We will share some of them at the online meeting. For all IS function managers who need to approve a budget, protect a project or raise the importance of IS in the company and beyond, the InfoWatch Academy is launching the organizational and management training "Battle for the Budget".
Today at the online meeting, you can get some practical tools ready for use from the authors of the training. Participants of the online meeting will have access to a structural diagram "Main types of resistance to the implementation of IS", an algorithm for negotiating with a "dilettante in IS" for budgeting, as well as the possibility to register for the nearest event. What questions arise in IS budgeting tasks and how they are worked out on the simulator Overview of budget justification techniques: from analytics to the conclusion of a "budgetary alliance" Detailed description of one of the negotiation algorithms studied on the simulator for a successful battle for the budget
Alexey Petukhov, Head of Business Development at InfoWatch ARMA, started today's event. Today we will discuss an interesting topic – the battle for the IS budget. It sounds fascinating, especially in anticipation of the fact that the year is now ending and the budget for the next year is being laid down. And now we are talking about managerial competencies, not technical and product ones, as one might expect, or methodological ones. And the second speaker today is Alexey Shirokopoyas, an expert in the field of company system development management, a practicing coach and trainer. Today we have a difficult meeting. This is a meeting of invitation to a business game, which will be held by Alexey Petukhov and Alexey Shirokopoyas. And now I suggest you plunge into the world of managerial competencies, organizational competencies, and highlight some life hacks for yourself.
We are used to the fact that we need to train what we do. That is, everyone already knows about cyber exercises, all sorts of simulator exercises, which should be both in the regulatory part and for actual skills in the field of information security. But Alexey and I, within the framework of the Infowatch Academy, are now doing a lot of work on the fact that in order for IS to work, and IS is largely about organizational measures, it is quite difficult to negotiate within the company, with other functions, with your manager, with the head of the entire organization. it is also necessary to conduct a simulator, because just as everyone understands how a machine gun shoots, that in principle, in order to shoot from it, you just need to pull the trigger, but in fact it does not always turn out to be so simple. The same is true with organizational processes, with their construction, with negotiations, it always seems clear what to do, but it does not always turn out to be so simple and you have to train for this as well. Today we want to talk about how to implement these approaches, how to make sure that everyone can find something new for themselves, either through training or through training, in order to check, highlight something new for themselves, just in matters of organizational management. Within the framework of the InfoWatch Academy, we have created a simulator that allows people to go through this path from the idea that a number of projects need to be implemented, a strategy needs to be implemented, Federal Laws 187, 182, and other tasks need to be implemented. And for this, of course, money is needed.
Accordingly, how do we see the questions that may arise for people who are responsible for attracting resources, for finding a budget? How to overcome the resistance of top managers? That is, how to agree that money should be spent on IS? And we are talking about everything, both about the purchase of technical equipment and the hiring of people, because the most, it seems to me, painful question is who will operate everything, where to look for people, specialists are now expensive, and this requires attention, we also take this into account. The same tasks include how to solve personnel issues, how to redistribute tasks so that some issues that stifle the IS service in terms of lack of human resources can often also be tried to be solved through the general association of companies to perform IS.
We all understand that information security is to a large extent part of the corporate culture and the distribution of a number of jobs, when the company is properly configured to work, this can be done. We will talk about how to do this today and tell you what we offer as part of the simulator in order to help systematize this work and get, perhaps, some new algorithms for systemic knowledge to solve these problems.
What is the simulator itself? We call it the organizational and management simulator "Battle for the Budget", which allows you to practically go through the path of budget formation in a simplified form, draw up plans and algorithms of action on how to reach the goal, and, accordingly, go through this path with practical development of the topic, working with other participants, working out algorithms. Each training is most effective when there are people who are able not only to perceive information and learn, but also to share experiences. Part of the practices, exchange of experiences and communication between people performing the same functions is also an important part of the simulator. Therefore, we conduct it for people related to the field of information security management, who are in the positions of top managers, middle managers, who are constantly solving the problem of obtaining resources to ensure information security.
