Are you an information security professional who frequently needs to get approval from business executives for new security measures? This 1-hour “Short and Sweet" course takes away the guesswork and gives you tools you can start using today.
Learn to speak business executives' language and get easier approval for your security investments.
Pitching a security investment can seem difficult because it's not always a clear-cut process, but learning to sell to business executives in their own language is a key to reframing security as a long-term positive investment opportunity.
In less than 2 hours, this Short and Sweet course will give you solid practice and help you achieve steady improvement in your pitches, without a lot of filler. We'll discuss the potential for finding common ground, why sales skills are so important, and how to transform your security investment proposals from risk-focused to business-focused with a few simple tweaks. We'll also talk about preparing for an in-person pitch, and about selling to the business line - selling to users - after your pitch gets approved.
At the end of the course, you'll be better equipped to have effective discussions with business leaders about potential security investments you need and want to make inside your company.
That's a great trade for 2 hours of your time!
Please note: This course is designed to get you productive FAST. This course assumes you already are familiar with information security basics and, ideally, are in an information security or IT role at your company. If you aren't familiar with information security basics, please seek out another course to learn those skills.
But if you're already familiar with information security and want tools to understand business language and use it in the context of security, this course IS for you and I hope you'll enroll.
My goal is to make this course the easiest path to more effective information security investment pitches. Please let me know if anything in the course could be clearer, and I'll be happy to help you. It also will help me improve the course.
If you're ready to learn more and sign up for the course, go ahead and hit that Enroll button - Udemy offers a 30-day refund guarantee, so there's no risk to you!
This lecture introduces the course and its prerequisites.
This lecture compares two different types of thinking: risk-focused and business-focused. These two types of thinking have entirely different languages!
This lecture introduces the idea that security and business teams actually have similar goals, if they can get past the language gap.
This lecture discusses why you should sell your security investment proposal to business executives even if the investment is required by law or regulation.
This comparative case-study exercise highlights the difference between a check-the-box security implementation and a strategic, win-win implementation.
This lecture offers strategies, tactics and specific language for information security managers who need to sell potential security investments to business executives.
This PDF provides a high-level glossary of business terms that may be useful for security professionals.
This optional lecture shows you how to use net present value (NPV) to determine the ROI of a potential security investment.
This downloadable PDF provides links to lists of power words that you can use to heighten the impact of your security investment pitches.
This lecture walks you through examples of risk-focused versus business-focused proposals for different security investments.
This lecture gives you an opportunity to practice writing your own business-focused proposals for common security investments.
This lecture provides tips and questions you can ask yourself before pitching a security investment to a business executive in person.
After your information security project is approved, what's next? Convincing business-line users to get on board.
This lecture focuses on why internal auditors should 'sell' their findings - even if management is required to address them.
This lecture wraps up the core curriculum. After completing this course, you'll be better equipped to pitch information security proposals to business executives.
This lecture offers next steps for continuing your learning, including book recommendations and other resources.
Stephanie is a software developer, IT risk management expert and former journalist who loves learning. After several false starts, she taught herself to program in 2012 and wants to teach programming the way she wishes it had been explained to her. In addition to delivering online training courses through 219 Labs, her projects include developing a software tool that allows you to program in plain English. She has a master's degree in information security policy and management from Carnegie Mellon University, a bachelor's degree in journalism from Northwestern University, and attended Recurse Center (formerly Hacker School) in 2014. Her interests include organic food, art, travel and doing good work.