Jayden Hood
Professor Duvall
CYSE-200T
11/16/25

Write Up – The Human Factor in Cybersecurity

BLUF (Bottom Line Up Front)

In such conditions, balancing investments across people, technology, and preparedness is most effective to reduce organizational threats for a CISO with a limited budget. Training strengthens employee behavior, modern security systems block advanced attacks, and incident-response readiness ensures the organization can recover quickly when threats succeed.

Balancing Technology and Training as a CISO

As a CISO with constrained resources, I face the challenge of apportioning funding in a way to reduce the number of organizational threats for the least cost. This requires assessing the balance of human-centric programs, training and awareness, and behavioral controls, with technical controls, like tools, automation, and monitoring. Here is how I would approach this allocation, and why.

What can we do?

Implementation of Enhanced Security Systems (35%)

Reasoning? implementation security, in today’s society is crucial because cyber threats and cybercrime are growing rapidly. These attackers and outside organizations have updated their techniques by using advanced methods that older or outdated systems can’t defend against, they also have started to use more advanced tools such as exploit kits,malware toolkits, RATs(Remote Access Trojans), and many more.

Focus area
Protect sensitive data from theft, misuse, or exposure
Prevent costly breaches that could damage finances and reputation
Detect attacks earlier through improved monitoring and automation
Close vulnerabilities that attackers might exploit
Comply with regulations and industry security standards
Support business continuity by reducing downtime from cyber incidents

Prioritize Foundational Security Training (15%)

Human error remains the leading cause of breaches—phishing, weak passwords, mishandling data, or misconfiguring systems. Even the best technology fails if employees don’t recognize threats or follow secure practices.

Focus area
Regular phishing simulation and coaching
Role-based security training (IT, HR, finance, executives)
Clear policies explained in plain language
Security culture programs, not one-time modules

Invest in Essential Cybersecurity Technology (20%)

Training alone is insufficient. Attackers automate, innovate, and exploit system weaknesses that humans cannot realistically guard against without technological support.

Focus area
Endpoint Detection and Response (EDR)
Email security filtering
Multifactor Authentication (MFA)
Vulnerability scanning and patch management
Cloud security posture monitoring (if applicable)

Reserve funding for Incident response & continuous improvement (10%)

Even with training and tools, breaches can still occur. A CISO must ensure the organization can respond quickly and learn from incidents.

Focus area
Incident response retainers
Tabletop exercises
Log analysis tools
Post-incident reviews and process updates

Why does it matter?

These focus areas matter because modern cyber threats are more sophisticated, automated, and frequent than ever before. Without strong training, updated security tools, and a solid incident response strategy, an organization becomes an easy target. Every weakness—whether it’s an untrained employee, outdated software, or poor monitoring—creates an opening for attackers to exploit.

By prioritizing these areas, the organization can:Reduce the chance of a successful attack ,protect sensitive data and customer information, and avoid financial losses, legal consequences, and downtime

Training is relatively inexpensive but drastically reduces risk. Strengthening people reduces the attack surface across the entire organization.

These technologies provide the “always-on” protective layer that training cannot deliver. They catch threats employees may miss and prevent small mistakes from becoming major incidents.

This ensures resilience—being able to detect, contain, and recover quickly.

Conclusion

The situation regarding threats is such that the methods of the enemies are constantly changing, and the Chief Information Security Officer (CISO) cannot rely on one defense line alone, especially when the resources are limited. The proper method, therefore, is a harmonized one that supports the personnel, refreshes the technology, and prepares the organization for incident response in case the first two lines fail.

By putting money into better security systems, specialized employee training, minimal defensive tools, and organized incident-response capabilities, the company is reducing risk at every level across its environment.