BSides London: engaging with management at their level might help your case

Senior management are a challenge for security, so security should understand how to interact with them.

Speaking on the Bsides London conference on 'handling senior management', security consultant Brian Honan said that as opposed to become frustrated at managements loss of interest in investment in security, the scenario must be reversed and it will understand how to sell security to the board.

He said: “The management opinion is 'fix it' and yours is 'give me money' but that's not happening. But usually is it 'not you again' or 'go away and leave me alone'. So we're stuck with an identical problem and headache.

“Our hands are tied and it appears like having a fight with a hand tied behind your back. Why is that? Is the issue with senior management or with us? Are we doing it the opposite direction? We expect that management are stupid but this isn't the case, they're people that built the web and aren't experts on IP law or data protection so that's as much as us to provide in a concise way and make issues to give to the board.”

Honan said that it is very important contemplate how management think and realise that security has its own language and confirm that management hear you right and spot technology spend as money down the drain. “Forget about costs, present your small business case to the management, tell them you should spend and it isn't only a new box,” he said.

“Management don't like grey areas. Discover what the business does and align yourself with it, consider the advantages and what it's going to bring to the business. Visit the PR and marketing teams and ask them easy methods to present better. You should get everyone working together to mend it.”