Despite the increasing awareness for and importance of creating an effective information security program, many cybersecurity leaders have faced the scenario in which their budget was being reduced or limited. If you haven’t faced this obstacle already, consider yourself lucky. Most security leaders will have to navigate budget cuts at some point in their careers.
While it’s never wanted, rarely advised, and always frustrating, when cuts do occur, cybersecurity leaders have a real opportunity to demonstrate their leadership acumen and to raise their profile within the organization. The security leader who demonstrates that he/she is capable of continuing to manage a cybersecurity program and address key risks even when resources are limited can truly set himself/herself apart as a savvy and valued member of the organization’s leadership team.
The question then becomes, “How?” How should you appropriately address your frustrations and the potential issues it causes without putting your job in jeopardy or undermining your credibility with company leaders? How can you effectively convince senior leaders to provide more resources in the future?
Before we dive into specifics for how you should approach the situation, it’s important to consider the perspective of your senior leader. Trying to understand where they’re coming from is always helpful. (This is true of any situation where there is conflict, by the way.)