Running the Business of Information Security
Security teams that can’t articulate ROI get defunded—fast. This course teaches you how to position information security as a business enabler, not just a cost centre, covering budgeting, stakeholder communication, and strategic decision-making that actually moves the needle.
AIU.ac Verdict: Essential for security leaders, managers, and ambitious practitioners stepping into business-facing roles. You’ll gain frameworks for justifying spend and aligning security with corporate goals. Note: this is strategy and leadership-focused, not hands-on technical security implementation.
What This Course Covers
The course unpacks the commercial side of running a security function: building business cases, securing budget approval, communicating risk to non-technical stakeholders, and measuring security’s impact on organisational objectives. You’ll explore how to translate technical requirements into business language and make data-driven arguments for security investments.
Practical modules cover vendor management, cost-benefit analysis, team structure and hiring, and aligning security roadmaps with company strategy. Bobby Rogers walks through real scenarios where security leaders must balance risk, compliance, and operational efficiency—the exact conversations you’ll have in boardrooms and budget reviews.
Who Is This Course For?
Ideal for:
- Security managers and team leads: Stepping up into business accountability and needing frameworks for budgeting, headcount justification, and stakeholder reporting.
- CISO and security director candidates: Building the strategic and commercial skills required to lead security at executive level and influence board-level decisions.
- Technical security professionals in transition: Moving from hands-on roles into management or business-aligned positions and needing to understand the commercial context of security.
May not suit:
- Entry-level security analysts: This course assumes management responsibility; junior practitioners should focus on technical fundamentals first.
- Those seeking technical security skills: No penetration testing, threat analysis, or hands-on lab work—this is purely business and leadership strategy.
Frequently Asked Questions
How long does Running the Business of Information Security take?
1 hour 58 minutes. Designed for busy professionals—you can complete it in one focused session or break it into shorter modules.
Do I need technical security experience to take this course?
Not necessarily. The course assumes you understand security concepts but focuses on business management, not technical depth. Security managers transitioning from other fields will find it accessible.
Will this help me justify security budgets to executives?
Yes. A core focus is building business cases, communicating risk in financial terms, and presenting security investments as strategic enablers rather than costs.
Is this course vendor-neutral?
Yes. Bobby Rogers covers universal principles of security business management—frameworks and approaches applicable across any organisation or security platform.
Course by Bobby Rogers on Pluralsight. Duration: 1h 58m. Last verified by AIU.ac: March 2026.
