Enterprise Security Trends Blog | HP Blogs
Keep up with the latest cyber, consumerisation, collaboration and cloud enterprise security trends from the team of HP information security professionals.

If neon swans are different from black swans—how so? [Video]

By Andrzej Kawalec, Chief Technology Officer, Enterprise Security Services, Hewlett-Packard


Traveling back to the secret HP technology headquarters the other day, I got
stuck in airport security, so began toNeon Swan no text.png muse on the statistical modeling that our friends in the financial world use, and their occasional (ahem) ability to get it wrong. When they do, risk managers often talk about
black swans. They’re rare events of large magnitude that are virtually impossible to predict and very hard to respond to. A neon swan is different.

How to justify a bigger security budget, Part 3: Demonstrating clear benefits and business impact

Mary Ann Mezzapelle, Chief Technology Officer, Americas region, Enterprise Security Services, Hewlett-Packard


In my previous posts, “How to justify a bigger security budget, Part 1 and Part 2,” I talked about getting a single view of your security program, and understanding the challenges, inside and out. In this final posting, I talk about employees in meeting.jpghow to justify a bigger security budget.


IT Security has often been labeled the black hole of investments. Data is the only way to demonstrate clear benefits and show the connection to the business. A security metrics capability helps you quantify the security impact on business objectives and evaluates risk for new business. A mature security metrics program provides accountability and better stewardship, supporting your enterprise’s evolving business needs.

How to justify a bigger security budget, Part 2: Understanding why organizations can't keep up

Mary Ann Mezzapelle, Chief Technology Officer, Americas region, Enterprise Security Services, Hewlett-Packard


In the first installment the series, “How to justify a bigger security budget,” I recommended getting a singlesecurity_metrics-compressed.jpg view of your security program and relating it to peers in your industry. As a follow-on, I’ll explain the root causes of why organizations aren’t keeping up.


We see security challenges falling into three major areas:

  • Complex nature and motivation of threats
  • Increased regulatory pressures
  • Protection for the New Style of IT (mobile, social, data analytics, and cloud)



Ssshhh! Don’t tell a soul, sign up for a Security Workshop and join the security club!

The first rule of the security club is, we don’t talk about the security club! Here’s an excellent opportunity to attend a workshop focusing on security. Sign up today to attend one of our Security Workshops to learn the rest of the security club rules – be ready to beat the hackers before they even know you can fight!


HP Discover in Barcelona - Sign up today to attend one of our Transformation Workshops - Security workshops and learn the latest on security trends and solutions.

How to justify a bigger security budget: Part 1


By Mary Ann Mezzapelle, Chief Technology Officer, Americas Region, Enterprise Security Services, Hewlett-Packard


Best-run security organizations are moving away from their “no” and “slow” reputations by transforming how security is managed—informing business decisions and supporting growth. You need to drop the endowment- and entitlement-type attitudes and learn how to run security like a business. This post introduces a three-part series on how to justify a bigger security budget with that data-driven mindset...



  1. Single view of the IT Security capability and cost
  2. Understanding why organizations can’t keep up
  3. Demonstrating clear benefits and business impact


...so that you can help your organization understand the cost of protection, communicate in business terms and improve decision-making.

Showing results for 
Search instead for 
Do you mean 
Follow Us

About the Author(s)
  • Manage cyber engineering & architecture team developing security services, security reference architectures, big data security, mobility, cloud, cyber situational awareness and security operation center solutions. Responsible for developing innovative cyber solutions across public sector accounts. Collaborates with HP Labs, HP CTO Organization, product groups and third-party vendors to leverage innovative technologies to deliver the next generation of cybersecurity solutions.
  • A business first, senior executive, with over 20 years of hands on experience in defending banks, governments and corporations against cyberwarfare. My career in security started when I was employed to crack a secure system, which had locked down the boot process, whitelisting of applications and encrypted disks. I linked TeamOffice (an ICL email and collaboration system) with Microsoft Word to send an email which allowed me to do anything the person reading the email could do and send the results back to me, all without there knowledge. Having proved this vulnerability, I worked with Peter Simpson to create Defuse, a tool that blocked inappropriate actions. This successfully blocked Winword Concept, the first known malicous code in the wild. From these begginings I have investigated all aspects of security to provide an holistic approach to security as a business enabler and currently advising organisations on the suitability of the cloud to their needs.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.