How CISOs can have better budget conversations

Strategy
Written By Andrew Alaniz

In today’s environment, many security leaders are being asked to do more with less—or at best, the same. Zero-percent budget increases, rising expectations, and growing threat landscapes mean the traditional “defend your budget” posture just doesn’t work anymore.

Instead, the most effective security leaders are aligning early and often with their CFOs and finance partners—not just to justify spend, but to become more strategic contributors to the business.

Here are three questions you should be asking in your next finance conversation to shift the dialogue and position your team for success:

1. Where does the business see the greatest pressure on profitability?

Understanding where your company is struggling with profitability gives security a seat at the table beyond technology risk. It’s an opportunity to reduce friction and create value, and show that you deserve a seat at the table.

For example, if deposit account acquisition is both a strategic priority and onboarding is getting longer or support costs are increasing, security can look at ways to streamline customer onboarding, reduce authentication-related support requests, or preemptively address partner compliance burdens.

The goal here isn’t just to “spend less”—it’s to operate smarter in ways that support margin improvement without compromising protection. The business often doesn’t feel comfortable challenging security or even worse feel they can’t because the way it’s always been done is the only way it can be done. This is an opportunity to approach them and speak their language in order to directly impact the bottom line in a way other than cost.

2. Which products or services drive the most revenue or strategic growth?

Not all business units are created equal—some carry more financial weight or long-term strategic importance. Knowing where the company places its bets helps security prioritize and tailor protections accordingly.

Focus your team’s efforts on these areas:

  • Ensuring security and privacy controls scale with usage and demand

  • Partnering with product and engineering to avoid friction that could impact adoption or delivery

  • Anticipating risks that could slow growth or trigger customer churn

This mindset enables security to become an enabler of scale, rather than a bottleneck.

3. What board-level commitments have been made around your people budgets or operational efficiency? And how many of them included something around AI this year?

These commitments often have significant downstream impacts on resource planning and prioritization—especially for shared services like security. When headcount freezes or cuts are coming, security leaders need to:

  • Understand the likely scenarios early

  • Model the impact on operational coverage and SLAs

  • Identify areas where automation, consolidation, or outsourcing could fill the gap

This allows you to get ahead of hard conversations, advocate for the right investments, and show how security is contributing to broader efficiency goals—even if your budget stays flat.

The Bottom Line

You don’t need a bigger budget to be more strategic—you need better questions. These three aren’t just useful for planning; they open the door to stronger alignment, better timing, and real business impact.

And when the CFO sees your team not just as a cost center but a partner in margin, growth, and efficiency—that’s when you’ve truly leveled up.

Andrew Alaniz
Previous

Why Small and Medium Businesses Need a Security Program — and What the “Bare Minimum” Looks Like
Next

How to Build a Security Program When You Have No Team