slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Information Assurance Services PowerPoint Presentation
Download Presentation
Information Assurance Services

Loading in 2 Seconds...

play fullscreen
1 / 28

Information Assurance Services - PowerPoint PPT Presentation

  • Uploaded on

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Information Assurance Services

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Seccuris is Canada’s premier Information Assurance integrator. We enable organizations to achieve business goals through effective management of information risk.We are agile, innovative, flexible, and responsive. We assist your organization in managing all aspects of information risk. We specialize in end-to-end services, comprehensive solutions, and tailored programs.


Information Assurance Services

    • Information Security Consulting, Security Architecture, PCI, Vulnerability Assessment, Penetration Testing, Information Security Audit…
  • Managed Security Services
    • Managed Threat Monitoring Services, Managed Vulnerability Assessment…
  • Training and Education
    • SABSA Certification, TOGAF, Information Security Core Fundamentals…
  • Research and Development

Selling Security

Presented by Leo Thrush




What is the problem?

Find the decision maker

So many personality types

Problem solving

Being the expert

However, this is a discussion…

Please ask questions as they come to mind.



Leo Thrush

PhD Candidate, MBA, Masters in Strategic Resourcing, CISSP, PMP, ISSEP, ISSMP, CBCP, SCF, GCSC, CISM, CAP, NSA-AO

  • Managing Security Consultant, Seccuris
  • Professor, University of Fairfax
  • Previous roles:
    • Chief Instructor, (ISC)2
    • White House IT Security Advisor
    • Senior IT Security Advisor, Pentagon
    • NSA/CIA Senior Security Architect
  • Focus on management consulting, enterprise architecture, IT strategy, IT service management, and teaching
  • Relevant Certifications:
    • SABSA Security Architect
    • Information System Security Engineer

The Problem

How do I sell securityto the boss?

…and get them to support and fund it?


Start with Applied Psychology

c. 590 BC Ezekiel's four living creatures:lion (bold), ox (sturdy), man (humane), eagle (far-seeing)

c. 340 BC Plato's four characters:artistic (iconic), sensible (pistic), intuitive (noetic), reasoning (dianoetic)

c. 325 BC Aristotle's four sources of happiness: sensual (hedone), material (propraietari), ethical (ethikos), logical (dialogike)

c. 1958 Myers‘ Jungian types:SP (sensing perceiving), SJ (sensing judging), NF (intuitive feeling),NT (intuitive thinking)


Myers-Briggs Type Indicator

  • Favorite world: Do you prefer to focus on the outer world or on your own inner world? This is called Extraversion (E) or Introversion (I).
  • Information: Do you prefer to focus on the basic information you take in or do you prefer to interpret and add meaning? This is called Sensing (S) or Intuition (N).
  • Decisions: When making decisions, do you prefer to first look at logic and consistency or first look at the people and special circumstances? This is called Thinking (T) or Feeling (F).
  • Structure: In dealing with the outside world, do you prefer to get things decided or do you prefer to stay open to new information and options? This is called Judging (J) or Perceiving (P).

The Decision Maker

  • Who is the decision maker?
    • Your boss?
    • Your boss’s boss?
    • Someone else?
  • Brief your way to the right person—no shortcuts
  • Staff work is critical

The Decision Maker’s Personality Type

  • ISTJ: Serious and quiet, interested in security and peaceful living
  • ESTJ: Quiet and reserved, interested in how and why things work
  • ISFJ: Usually put the needs of others above their own needs
  • ESTP:Doers who are focused on immediate results

The Decision Maker’s Personality Type

  • Risk takers: Early adopters, easy to motivate once convinced
  • Risk adverse: Doing this brings risk, not doing it brings risk… Is the difference worth the resources?
  • Many ways to categorize, and none are perfect; everyone is an individual. However…

The Decision Maker’s Personality Type

  • Temperament gives insight to their decision-making:
  • NT and SJ individuals tend to be more linear and serial, more structured, more rational and analytical, and more goal-oriented in their approach to problem solving
  • NF and SP individuals demonstrate a preference for an approach that is more holistic and parallel, more emotional and intuitive, more creative, more visual, and more tactual/kinesthetic

