Business acumen is considered a useful treat for security professionals. It’s the way you understand business situations and bring to to a good end or achieving a good outcome. Having enough insight in business is especially useful for those for those with a non-technical audience (or peers).
Besides the understanding of common business terms, it’s also understanding the risks, finance, account, operations and marketing/sales aspects of the business. Yes, as a security professional you can’t be specialized in one thing, you have to be a jack of all trades. On top of this, showing the right amount of flexibility, out of the box thinking and be decisive.
Since it’s close to impossible to be the best in everything, it’s still useful to have some 101’s, like in financial operations. For example know how to budget, how the money flows through the organization and who is needed to sign off on (un)expected costs.
To get better insights in “the business”, one can learn quickly from analyzing existing processes. Why are steps taking in a particular order, who is involved and why do things work like they do. Gather information from the key users and try to understand their process might give great insights in your company, or in your type of business. Showing others that you understand the business processes and know some of their risks, might help at a later stage to get the proper amount of budget for your new IPS solution.
Besides on the job learning, one could opt for additional courses or training as an extension of the comfort zone we call security. After all, it’s not just about protection information, it’s also understanding it and enable it to achieve great outcomes!