{"id":305,"date":"2026-05-07T00:56:54","date_gmt":"2026-05-07T00:56:54","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jpez3\/?p=305"},"modified":"2026-05-07T00:56:54","modified_gmt":"2026-05-07T00:56:54","slug":"memorandum-human-factor-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/jpez3\/2026\/05\/07\/memorandum-human-factor-in-cybersecurity\/","title":{"rendered":"MEMORANDUM: Human factor in Cybersecurity"},"content":{"rendered":"\n<p><br><strong>BLUF:<\/strong> With a limited budget, I would invest just a bit more in ongoing employee<br>security training but still heavily fund our core cybersecurity technology. Careless users<br>make it easy for attackers.<br><\/p>\n\n\n\n<p><strong>Discussion:<\/strong> Coming into this position, you\u2019ll face the risk-budgeting question: where<br>can you decrease risk the most given your constraints? You can buy all the technology<br>you want (IDS\/IPS, EDR, EPP, Firewall, SIEM, etc.) but at the end of the day, people<br>are still going to make mistakes. Despite technological advancements, the majority of<br>real-world attacks I\u2019ve seen started from phishing, social engineering, weak passwords,<br>or mishandling data.<br><\/p>\n\n\n\n<p>That\u2019s why I would spend about 55\u201360% on the training side and 40\u201345% on the<br>technology side. Technology gives you a floor, but your employees can raise or lower<br>that floor.<br><\/p>\n\n\n\n<p>For training, I\u2019d focus on regular, contextual training vs. a \u201chere\u2019s what not to do\u201d<br>seminar once a year. I\u2019m talking things like phishing simulations, role-based training<br>(what you should definitely do if you have creds for XYZ system), and 5\u201310min monthly<br>newsletters. Get your employees to develop a \u201csecurity-first mindset\u201d so they help catch<br>attacks instead of unknowingly facilitating them. Depending on your situation<br>(Government,intelligence-adjacent workplaces tend to be prime targets) this step is<br>critical.<\/p>\n\n\n\n<p><br>Security training will only take you so far. Once you separate people and tech, spending<br>your budget becomes a lot easier. But together, they create layers of protection that are<br>far more effective than just one or the other.<br>Conclusion: Ultimately, I would split funding between employee education\/training a bit<br>more and foundational security tech. Cybersecurity is half a people problem and half a<br>tech problem. The better you make your users and your defenses, the lower your<br>overall risk will be.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>BLUF: With a limited budget, I would invest just a bit more in ongoing employeesecurity training but still heavily fund our core cybersecurity technology. Careless usersmake it easy for attackers. Discussion: Coming into this position, you\u2019ll face the risk-budgeting question: wherecan you decrease risk the most given your constraints? You can buy all the technologyyou&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/jpez3\/2026\/05\/07\/memorandum-human-factor-in-cybersecurity\/\">Read More<\/a><\/div>\n","protected":false},"author":32399,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/posts\/305"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/users\/32399"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/comments?post=305"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/posts\/305\/revisions"}],"predecessor-version":[{"id":306,"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/posts\/305\/revisions\/306"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/media?parent=305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/categories?post=305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jpez3\/wp-json\/wp\/v2\/tags?post=305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}