G5. Persuasion Techniques for Selling Security – No Really
Thursday, May 10, 2018
2:00 PM - 3:00 PM
Security is vital to organizations. Some of the recent breaches were caused by a lack of patches - a fundamental security control. Security leaders spend a lot of time trying to convince various stakeholders and departments to embrace and support security efforts, requiring the need to make persuasive arguments. This presentation will use real-world examples of arguments made to sell security improvements.
This presentation will start off by describing what persuasion is. The security leader must first build a rapport with the people to be persuaded. Taking people out to lunch often helps build that relationship. Genuine compliments made to the other person also bridge this gap. People may believe persuasion is manipulating people to do something you want them to. Rather, it is helping people to see a different perspective. Persuasion may also take time. The security leader needs to be patient to not expect immediate results, yet remain persistent. Making the same repetitive argument can help people to understand the validity and start supporting it. The timing of the argument is another important component. If the person being persuaded just had a personal crisis, the leader should wait for the crisis to pass.
Persuasive arguments should define realistic expectations. Security leaders should balance their arguments with the current business initiatives and security threats. Being prepared to answer counter arguments also helps to achieve the objectives of the argument. Becoming defensive will not persuade the stakeholder, but rather cause the security leader to lose credibility. The delivery of the argument is critical to being understood and for the other party to consider the idea being presented.
You should use different persuasive argument strategies as the need arises. These include: setting the goals of what you need to achieve in the argument, focusing on future tense language, making them like you so they will listen more intently, build credibility with them, showing leadership as the organization’s security expert, convincing the other person your argument is the most advantageous to them, using facts and terms to persuade on your own terms, how to spot weaknesses in the other person’s counter arguments, and making sure your arguments match the language of the receiver.
Audience members will have the opportunity to practice forming persuasive arguments for security. This will help solidify and apply what they learned in the session.
Merlin Namuth is the Business Information Security Officer at ReedGroup. Namuth has over 22 years of IT experience with the last 19 years focused in security. His experience in security is comprised of building and running numerous security programs, program management, managing incident response teams, computer forensics, compliance, and architecture and engineering complex security solutions. Namuth serves on the cyber risk advisory board at Pepperdine University where he also guest lectures. Merlin currently serves on the Board of Directors at iEmpathize, a nonprofit organization focused on educating people about human trafficking. He has presented at several conferences, including having spoken at RSA four times -- domestically and internationally, as well as RMISC, OWASP, and ISSA. He holds the PMP, CISSP, GCFA and GCIH certifications.
Anne Namuth – by day – is a middle school language arts teacher of 17 years. By night – Anne is a doctoral student studying reading, language, and literacy. Anne’s dissertation topic is exploring how engaging in writing leads students to different habits of mind and a critical awareness of the impact of empathy has on individuals and groups. Between teaching teenagers and being a student herself, Anne has taught at the college level: research writing for nursing students, literature for business majors, and a variety of classes about assessment for teacher candidates. While preferring to compose thoughts by hand on paper, Anne is used to working on a computer. Anne’s first home computer was a Commodore 64.