The Seven-Sentence Convergence Turnaround

Last year I witnessesed a very smart CSO perform a convergence turnaround at another company (not his employer) using just seven sentences. It started at a SecureWorld Expo event, during a round table discussion being run by Steve Lasky, Publisher and Editor-in-Chief of Security Technology Executive magazine.

During the discussion, a security manager voiced his surprise at hearing that other security practitioners were able to access their security video and PC desktops remotely, from the conference . He stated that his IT department would not let him do that, because they said it was not a safe thing to do in terms of network security. He had also said earlier that there was no collaboration between security and IT in his company, because the IT personnel were too busy. (Admittedly his company was behind the times, because remote access and teleworking were fairly common by the date of the conference.)

CSO sitting around the table from him said, “What is your IT department’s annual training budget? Can you call now and find out? I suspect that the budget is too small or non-existent. If so, that’s your real problem. It would explain why your IT department is too busy to service you, and why you can’t get remote access.”

The security manager opened his cell phone and made the call. Sure enough, the training budget was zero.

The CSO said, “I’ll have my CIO contact your CIO. You wouldn’t believe the improvement in IT services at my company when we increased the IT training budget to what it needs to be. Also, go ahead and call my security manager and he’ll fill you in on how he collaborates with our IT department.

Needless to say the follow-up occurred, the training budget was increased, and the security and IT departments began collaborating around convergence topics.

This reminded me of the commercials that go like this:

Security conference attendance: $195

Phone call: 10¢

Upgrading your IT department services and collaborating on security: Priceless

This is why I’m such an advocate of venues like SecureWorld Expo (where I’m one of the speakers and round table participants) and the Global Security Operations event (which I designed and produce). They provide valuable opportunities for peer-to-peer information exchange, in addition to the value of the remainder of the event.

You don’t have to be behind the times to benefit from such events. You just need to have security objectives or a security program that you want to forward, or an interest in finding out what other companies like yours are doing with regard to security.

Is your company’s security advancing as you would like it to? Or if it is, would you be unhappy if it progressed even more quickly, or became even more cost-effective?

Perhaps you need a small increase in the annual security conference and education budget. Is there one—or do the security folks have to struggle for an approval every time they want to upgrade their security knowledge by attending a security event?

Given an annual budget, most security practitioners do a very good job at optimizing the return for the budget dollars.

Best regards,
Ray Bernard


Leave a Reply

Your email address will not be published. Required fields are marked *