BLUF:
With a limited cybersecurity budget, I would balance funding between employee training and
cybersecurity technology but place a slightly greater emphasis on training. This is because many
cyber threats are caused by human error, meaning even the best technology can fail if users are
not properly educated.

Discussion:
Cybersecurity is often viewed as a technical issue, but based on what we’ve learned from the
text, the human element plays a major role in cyber threats. Many attacks, such as phishing or
social engineering, rely on individuals making mistakes, like clicking suspicious links or even
sharing sensitive information. Because of this, investing in employee training is critical. Training
helps employees recognize threats, make better decisions, and act as the first line of defense.
According to the text we were provided this week, research shows human behavior is central to
cybersecurity, and many breaches occur due to lack of awareness rather than lack of technology.

However, technology is still necessary. Tools like firewalls, intrusion detection systems and data
help protect systems and data from attacks. Different sectors, such as financial institutions and
healthcare organizations rely heavily on these tools to secure sensitive information and maintain
trust. Without proper cybersecurity infrastructure, organizations are more vulnerable to
ransomware, data breaches, and system disruptions that can affect not only the company but the
larger economy.

As a Chief Information Security Officer, I would allocate funds in a balanced way. Ensuring that
employees receive consistent training while also maintain up to date security systems. For
example, I would invest regular cybersecurity awareness programs while also updating software
and monitoring systems. This combined approach reduces risk by addressing both human and
technical vulnerabilities.

Conclusion:
In conclusion, cybersecurity requires both strong technology and informed people. While
technology is essential, I would prioritize training slightly more because many cyber threats
originate from human error. A balanced investment ensures better overall protection and helps
organizations stay resilient against evolving cyber risks