Bring in the $$ : Moving Security from Cost Center to Revenue Generator

No ratings

Presented at BSidesSanFrancisco 2018 by

Arianna Willett

Security is expensive. A security team requires a number of highly paid people and a myriad of expensive tools. For most business executives (read: non-security people), security is also scary and efforts never seem to be enough to get ahead of attackers. It’s easy to see why budget-makers view security as a money-sinkhole, forever appropriating valuable company resources. How can we, as security professionals, change the dialog so security is viewed as an asset to the company, rather than a constant liability? The solution is to communicate, in dollars, the benefits of doing security well. The biggest area that needs to be highlighted is revenue enabled by security. Most security teams can articulate the cost of a security event and the cost of controls to prevent an event. What most teams are lacking, and the key to moving from cost center to revenue generator, is the revenue enabled by security. This information is surprisingly easy to obtain. Walk away from this talk prepared to shine the light on the value of your security program in a way that even the least technical CEO will understand.