I was recently chatting with some other members of the security catalysts forums (www.securitycatalyst.org/forums) and someone asked: “How do I convince management that Security needs to be involved in e-discovery?”. This is a great question and the answer to it highlights a skill that security managers need to learn. The successful security executive is good at sales and one of the first rules of sales is to make sure that you are selling to the right people. In this case, what my friend needs to be doing is convincing legal that he’s there to help them. In general, when it comes to issues like compliance and e-discovery, legal departments love it when someone who is technically competent is there and willing to help. This way it’s Legal going to the C-suite and requesting his help rather than Security looking like it’s trying to invade someone else’s turf. The general idea is that when trying to get Security involved in projects, you need to identify the key stakeholders and engage them directly and then the upper management issues will be much easier to solve when you have have a united front of engaged users.

David Mortman is the CSO-in-Residence for Echelon One, LLC, where he is responsible for managing their research and analysis program. Previously, he was the CISO for Siebel Systems. David speaks regularly at RSA, Blackhat and Defcon amongst others and publishes the occasional op-ed in Information Security magazine.