This is very important, because we have a lot of applied things related to the fact that we have requirements that we can use as tools, but which are also some display for our clients and other specifics that relate to the field of information security. And also for people who are going to become leaders. In fact, it will even be useful for those who, within the framework of integrators, vendors, develop or help to form solutions, also in order to more systematically solve the needs of clients.
Then Alexey Shirokopoyas took the floor, who began to talk in more detail about what this simulator will be, how it works and what algorithms are inside it.
What will happen? The following metaphor awaits us during our management training. Your small team will play as one of the characters in our simulator. This is the IS director of some company. In our game, all the characters are written realistically enough.
Do you know how simulators are made, for example, for training pilots? They just cut off half of the cockpit of the plane and put the pilots there, and they simulate their activities there. Maximum realism must be ensured in order to be truly effective training. Actually, we do exactly the same. Why do we call the game a simulator, because the degree of realism is very high. We have prescribed specific roles there, what happens, all this is taken from real life, what you encounter every day, you will very quickly recognize your real situation in our simulator, and the more effective your training will be at our event of your own character, the head of the IS company. Naturally, the head of the IS company is trying to fulfill the requirements of the IPSB stack. A completely natural process, and each of you knows that this is the main thing to do. Naturally, the CEO, some of you are lucky, easily signs the budget, but most probably find themselves in a situation where the CEO is not very eager to do this. This is normal.
We have studied this topic in depth and we know that such a primary reaction is normal. The only problem is that no persuasion and intimidation with consequences, no matter how terrible they may be, usually do not work on CEOs. You are simply not heard, not understood, and sometimes they think that you are exaggerating too much. And you sincerely stumble upon a wall of misunderstanding. But our character in our simulator has undergone special training at the InfoWatch Academy, where he was taught how to overcome such walls. If not to jump over and not break through, then to go around.
So, he begins, as he was taught, to act in the organization according to our methodology. He conducts analytical work, and then begins to look for allies within the company. In the end, according to our methodology, he finds allies. In the process of very complex multi-stage negotiations, which he wins one by one and achieves the conclusion of the Budgetary Union.
And with joint efforts, he manages, let's be honest, to push through the CEO. The budget is signed as a result at the end of our game, in the final of our training interaction. This is a very realistic situation. That is, in fact, we simulate the same situation when a pilot is placed in the cockpit of an aviation simulator, a real one. We place you in a completely realistic game world where you train "about" other participants, this is a very important point.
The online format is good for teaching engineering, technical skills, it pays off, it is quite effective. When we talk about teaching such higher communicative and organizational skills, interaction with living people is necessary. To be physically in the same room, physically, a meter away from your comrades with whom you are training. This is a fundamentally important thing, and this ensures efficiency.
The second aspect is learning in activity. That is, you solve real problems, get bumps, trainers who are next to you help you overcome these difficulties, you successfully do it, thus getting your hand in. We are absolutely confident in the educational effect of our event.
We have a large baggage of feedback questionnaires, very positive, and letters of recommendation, where participants thank us for the fact that they really learned at our events.
Here are photos from our events. Now I would like to tell you about the depth of immersion in the difficulties that await you on our simulator. You will find very interesting knowledge and the depth of study we will now demonstrate on one of the modules. Our simulator consists of 7-8 rounds, 3-4 of them are analytical. Why do I say 3-4 and 7-8? It depends on the duration and what complexity we put there. So, one of the topics, in one of the rounds, is called the main types of resistance.
When you come to the CEO to sign the budget, he does not sign it, not because he does not like it. There are other reasons, they are much deeper. Moreover, not only the CEO resists signing this budget. The whole company, the entire staff of the company has some prejudice.
And I want to show you the content of one of the blocks that will be in our simulator, which we will very deeply master with the participants. So, we found out that not signing the budget by the CEO and poor interaction with the TOC is resistance. Resistance is different. At the level of people, at the level of personality, at the level of roles, at the level of functions, at the level of organization, at the level of the system. There are a lot of them. Let's consider one of the primary schemes. This scheme is not final for us, it is more detailed, it exists inside the simulator, this is a demo version.
So, the main types of resistance are divided into two large groups. This is conscious resistance and unconscious resistance. Conscious resistance is when a person, if he is brought to some conversation in special conditions, he will honestly tell you what is happening, why he resists. He is aware of this, he can work with it, he can reason about it. It is clear that he will not tell every passer-by why he behaves this way, but if you work with him correctly and conduct an in-depth interview, you will see it. So, conscious resistance, as a rule, is from a large leader. As a rule, there are two reasons here. This is competition for resources. And we have it presented here in the form of competitive resources. And the struggle for power. Leaders can discuss these things, they can explain it. At a certain level of relationship, this happens. So, conscious resistance is resistance that a person can explain in words. He thinks about it.
But there is another rather large and very complex section of resistance. This is unconscious resistance. And unconscious resistance has several floors and, in fact, several root causes. There are four here. In fact, there may be more. And in our large version you can see more of them. First of all, unconscious resistance may be associated with a cross-functional conflict. That is, a person constantly performing his function, so he automatically gets stuck on it. He is not aware of this. He doesn't know that this is happening to him. But it is happening to him. If you pay attention, you can see that people treat different professions with different degrees of sympathy. Still, professionals in the same field favor each other more. This is the simplest manifestation. The worst thing is when unconscious resistance to organizational measures arises. What we have presented here as a system of resistance organs. We are talking about systemic organizational resistance. What's happening? Every organization of this system is designed to protect itself from any changes. Because changes can lead to the collapse of the system, so any long-lived system, no matter what it is, any organizational structure, company, state, society will protect itself primarily from any changes and therefore any interference will be rejected.
There is also a third part of the resistance. This is when there is a certain attitude to IS, they say, there is little sense from you, but you are constantly interfering. Surely you have encountered this, when company employees do not really like IS events, in general, actions in terms of information security, but precisely because nothing depends on you, as they say, why should we complicate things like this. And the dilettante effect, and this is a very interesting effect, this is a very interesting part of unconscious resistance.
I want to talk about this "deeper" and show you how deeply we will dig up the features from the bricks that are presented here at our simulator. So, the dilettante effect. This is a cognitive distortion in which a person with a low level of competence begins to realize himself as a great professional in this field. Although he only heard about this term yesterday. This is a very interesting phenomenon. It has been studied for about 30 years. And it is now presented in the form of a graph that you see on the left.
On the vertical axis, the quantitative characteristic of a person's self-awareness as an expert in any field is plotted. The higher we go up the vertical axis, the more a particular person we are studying has the feeling that he is a very cool expert in a particular theory. And on the horizontal axis is the time he spent in the named topic.
As a rule, any person who, if he had never crossed paths with a certain topic, as soon as he crosses paths with it, he has a complete feeling that he understands it well. And you see on the curve this red peak. A complete sense of understanding of what is happening. The more a person is in this topic, inside, the more his self-feeling of his own expertise falls. And somewhere in the middle of his career, he realizes about himself that he no longer understands anything in this. The outlined circle of knowledge in this area, it increases, and the boundary of intersection with the unknown is constantly increasing. The more a person knows, the more he realizes that he does not know some part of the world. And there is the same story exactly happening. By the middle, this uncertainty arises. A normal state for professionals, surely many of you have experienced it. And this shows that you are actually a professional. This is one of the signs of a professional. And then we start moving to the right already to mastery. And pay attention that the upper point of the arc will never rise as high as the peak in which the dilettante was, who has just met the topic. Never will the master declare with the same confidence as the dilettante. Therefore, dilettantes very often look victorious, and masters are somewhat modest. And this dilettante effect gives a rather serious resistance during various kinds of organizational actions of the company. Including and primarily in the field of organizational measures in the field of IS. Such dilettantes have high resistance. And they very often interfere. And during negotiations with them, they selflessly, in general, confidently refuse any proposals, insisting on their own expertise. What to do in practice during negotiations? We have focused on four approaches that allow you to overcome the dilettante effect.
