Are you struggling to communicate the value of your security investments? Do you find it challenging to gain executive buy-in and secure the necessary resources for your security team?
It’s time to break through the barriers and position security as a strategic partner within your organization. Watch the replay of our webinar, “From Barrier to Strategic Partner: How to Communicate the Value of Security Investments,” hosted by Security Magazine.
Discover the essential elements for how to build an effective business case and achieve the recognition your team deserves.
Learn how to:
- Unlock Your Security Team’s Potential: Learn the fundamentals of creating a persuasive business case and overcome common challenges in securing investments.
- Craft Powerful Storytelling Through Data: Master the art of presenting your team’s accomplishments with impactful storytelling that resonates with senior leadership.
- Drive Strategic Objectives: Discover how to align your security initiatives with broader organizational goals to position security as a driver of success.
This session is for:
- Security leaders focused on incident management, security risk management, threat protection, or security operations.
- Professionals in the security field looking to build an effective business case for their security investments.
Don’t miss this opportunity to transform your security investments strategy and gain executive buy-in. Click the “Play” button on the video above now.
“From Barrier to Strategic Partner, how to Communicate the Value of Security Investments” webinar transcript
Taylor Dottie:
Good afternoon and welcome to this webinar, “From Barrier to Strategic Partner, how to Communicate the Value of Security Investments.” This event brought to you by Security Magazine is sponsored by Resolver. I’m your moderator, Taylor Dottie, assistant editor of Security magazine. Thanks for joining us. Today’s presenters are LeeAnn Kincal, product marketing manager at Resolver and Artem Sherman, product manager at Resolver. Don’t forget to submit your questions and later in the program our presenters will adjust as many as possible. Today’s event is being recorded and archived on security magazine.com. This presentation is protected by US and international copyright laws reproduction distribution display and use of the presentation without written permission of the speaker is strictly prohibited.
As an IACT accredited provider. BNP Media offers I a CT C used for its learning events that comply with the an C and ICT continuing education and training standard participants completing this course may be eligible to receive continuing professional education credit or CPEs toward ais recertification training may qualify for related continuing education for recertification activity through sep. Students may claim one continuing professional development point per hour of instruction towards their nice recertification requirement for any sessions that expand their knowledge of the subject matter pertaining to the certifications they hold. Our learning objectives are identify the fundamentals of the business case, describe the common security team challenges and gaining buy-in for investments, discuss tips for building a powerful business case with strong storytelling through data, develop a step-by-step guide on how to create an effective presentation with examples. And now I’m excited to turn it over to today’s presenters, lean and Artem.
LeeAnn Kincal:
Awesome. Thanks so much Taylor. And thank you everyone for joining today’s webinar. As Taylor mentioned, we’re going to be taking you through how to build a strong business case for security investments
And just starting off with our agenda. So first we’re going to start off with talking about a core challenge that security teams face more than any other departments across the business. And then we’re going to walk through a business case template, which is board from the inter-agency Security Committee, which we believe will help your teams be able to easily communicate the current problems that you’re facing and your recommended solution to overcome these. Then last but not least, we will then walk through a business case example, a hypothetical business case example that will demonstrate what a real world example might look like. That’s where we’ll spend majority of our time in today’s webinar.
Okay, so going into core challenges that security teams face. So one common challenge we hear in the industry is that the broader organization often fails to understand the value security teams bring or can bring to the business solely due to a lack of familiarity of the roles. So unlike other functions such as marketing, sales, technology, security teams really have the benefit of their budget holder having an inherent understanding of the value they create and the requirements for success. So this is why we’re building a strong business case that highlights the impact security teams can have as well as continuing to advocate for yourself, which is absolutely essential. And we’re hoping that walking you through this example today will help you visualize how you can take this away and create your own business case that will highlight the impact that these investments can have, not only for your security team but across your organization.
So now going into the inter-agency Security Committee business template. So first we just want to start off with some background on the ISC.
The ISC was actually built based on the bombing of the Alfred P MRA building on April 19th, 1995. This bombing resulted in the Department of Justice publishing a report on the vulnerability of federal buildings, which then resulted in the generation of the ISC committee. As a result of this, the ISC had put together multiple reports since then of how to protect these federal buildings, which often resulted in large budget requests. And because of that, they needed to develop a strong business case in order to demonstrate that value and to gain budgets to move forward with these proposals.
Okay, so going into the ISC business case process.
This is actually a six step process and we’re going to start off with the first three here. So the first step is preliminary analysis and defining the problem. So this initial step is generally quick yet unnecessary exercise and the attention of this is to do initial research in order to solicit buy-in from your stakeholders. And that really defines the problem enough to gain buy-in and pursue building out this recommendation fully. Again, that this is an essential aspect is if your organization or your stakeholders do not clearly understand what the problems are, it’ll be difficult to advocate or articulate the rationale behind your business case. And Artem actually has had personal experience with this first step if you’d like to jump in and explain that Artem.
Artem Sherman:
Sure. So the first step I find is very often underutilized. There’s opportunities that present themselves in your organization every day, week, month, and quarter. So incidents and other events happen in your organization that are notable or indicate some sort of pattern fairly routinely. The reality is that every fiscal cycle you may get to execute, sometimes zero, sometimes one, sometimes maybe two projects that are of a significant size. So zero to two major projects every year that you get to play out. But the way you get to be able to execute those large projects and ensure that those are the projects that you believe you need to focus on and your security organization needs to focus on is through continuous communications and through pushing your agenda whenever the opportunity presents itself.
As things happen that bubble up to the level of attention of the executive team, you should be ready with some of those initial analysis and be prepared to essentially do an elevator pitch when the chance presents itself have your high level ideas ready to communicate instead of just reviewing the incident and commenting on the event with your exec, which is certainly a part of that.
Also come prepared with some potential solutions and analysis. So for example, this claim of mistreatment where we had to pay out $40,000, which is just one of dozens that happen every year, could have been avoided if we had body-worn cameras for a guard force that shows that you’re strategic thinker, that you’re thinking about solutions and not just reviewing the problem.
That might follow up from an executive with a question like, well, what would that look like? Well, we could pilot it for one team over two months. It would cost us about $20,000 and it would cost us about $2 million and take six months to roll out to our entire guard force. The reason exec approvals sometimes seem to happen quickly. It’s when you’ve done the homework, when you’ve done the groundwork, and when you continuously champion for the initiatives that you feel are important to solve, those important problems that occur in patterns that occur. And this is something you should be doing all the time. Every time an event happens or a pattern presents itself, you should be doing this preliminary analysis, some early thinking and some early ideas for solutions and root causes so that way you’re ready with these things.
Another example is this happened because we didn’t have an incident management system and we couldn’t find the necessary documents to defend the civil claim. This way, as you are throwing out these solutions, next time something happens or when budget becomes available, the exec teams are already primed to focus their spending and attention on the solutions that you already have a rough outline for. So very, very important first step doesn’t take a lot of effort and all of us normally have some of that in our brains, but write that out, be prepared with those.
LeeAnn:
Awesome, thanks Artem. And then from there, moving into step two, which is about identifying stakeholders and as Arta mentioned, socializing that problem as well. So it’s important to determine who your key stakeholders are within your team, but also across other functions throughout your business. So whether it’s hr, it, legal, whoever that may be, and again, socializing that problem as early as possible. And in doing that, you’re actively engaging your stakeholders and it not only allows ’em to feel both included but also invested in the process, which can really lead to them advocating for this proposed business case and help push the project forward.
Going into step three, which is developing a cost benefit analysis. And within this step, there’s actually a nine step process here, and this is we’re going to spend most of our time reviewing today. Okay, so this is the nine step process and this actually comes from the federal government of the federal office of management and Government, and this is their approach, which as you could see is quite thorough and a rigorous process. And as I mentioned this is we’re going to be spending most of our time on the example once we go through that as this is where the most amount of work is really going to go into when developing your business case.
Just a high-level overview of the different steps here. Step one is defining the need and the problem you’re trying to solve, which is what has been done in the initial step that we spoke to in the previous slide. Then there’s step two, which is defining the baseline. This is clearly outlining what the current conditions are and what is leading your current problems to exist.
It’s important that this is clearly articulated to the problem and its causes easily understood. Step three is then setting the timeframe analysis, which would be how long do we expect to see anticipated results once this has been implemented, as well as outlining the timeline to determine if and when we need to reevaluate our decision or make any necessary changes. Step four is identifying a range of alternatives, and this is a great exercise as it demonstrates that you have thought through the process comprehensively and highlights your thoroughness in exploring various alternatives and scenarios when you’re bringing this to your leadership team. Step five is then identifying the consequence to each of these alternatives. This will not only give you a deeper understanding of each of these, but can also highlight how your main recommendation is the most ideal solution.
Step six is this is where you would quantify and monetize all the benefits and the cost for your recommendation as well as your alternatives. Step seven is discounting future benefits as a potential option that some companies like to consider.
Step eight is evaluating non quantified and non monetized benefits and cost. So you’ve already spoken to the quantifiable and monetized costs in step six, but it’s also important to talk about the non-quantifiable ones as well as there can be a lot of very, very important benefits that can come out of this. So this is something that is important to highlight throughout this process. But also want tip appear is ensure that your non-quantifiable benefits are clearly delineated from your quantifiable benefits as we don’t want to mix these two up as it can lead to some confusion. It’s important to keep those two steps separated.
The last step of the cost benefit analysis is characterizing your uncertainty. So here is where you would outline the expected results, including how much worse the result could be if we did not achieve a breakeven point. And again, this says step really allows you to show that you’ve thought through the possible outcomes when going through this. Okay, returning back to the six step process through the ISC with the three remaining steps. So the step four is anticipating potential resistant factors. So another important step here is to spend time preparing for what potential objections or questions that you might expect from your leadership team. And this just ensures that you prepare to answer these questions and it might also help alleviate any immediate concerns that they may have when this comes up initially.
Step five is developing your implementation plan. This includes determining how this project would be implemented, who needs to be involved and when setting up those timelines and showing that you’ve thought through the entire process and understand the requirements that are needed to bring this project and proposal to life.
And then last but not least, is delivering the recommendation. So this is the final step of the process where you deliver all your research and recommendations to your leadership team. And a couple tips that we have for this last step is firstly, knowing who your audience is and what’s important to ’em and delivering a report or a presentation that would best resonate with them. And another one if possible is delivering the report in advance in order to give your leadership team enough time to understand what your recommendation is and then coming prepared for any further questions so they can thoroughly understand what your recommendations are. So with that said, we will move into our example.
Artem:
Great. So we’ll talk about a fully fictitious business case example for a chain of hospitals called perfect care hospitals. So perfect care hospitals, also known as PCH operates 15 hospitals spread across Texas. The CEO of PCH has reached out due to high employee turnover across their hospitals. In 2022, PCH had a turnover rate of 24%. A review of exit interviews indicated that unsafe working conditions was a major contributing factor for the turnover. So we’re tasked with figuring this out. This is impacting our ability to deliver quality care and attract and r