In cybersecurity training and technology are both equally important within an organization. If an organization has poor training and good technology, it can only provide so much security. The same goes if an organization has good training and poor technology. If the employees in an organization are not trained effectively it poses a major risk to the organization. If the organization uses lower-class technology, it poses a major risk as well. In cybersecurity there are an infinite number of risks, and it is required to prioritize them to meet budget requirements. I would balance the tradeoff between training and technology in the most effective way I can. I would prioritize user training. I would do this because it is more cost-effective to make users aware of the risks present in our organization. High-class security technology would serve no use if an attacker can use a social engineering attack to take advantage of unknowing users. User training would be apriority. No matter the amount of training provided to users they will always be a present vulnerability. Although I would prioritize user training majority of the budget would go towards technology. I would not be able to afford the best technology on the market due to user training. So, I would implement the best technology possible after user training is handled. The user training paired with the technology within the budget would provide good security to my organization. I think this is the best approach because even if the best technology is used if it is not managed correctly, it might as well not be implemented at all. As cybersecurity professionals tradeoffs are common when implementing security.