Well, first, you need to ask for expert advice from the interlocutor. A rather strong technique that helps you do the following. If a person really gives you expert advice, then by the level of this expert advice you will be able to determine how much he is really in the topic. If you see that his answer will give you, as an expert, the opportunity to evaluate the high quality of your proposals, you can find an ally. This is the first outcome of this kind of technique.
The second outcome of this technique. A person will not tell you anything, but his ardor will definitely subside, because then you can simply repeat this technique over and over again. And it makes sense to repeat it. As soon as you make some proposal, a person begins to resist, you ask again, and how would you act, I see that you understand this, and what would you advise in this particular case? This is a well-working and quite constructive technique.
Next. This is to ask to express your point of view on possible solutions to the problems being discussed. Very close in meaning to what we have already considered. I will not go into it. It works in much the same way as the previous one. Just in one case we ask for advice, we directly say, advise me what to do. Right? This is one negotiating strategy. And another story, when you say, and what do you think, what ways do you see? That is, you immediately offer the interlocutor to state in the broadest possible way all possible options.
Another thing, this is another technique quite strong, this is reliance on facts. That is, literally ask, and what facts confirm your point of view? He says, this is wrong, wrong, wrong. You say, and what facts confirm that this is wrong. If facts are given, then, probably, it will be useful for you, as a professional, to take them into account and refine your proposal. If not, then, probably, then you will already understand for yourself that this person has a dilettante resistance. And most importantly, he himself will understand that he cannot defend this point of view. And it is important to press on these very facts.
And the fourth, in this particular case, the last technique, it is status. It is sharp, it works very strongly when we are dealing in society, at some meeting or somewhere else. If you suddenly run into a very serious resistance from some colleague, especially if he does it very charismatically, energetically and does it publicly, it makes sense to ask how long he has been dealing with this problem, how many years he has been dealing with this problem and when he defended his diploma on this topic. If this is done publicly, it is quite sharp, so it makes sense to be careful with this technique. But on the other hand, sometimes this is required. Here, in fact, are specific techniques that allow us to work with the dilettante effect.
I remind you, colleagues, that we started with the fact that our simulator considers several topics in sufficient depth. For example, we considered the topic "Main types of resistance", where 6 types of resistance were presented. And then we went deep under one of the types of resistance called "The Dilettante Effect". We looked at how it works, on the graph. And most importantly, we came to practical techniques for overcoming this resistance. This is the depth of work of our topics.
Well, and, in fact, further as a result of passing our simulator, what you will learn to do. So, you will definitely learn to overcome the resistance of top managers to the development of IS. On the example of the dilettante effect, we showed where we bring you, what techniques we will give. There will be a large number of such techniques, and you will all work them out. Second, you will learn to strengthen them with your proposals. And this will allow you to establish very good, reliable relationships among leaders. Next. Conduct successful negotiations with top managers in the interests of IS. Yes, we will have this practice, as we have already shown, there are practical techniques that you will master. You will learn to convincingly present the requirements of the legislation. This is the story that is very often and very difficult to convey to people who do not understand anything in the "regulatory framework" about what is stated in the laws. They do not hear, do not understand, and it makes sense to do it in the language of business. Further. You will learn to raise the priority of IS spending, that is, specific organizational actions, specific negotiations conducted with systematicity, with some persons who influence the priority of spending in the company. This is such an interesting intra-corporate struggle. And you will learn to find a common language, namely, to make the company's divisions more compliant.
These organizational measures will require managerial will and money. This is what is called signing the budget. But, in fact, how to overcome resistance to signing the budget, this is what we teach in this simulator. Then draw your own conclusions. We will teach you techniques that will greatly facilitate the signing of the budget, which implies managerial will or money for organizational measures in the field of IS, if everything is properly designed in the field of IS, the company's security will increase.
Illustrations provided by the press service of InfoWatch