Journal – Budget Balance: Training vs. Tech

Posted by afran014 on

The Chief Information Security Officer has a lot of responsibilities, one main one being the
responsibility to properly and proportionately allocate funds between the training of
cybersecurity staff and the technology they will be trained to use. At first glance, this
responsibility might seem easy to some but there are several factors in deciding where money
should go that might make the choices more difficult. If I were in this position, I would look at
these factors, see how they apply to the organization’s situation, and make an informed decision
based on my findings.
The first factor I would zero-in on when deciding how to budget for training and technology is
the threat landscape and what kind of threats are surfacing as of late. As any good cybersecurity
professional knows, it is important to stay up to date with the latest advancements, both in
security and threats to it. Analyzing what attacks are becoming more common and what newer
threat vulnerabilities are becoming relevant is a good way to gauge what should be prepared for,
and thus a CISO can brainstorm plans on how to defend against these rising threats. Having a
plan to budget with is paramount. The next factors to consider are the technology market and
pricing for equipment and machines. Knowing what devices competitors of similar size to the
organization are implementing and what devices are selling well can give myself a good idea
of what kind of equipment to look into purchasing. Like the technology market, a budgeting
CISO should take a look at the labor market as well. When the organization is learning new technology,
someone who is experienced with it is going to be needed to train the staff to use it properly. I
would see what people are available for training and what their rates are to help estimate the
necessary budget for training. There are many more factors to consider when deciding on how to balance the cybersecurity department budget between training and technology, but the ones mentioned would simply be the ones I think of and would recommend prioritizing first.

Leave a Reply

Your email address will not be published. Required fields are marked *