How do you get folks in the business to care about IT and security?

2.3k views4 Upvotes4 Comments

Senior Director, Defense Programs in Software, 5,001 - 10,000 employees
You have to show that you care about their function first.  One way people have to do that is literally being in their shop. For salespeople, go on those sales calls with them, engage with your C-level partners and say, "I want to spend some time in marketing." Most people I know at the C-suite or near the C-suite hate spending time in other people's shops, because it's not their comfort zone, but I find that's exactly what you need to do. You need to be in that discomfort to grow as a person and to grow in what you know you can deliver. A lot of community inside companies is built on what people hate. So, we all hate our timekeeping system, or we all hate whatever collaborative platform you've chosen. There's always a situation where people get off the call and say, "Oh wow, I can't stand WebEx." Or whatever it is.  But you don't know that until you go into these other places and figure out what’s bugging them, what’s driving them crazy. I've had conversations with people who say the worst part of their day is inputting expenses. Management might have staff to put their expenses in, so they don't see it as a problem, but for the people that drive the company, that was a huge pain for them. And the only reason I know is because I helped close some deals. This is all to say that when you care about what folks do, you are delivering IT and security experiences with value to them, they will care about IT and security.
Senior Information Security Manager in Software, 501 - 1,000 employees
It’s 2020 and if they don’t care about security now, that is a big problem in and of itself.

That said, everyone in business trusts the WSJ. Refer them to a new WSJ Cybersecurity site =  

The stories there make it eminently clear why security needs to be taken very seriously.

Also, get legal counsel involved. In 2020, if the board does not take security seriously, there are very serious liability issues.
Assistant Director IT Auditor in Education, 10,001+ employees
This is something that should be embraced from the top (CEO and Board levels) of the organization. A strong internal audit department (must be supported from the top) and audit every aspects of IT security. The results normally force folks to take security serious.
Deputy Chief Engineer(Information Technology) in Energy and Utilities, 5,001 - 10,000 employees
In my experience, it has been really difficult to make them care for both and more so for Security. 
It is very important to quantify the contributions that IT can provide and back them up with figures and stats showing comparisons, be it in efficiency, reduced cost, better operations etc. 
For security point of view, it is really important to strike a balance between restriction and user experience.

Content you might like


Greater than 50%54%


Less than 50%14%




Every year4%

Every 1-2 years26%

Every 2-3 years31%

Every 3-4 years20%

Every 4-5 years10%

No more frequently than every 5 years8%



Director of Systems Operations in Healthcare and Biotech, 10,001+ employees
By far the best place for me to travel was Shanghai. Loved the city and the vibe. Singapore is also an amazing place to have to be stationed for work.
Read More Comments
2.3k views2 Upvotes2 Comments