Temperament Based Techniques

  • NT and SJ
    • Analysis
    • Backwards planning
    • Categorizing/classifying
    • Challenging assumptions
    • Evaluating/judging
    • NF and SP
    • Brainstorming
    • Imaging/visualization
    • Incubation
    • Outcome psychodrama
    • Outrageous provocation
    • Synthesizing

The Problem Solving Process

  • The Input Phase: Gain a clearer understanding of the problem or situation
  • The Processing Phase: Develop, evaluate, and select alternatives and solutions that can solve the problem
  • The Output Phase: Develop plan and implement solution
  • The Review Phase: Evaluate implementation of the solution; this should be an ongoing process

Case Study

  • The Input Phase: Security of Wireless Devices
    • NT and SJ:
      • Analysis: How many?
      • Backwards planning: If we want to implement this solution in January, when must I make the decision?
      • Categorizing: Big risk not a big risk
      • Challenging assumptions: How do we know it is a problem?

Case Study

  • The Input Phase: Security of Wireless Devices
    • NT and SJ:
      • Brainstorming: What do each of you think is the cause?
      • Imaging/visualization: Show me how this happens
      • Incubation: Let me think about this
      • Outrageous provocation: Only stupid people lose devices

What is the Motivation?

  • Achievement of goals
  • Promotion (power, money, title, parking…)
  • Personal Recognition
  • Company/Team/Department Recognition
  • Avoidance of pain

Experience in IT/IT Security

  • Been there, done that or new to field
  • Leader or manager
  • Techie or …
  • Position in organization
  • Authority and budget

Maturity (not Age)

  • Closely linked to previous considerations
  • Confidence in personal decision making
    • Experience
    • Frequency
    • Level of difficulty and responsibility of previous decisions
  • Confidence in recommendation and who is making it

You are the Expert

  • What is of the very most importance to the business?
  • Short-term versus long-term
  • If you were the boss, what would you do?
  • If you had one dollar, what would you do with it?
  • Facts versus assumptions—how do you know?

Solve the Boss’s Problems

  • IF the boss does what you want, then what are the issues for the boss?
    • Money
    • Politics
    • Timing
    • Personalities
    • Program management
    • Legal

Solve the Boss’s Problems

  • Speak my language
  • Know my problems
  • Provide solutions to MY problems

The Boss Cares…

  • If the boss didn’t care, you would be working somewhere else
  • You would not have the boss’s time
  • It’s not personal
  • Don’t become emotional
  • “Don’t become so attached to your position that if it falters your ego goes with it”
  • General Colin Powell, U.S. Army

Summary: The Answer to the Question

  • Work your way to the correct decision maker
  • Learn as much as you can about them, and use that to select the best strategies and tactics
  • Be the expert and be ready to prove it
  • Know the alternatives and why they are not better than your recommendation
  • Work the roadblocks before the briefing
  • Don’t let the decision maker say “No”
  • Use formal change management strategy and tactics


  • Adickes, E. (1907). Character und weltanschauung. Tubingen.
  • Huitt, W. (1992). Problem solving and decision making: Consideration of individual differences using the Myers-Briggs Type Indicator. Journal of Psychological Type, 24, 33-44.
  • Lawrence, G. (1984). A synthesis of learning style research involving the MBTI. Journal of Psychological Type, 8, 2-15.
  • Whimbey, A., & Lochhead, J. (1982). Problem solving and comprehension (3rd ed.). Philadelphia: Franklin Institute Press.
  • Wonder, J., & Donovan, P. (1984). Whole-brain thinking: Working from both sides of the brain to achieve peak job performance. New York: Ballantine Books.
  • Woods, D. (1987). How might I teach problem solving. In J. Stice (Ed.), Developing critical thinking and problem-solving abilities (pp. 55-72). San Francisco: Jossey-Bass.
Thank You.

Leo Thrush

Seccuris Inc.

704-10 Kingsbridge Garden Circle

Mississauga, ON

L5R 3K6

(905) 361-3273