budget to run his team, hire additional personnel, and buy more security products. Upon
hearing this, Cronin offered free consulting advice to help Smith prepare for the board meet-
ing. Smith, in return, remarked that he would buy licenses for the Plunk security tool if the
board ended up accepting his proposal. They shook hands and decided to catch up in a few
days to further the discussion.
Leveraging the BuzzWord
A week after the RSA conference, Smith and Cronin connected by phone. Smith’s intention
was to wow the board at Acme Inc. and have them approve his plan to hire 55 additional full-
time employees and agree to fund an operating budget of $100 million in capital and operat-
ing expenses for the next three years.
Cronin had recently been tasked with selling the Plunk tool with an additional feature
that collects log data from IoT products in the enterprise so companies can track their inven-
tory of devices that have been deployed. This is useful for security since devices such as lap-
tops, mobile phones, and IoT products present a huge security risk if they are unaccounted for
(it is impossible to measure or reduce the security risk posed by such devices if the organiza-
tion has no control over them).
Smith inquired if Cronin had any particular ideas about what topics the board might be
interested in. Cronin suggested that the board presentation be focused on the latest buzz in
the industry about the upcoming age of IoT devices and the security risks they are bound to
introduce. The previous year, the hot topics at the RSA conference had included the use of
machine learning and big data to correlate security log data to detect attacks. This year, the
main topic of discussion was the security implications of IoT products. Smith agreed to focus
on the topic of IoT security. He felt that the board members would find the topic interesting
and that it would make his knowledge appear cutting-edge and impress the executives.
The Board Meeting
Smith’s presentation was at 10:40 a.m., and he had exactly 10 minutes to present his case. He
had prepared a slide deck for the meeting, but he was told that the board of directors at Acme
Inc. did not have time for a PowerPoint presentation. He had to make his case quickly and
crisply. His presentation went like this:
Smith: Thank you for taking the time to have me present to you on the topic of security. As a newly
appointed chief information security officer, I am committed to...
Board Director #1: I have to interrupt. What exactly is the agenda of the discussion you are
proposing?
Smith: I’m here to talk about the most important security risks that we need to be prepared to
combat.THE COST OF A FREE BEVERAGE 253