Selling Security…to the Boss?

May 22, 2015 | Kelly Schroeder

John came in to work Monday morning. His expensive sports car was awesome, his tie was awesome, and his new corner office was awesome. It seemed as though nothing was going to ruin his day. He leaned back in his leather chair looking out the window, waiting while his new computer booted up. First thing to pop up was an email from Ted in IT. John stifled a groan. "He is going to want more money for IT and he is just going to complain about 'the users' again." John sighed and began to read the email.

Dear John,

Friday night we had another malware attack. This one was bad. Whole directories were encrypted and several of the sales guys don't have a computer to use since I was working on the servers all weekend. We have to have more money to get the antivirus software I've been asking for. We need better backups too. Our current server is going to die soon and our software was made in the last decade. I know it seems like a lot of money, but if we don't do this we're really asking for problems.

John just shook his head and hit the delete button just as he had on the prior 5 messages from Ted about the subject.

If you've been in IT for any length of time you have been on Ted's end of this conversation at least once if not repeatedly. So how do you change the outcome? How do you go from being denied just the basic necessities to preserve the integrity of your company and you personally as an admin to getting at least the minimums? In short, you have to learn to sell your ideas (not your soul). Selling an idea that can seem so fundamental and obvious to us may seem difficult to wrap your mind around at first, but it is a necessary skill that you have to develop if you are to be effective at your job. Communication is the single most critical part of an IT Pro's skillset (non vendor specific).

1. Get Real Numbers

First things first, you need to know how much the things you need are going to cost. If your boss or the person in charge of the purse is not interested in choosing a solution then do your homework/due diligence, meet with vendors, and settle on a proposed solution with actual dollars and cents. In the midst of this do not, under any circumstances, fall into the trap of going with the cheapest solution. Hopefully your solution will be the most inexpensive, and cost is always a primary factor in the SMB market, but if you try to undersell the solution just to get it past the powers-that-be you are going to diminish your credibility when things go south and you don't have everything you need or the build quality is too low. Be aware that vendors are also aware of the inclination within SMBs to go with the cheapest solution and they will often bury or mislead about the actual, final cost of their solution.

2. Prioritize

Everything in Ted's list sounds very reasonable to an IT pro. What could you cut out? All of it is critical. Bottom line for the deciders is that there is only so much money that can go to all of the things that need doing, and, frankly, IT doesn't make any money directly for the majority of SMBs. You will have to prioritize and find the things that you absolutely cannot do without. How do you choose between backups and antivirus, between memory for the SQL server and functional end user devices to replace your XP hardware? This is where understanding your company's business is absolutely critical. It is up to you to put together a preliminary list of what will support your company's primary function the best. If you can, break it up into Gold, Silver, and Bronze, or Cadillac, Chevy, and Yugo groupings for clarity and ease of selection. This will also allow your boss to see how much an "upgrade" to the next level will cost him or her, and choose accordingly.

3. Schedule/Planning

Just as nature abhors a vacuum, so do executives a lack of a plan and schedule. Before you even float your obvious, blindingly brilliant proposals, have your potential dates all worked out. Just as with the prioritization step, have your preferred timetable, and alternate dates. If you don't provide those in charge with the opportunity to make a decision between options, you may not like the one that they choose for you.

4. Talk the talk

There is a significant communication gap between management speak, marketing speak, sales speak, and the way your typical IT pro communicates. If you have never encountered this then it's either time to buy a lottery ticket because you're luckier than anyone has a right to be, or you are simply unaware of the fact that those around you are unable to understand what you're talking about and the “whyfores” behind it. While it is not fair, it is incumbent upon you as the IT Pro to bridge that gap. There are no hard and fast rules or even many rules of thumb for this unfortunately. What it really comes down to is understanding your audience, what they understand, and translating the company's IT needs into terms they're familiar with. Let's say that your company's decider in chief is an avid car person. Instead of telling them that you need antivirus software because bad things will happen if you don't, put it into terms from their interest. For example: "Would you drive a car without oil, or not change your oil when it has been a long time?" "Of course not." "Well, running a computer network without any antivirus is the equivalent. You can do it for a time, but without it everything will grind to a halt as the system/engine becomes coated with debris."

This one is heavily on you to understand those over you, what they like, what they can understand, and translating your requirements in a way that fits their framework. Do not, under any circumstances, patronize. Even if your boss seems a bit dim, most people can pick up on a patronizing attitude. If you do this your chances will go from slim to non-existent before you can say "You're an idiot." If prior interactions have left you with a less than stellar opinion of your upstream's faculties, check your proposal and delivery with someone that isn't in the decision chain and is also not in IT and have them tell you if you come off as patronizing.

Final considerations

Being in IT is a matter of building trust. We do not have the luxury of flexible ethics. Put together your list, but if it is ever suggested that you can "get by" if you don't pay for this license or you could download critical software from that source the Sales Manager's son told him about, you have to cut the idea off at the knees. It is very tempting to give into demands that you yield your personal integrity "for the good of the company", but the reality is that your integrity is worth more than your job. If you surrender it once, it will happen again.

There are many nuances that I have not covered, things that may sink your proposal. It is incumbent upon you as the IT pro for your company to know your prices, priorities, schedule, and presentation. If you can get all these pieces together you will have a greater degree of success than if you just shoot emails at your boss or your boss' boss, or your...you get the picture.

Kelly Schroeder

About the Author: Kelly Schroeder, System Administrator

Read more posts from Kelly Schroeder ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial