Chapter 19. Ten Tips for Getting Upper Management Buy-In

In This Chapter

  • Staying away from fear, uncertainty, and doubt

  • Proving yourself

  • Communicating on their level

  • Highlighting the benefits

Dozens of key steps exist for obtaining the buy-in and sponsorship that you need to support your ethical hacking efforts. In this chapter, I describe the ones that I find to be the most effective.

Cultivate an Ally and Sponsor

Selling ethical hacking and information security to upper management isn't something you want to tackle alone. Get an ally — preferably your manager or someone at that level or higher in the organization — who understands the value of ethical hacking as well as information security in general. Although this person may not be able to speak for you directly, she can be seen as an unbiased third-party sponsor and can give you more credibility.

Don't Be a FUDdy Duddy

Sherlock Holmes said, "It is a capital offense to theorize before one has data." It's up to you to make a good case and to put information security and the need for ethical hacking on upper management's radar. Just don't blow stuff out of proportion for the sake of stirring up fear, uncertainty, and doubt (FUD). Managers worth their salt see right through that. Focus on educating upper management with practical advice. Rational fears proportional to the threat are fine — just don't take the Chicken Little route, claiming that the sky is falling.

Demonstrate How the Organization Can't Afford to Be Hacked

Show how dependent ...

Get Hacking For Dummies®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.