Three Ways to Improve Buy-In from Your Internal Customers

Return to Security Leadership
By the Security Executive Council

A common reason security functions struggle to engage their internal users and upper management is that security does not clearly understand how those internal customers think or what they value.

Without this knowledge, how can security effectively sell its services to its customers? That’s what internal customer engagement is, in a nutshell: an ability to sell the rest of the business – employees, management, other business units – on security’s value.

It makes sense, then, for security to borrow a few pages from the Marketing and Sales playbook to improve engagement by better understanding its constituents inside the organization.

These three methods are frequently used by marketing and sales to understand their customers and potential customers:

  • Personas development
  • Customer satisfaction surveys
  • Internal stakeholder interviews

What are they?

  • Often used in marketing to consumers, personas are research-based prototypes that represent the different types of people within a demographic, including their needs and motivators. Marketing uses these fictional characters to flesh out how a certain type of person might feel about or respond to a particular product or service offering.
  • Customer personas for security might include:
    • Business unit director who is responsible for improving production.
    • HR employee who puts people first.
    • A CFO looking to add to bottom line.

How can you use them?

  • To identify likely reactions - attitudes or behaviors – to security-related plans or strategies and adjust your communication or your offerings accordingly.
  • To determine what kind of security assistance or resources are needed for an individual employee or manager type.
  • To better understand your internal customers’ goals, so you can develop security solutions that dovetail with those goals.

image showing four primary personas
Figure 1 Source:

How do you create them?

  • From informal research, like day-to-day interactions or meetings. Your team could probably sit down right now and come up with a handful of “types” of internal consumers of your programs and services.
  • From surveys or interviews.
  • More details on persona creation:

Customer Satisfaction Surveys
What are they?

  • Simple questionnaires about the effectiveness or value of your services.

How can you use them?

  • To gain insight into how internal customers perceive security.
  • To understand what is working and what is not.
  • To engage end-users to be a part of the solution.
  • As data for presentations or charts on security’s perceived value throughout the organization.
  • To show satisfaction over time to senior management.

chart showing example satisfaction survey results
Figure 2- Example satisfaction survey results

How do you create them?

  • Choose questions that are simple but specific.
  • Make questions relevant to their world.
  • Don’t offer too many answer options.
  • Include open-ended questions for comments.
  • If there is a group in your organization that surveys employees, work with them to roll it out, or engage a high-level champion within the company to help with messaging and encourage participation.

Internal Stakeholder Interviews
What are they?

  • Formal (with scripted questions) conversations used to gain insight about stakeholder perceptions of security.

How can you use them?

  • To explore “buy-in” or understanding of new security plans.
  • To determine stakeholders’ security-related concerns.
  • To encourage stakeholder ownership of security success.
  • Roll-up results for senior management briefings.
  • Adjust security decisions or plans.

How do you create them?

  • Have a base set of questions you want to ask, but tailor questions to each audience.
  • Follow your script but allow for topics and comments that are outside of the formal questions.
  • You may find stakeholders are more forthcoming if someone outside of security conducts them.

By using techniques like these that have proven successful in other business functions, security can understand internal customers better, which can in turn increase engagement and help you build alignment with other functions throughout the organization.

Next Steps
Borrowing techniques from others, such as business functions, mentors and peers, is a time tested way to improve your performance and that of your teams. The Security Executive Council consists of people that have proven themselves leading successful security programs and they are available to help you succeed. Contact us to discuss your issues with internal customers.

Return to Security Leadership