Since the human contribution to cyber threats is the highest, I would want to make the most efficient use of budget and resources in the position of Chief Information Security Officer. One way to accomplish this would be to have training at regular intervals with follow-ups and evaluations. By having the training regularly, employees should always have company procedures for cyber security somewhat fresh in their minds. The budget demand for this could be higher than yearly training or training done during onboarding. Still, this benefit is worth it compared to the cost of a breach or vulnerability due to an employee’s lack of knowledge. Other system-related things that I would implement would be automation for many everyday interactions that employees would have with the company system. Examples of this are automating the process for resetting a password after too many incorrect tries to log in to the network, also the use of AI-based tools to scan company emails for messages that match the profile of a phishing attack and warn the user or prevent them from opening a link or attachment until it is scanned. The cost of implementing technology to automate these procedures could be reduced by looking for and using a third-party solution. Using a third-party solution reduces cost by not having to build these systems from the ground up, but it also reduces the cost of resources to maintain them since the provider could provide support for any issues that may arise, as well as any updates that are needed.

Conclusion

In conclusion, the best way, in my opinion, to most efficiently use my budget as Chief Information Security Officer to provide cybersecurity for the company is to use an approach that balances regular training for employees with automated systems for cybersecurity. This approach would allow the company’s cybersecurity level to punch above its weight budget-wise and still be well within that budget.