This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » How to Use Security to Drive Sales
Cyber Security NewsSecurity Leadership and ManagementManagementCyber

How to Use Security to Drive Sales

The Value of Your Security Story

How to Use Security to Drive Sales
April 10, 2018
Sabino Marquez
KEYWORDS C-suite security / security budget / security careers / security risk management
Reprints
No Comments

Making information security a priority within an organization isn’t easy. Security is usually seen as a specialized technical function within the organization and often isn’t aligned with organizational strategy or even day-to-day business tactics. Instead, information security teams are often siloed from the effects of their decisions and hyper-focused on detection, defense and mitigation. This is why companies’ security strategies often conflict with business operations. Does that new two-factor authentication system leave your sales team hanging out in the cold when they get locked out of your system in the middle of a demo? Too bad. The “S” in “IS” is for security, not sales.

Security professionals are seen as technical risk managers tasked with prevention instead of growth, compliance in place of strategy, and technical point solutions instead of culture change. As a result, security is seen as a cost center; at best, it’s a necessary expense that needs to be minimized. That leaves most security teams undervalued, underutilized and misaligned with stakeholder vision.

If you think your job as the CISO or CSO is to be the guardian of your organization’s data or infrastructure, think again – that is just the beginning.

Your job is to be the curator and custodian of the organization’s security story. Your security story is the sum of all the ways your company defends assets, meets compliance and market criteria, implementing the right technologies that keep these said valuable assets safe.

The foundation of a strong security story emerges when a business can answer the following questions:

  • How much revenue has our security team helped drive to close?  How has the security story increased upfront sales or market access, or helped to defend annual recurring revenue (ARR)?
  • How have other teams in your ecosystem worked more efficiently and more effectively with fewer security defects at source?
  • Which of our stakeholders know how our security story satisfies their specific requirements and criteria?
  • Can you show how each and every tooling decision aligns to either market requirement, client specification, contract commitment or insurability criteria (or all four)?

A good security story is built with input from multiple internal departments, so it is relevant for all potential stakeholders. For example, let’s say the sales team would like to target customers in highly regulated verticals like healthcare or government. The company’s security story should provide insights into whether the company is ready to tackle those markets. If the security story isn’t able to demonstrate compliance with the relevant patient privacy regulations – well, then your security story tells your sales team they can’t break into healthcare.

The security story has a major impact on sales operations. A good security story breeds trust in the supply chain, opens up new market opportunities, shortens sales cycles, increases upstream and downstream assurance, and ensures that the sales team doesn’t get road blocked by concerns around how data and assets will be protected. A company could get by with a good operations story in the past – or a good marketing story, or even a good finance story – nobody today gets by without a good security story.

The security story is also important in the need to grow the information security function. When it comes time to ask for more budget, does your leader really understand what you will be using it for? Not unless you can show direct impact on the business. There are some great dashboards and logging tools out on the market that may be useful to the security team. However, if that investment doesn’t fit into the security story and have a strong tie-in to revenue generation, justification to stakeholders becomes more difficult.

Security is a strategy that enables market access, branding, reputation and, ultimately, revenue. Security leaders need to not get caught up in the day-to-day grind of their jobs and instead build a security story that clearly outlines your ethos, accomplishments, and path to support revenue creation. Creating a defensible security narrative has significant strategic and business development benefits and should be a priority for every business.

Subscribe to Security Magazine

Sabino Marquez is the Chief Information Security Officer of Allocadia. In his practice, he works to elevate the discipline of information risk management into a competitive differentiator and centerpiece of customer trust drawing on a comprehensive strategy driven by Information Risk Management Operations, Compliance Management, Information Asset Governance, International Data Privacy, Information Assurance, Audit, Business Resiliency, Incident Management, Partner Assurance, and Information Security Operations.

Related Articles

How to Work with Hackers to Make Your Company More Secure

How to Utilize the Cloud to Mitigate Cybersecurity Risks to Security Hardware

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

cybersecurity breach

The Top 12 Data Breaches of 2019

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing