization or cost them unnecessary funds that could save the organization money. Reallocating that funding could benefit other areas of the organization, including procuring security equipment, systems, or even training. That data could also be used to justify staffing needs.

Most importantly, the goal is to let the data tell your security program's story and defeat the old mindset that security is only about the three G's.

Note from author: The views expressed in the article do not necessarily represent the views of the agency or the United States.

About the Author(s)

Richard Amburgey

Chief Security Officer (CSO), Bureau of Labor Statistics

Richard Amburgey is a Chief Security Officer (CSO), leading, advising, and coordinating security operations, protecting the Bureau of Labor Statistics (BLS). After nearly 20 years in security and law enforcement for government agencies, Richard understands the importance of identifying agency protection goals and objectives, ensuring they're consistent with strategic plans. He previously worked as the Chief of Regional Security Operations for FEMA Region V in Chicago, developing and implementing physical security countermeasures that protected FEMA employees, facilities, and assets. He served six honorable years in the US Navy as a Military Police Officer and Special Agent in Charge, commanding 92 dignitary operations. Richard has been featured in Security Magazine, LinkedIn, SDM Magazine, and government publications and white papers. Richard holds an MA in criminology from Valparaiso University, a BA in Criminal Justice from Excelsior College, and is pursuing his doctorate in Organizational Development and Leadership at the University of Arizona.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights