You might have noticed that nobody shouts “Group Hug!” when a security person enters a meeting. I have my theories why. One of them involves credibility — the kind that comes stingy in the workplace and must be earned.

Not all security pros earn enough credibility to truly affect the business. If you feel like you could use more than you’ve got, here are a few tips on how to accrue in ways that align with the business grain.

• Think “selling” not “getting.” You don’t want to get security mind share from people; you want them to buy yours. You’re there to help them meet rising customer expectations, or whatever.

• Say “no” by saying “yes.” Somebody wants to uncork that remote access bottle, and let a thousand new contractors VPN into the corporate net from anywhere in the world with their own laptops? Of course you’d like to help them explore how they can meet their objectives in a way that’s neutral to the business’ security posture.

• Next time the budget fairy leaves unexpected cash under your pillow, decline it. There are lots of under-capitalized units in every business. Find one with a really worthy shelved project and suggest they revive it instead.

• Learn when to say “That’s good enough for now.” Scratching and clawing for every inch of ground this time, because you know how hard it’ll be next time, only leaves you with bloody fingernails. Nobody wants to buy things from people with bloody fingernails.

• Ask questions rather than making absolute statements. “When you say we don’t need a firewall, what assumptions might you be making?” is a lot more effective than “Of course we need a firewall.” It politely keeps the burden of justification where it belongs.

• Don’t pick fights you can’t win. You’ll only end up a sore loser.

This isn’t about playing games to win political favor. It’s about demonstrating big picture perspective in a way that reeks of sensibility. And who doesn’t want to cooperate with sensible.