Negotiation is a core skill that can make or break your success as a CISO.
While technical expertise is important, it’s equally critical to recognise the value of negotiation skills in cyber security leadership. By developing and applying strong negotiation skills, you’ll be better equipped to lead your organisation in an increasingly complex and challenging cyber security landscape.
I recently completed a negotiations workshop by Filip Hron and highly recommend him as a facilitator and his book ‘Negotiations Evolved’. I particularly appreciate his focus on ethics and value creation.
In this blog, I outline how some of the skills can be applied to the cybersecurity context.
Every time you attempt to influence how a person thinks, feels, perceives or acts, you’re negotiating. It’s not something just lawyers or law enforcement officers do. If you think about it, 100% of our interactions are a negotiation. There’s no start or stop to this process, it’s happening continuously. So it makes sense to get better at it.
Negotiations are not about ‘winning’, they are about getting results. Our unconscious biases often get in the way of achieving results, so one of the most important skills you can develop as a negotiator is the ability to let go of previously held beliefs. Instead, try working with a set of multiple hypotheses – don’t draw conclusion too quickly and hold on to them for too long.
Below are a few example cybersecurity leadership scenarios where effective negotiation skills can be particularly useful.
Funding and budget: As a CISO, you must negotiate with senior management and Board members to secure the resources needed to maintain robust security. Effective negotiation can mean the difference between a well-funded security program and one that struggles to stay afloat.
Vendor management: Whether you’re negotiating contracts with security suppliers or discussing service-level agreements, your ability to negotiate terms can impact both your budget and the effectiveness of your security program. Strong negotiation skills allow you to get the best value while ensuring that your security needs are met.
Interdepartmental collaboration: Cyber security spans the entire organisation. To implement effective security processes, you need buy-in from various stakeholders. Negotiating with other teams to ensure compliance and cooperation is a critical skill for any security leader.
Incident response: When a security event occurs, the ability to negotiate quickly and effectively can determine how smoothly the response unfolds. Whether you’re coordinating with external partners, law enforcement, or internal teams, negotiation skills can facilitate swift and effective incident management.
At the end of the day, to be an effective negotiator requires critical thinking, intelligence analysis and ability to recognise value creation opportunities.
Cyber Security Leadership 