Start preparing in advance to make sure that your audit is passed first time every time with flying colours. Meanwhile publish internally the details of all data breaches and gaffes you find by those in your industry. Never gloat about competitors' missteps, but rather make sure that the staff follow your simple rules and that management knows you're establishing the right processes for the benefit of the organisation. Your validation of continuous compliance can be the IT audit – organised by you!

Make sure the organisation is compliant with all relevant and updated government, federal and international laws

This is becoming more and more important, particularly as organisations such as the European Union Commission plan to hit enterprises that suffer data losses with huge fines. The IT security landscape will soon be one where breaches are not purely just a PR disaster, but a financial disaster as well. Your job, as well as your promotion, depends upon steering clear of this elephant trap.

Be aware of your internal PR

Run your own internal PR campaign . This is not as bizarre as it sounds. If organisations have to run PR campaigns to get themselves known in the big wide world then you should do the same to get noticed within your own organisation. This means capitalising on every time you speak at a seminar, an internal event, a sales conference or a presentation in front of the company.

Also, keep your boss up-to-date about IT security trends with clippings and snippets from recognised news outlets — make sure you do this as they happen.


Talk to the marketing and public relations people in your organisation, learn from them and make sure they are aware of you and what you are doing. They may ask to use you as a spokesperson, but tactically you may want to put forward your boss as a spokesperson. It is important to build your profile outside of the organisation so make sure that you use LinkedIn and other business networking sites.

2. Make your boss look great

Keep to your budget

Budgets used to be more flexible. Today, in this era of extreme bean counting when accountants rule the world, budgets are absolutes. Quantify what you are delivering – how is IT security making a difference to the bottom line of the company. If IT security isn't seen as a strategic asset then you could face a battle for resources. More importantly, you will not be seen as a leader who has taken these questions into account.

If you can communicate how the IT security staff is delivering hard value your boss will look good to the bean counters and shareholders. There are no exceptions to this rule.