BLUF
The field of Cybersecurity is constantly growing and expanding. As more and more aspects of everyday life begin to involve technology, the need to keep these aspects safe and sound from any prying eyes or ill-intentioned criminals grows exponentially. But even with its economic growth, funds are not unlimited in the Cybersecurity field. So, this begs the question, how and where should the appropriate budget be allocated in order to most effectively benefit all that are involved?

Proper and Effective Training
When it comes to Cybersecurity, proper and effective training of employees or prospective employees can greatly improve a company/organization’s overall level of security. From having hands-on instructive training, to holding regular informative meetings, to having periodical check-ups to test that employees are keeping well-read, all the forms of proper training can prove to be invaluable(₁). These types of training also open up the possibility to create a functioning ecosystem within the workplace, where the more experienced and tenured employees become knowledgeable enough to take newer employees under their wings, creating a well-oiled machine that can raise or maintain a company’s working standards. But in the grand scheme of things, not all of an organization’s money can be funneled into this area, as other company aspects must be properly addressed as well. These include building maintenance, employee pay, and upgrading/upgrading technology within the workplace.

Updating/Upgrading Technology
Keeping technology up to date is not just limited to trading in an old iPhone for the newest and latest model. Big organizations and companies also seek to keep all of their internal software and hardware state-of-the-art. But unlike upgrading a phone due to its sleeker shape or newer colors, upgrading technology in the field of Cybersecurity can have much larger implications and can be extremely important to the overall level of security in an organization. Old and out-of-date software and hardware can often have chinks in their armor that can potentially leave their user’s information and data in grave danger(₂). These vulnerabilities are exactly what cybercriminals search for in order to exploit them and gain unauthorized access to devices, leaving the devices themselves and all of the valuable personal or company information on them compromised. This not only leads to a breach of data on a personal level, but can also negatively impact an entire organization, possibly forcing them to shut down their networks until the problems can be addressed. However, with software and hardware that is constantly kept updated and upgraded when possible, devices are able to benefit from things such as new features, vulnerability/bug fixes, and critical security patches(₃). This raises the overall security standards of the organization and keeps the foundational security structure strong. But much like the proper and effective training referenced in the previous paragraph, all of these updates and upgrades often cost a lot of money, dipping deep into the financial stores of the company.

Allocation of Funds
With both proper training and updated tech being extremely important but financially taxing, how should these both of these assets be addressed in order to maximize a company’s limited funds? In the best-case scenario, I would have funds more allocated towards upgrading and updating all of the company software and hardware in order to keep them at their most secure state on a 70-30 ratio model. With state-of-the-art equipment and applications, the company’s security “floor” would be set higher, meaning that even with less trained workers, the equipment they are using and the networks that they are on will be well-secured at the very least. Additionally, this is also because as I mentioned earlier, I think that company training can be partially reliant on a seniority workplace ecosystem, where longer tenured and more experienced workers are trusted and expected to become mentors for the newer and less experienced workers. Training can still be partially invested into for the senior members of the company, and then passed down through regular meetings and workplace interactions, creating a cycle of knowledge.

Conclusion
In conclusion, I think the best way to allocate funds for the Cybersecurity side of a company would be to place more emphasis on the additional and more up-to-date technology over training. Keeping company tech updated and upgraded can vastly improve the overall security level of the working environment and can help shield less-trained employees from the malicious hackers and cybercriminals that would otherwise be much more enabled to exploit vulnerabilities caused by old/obsolete technology.

References
CybSafe. (2023, April 5). 7 reasons why security awareness training is important in 2023. CybSafe. Retrieved April 9, 2023, from https://www.cybsafe.com/blog/7-reasons-why-security-awareness-training-is-important/#:~:text=It%20helps%20employees%20understand%20the,report%2C%20and%20prevent%20security%20incidents. (1)
How hardware impacts cyber security – cybertalk. (n.d.). Retrieved April 10, 2023, from https://www.cybertalk.org/2022/09/27/how-hardware-impacts-cyber-security/ (2)
Swann, M. (2020, November 24). The importance of keeping devices and software up to date. Edafio Technology Partners. Retrieved April 9, 2023, from https://edafio.com/blog/cybersecurity/the-importance-of-keeping-devices-and-software-up-to-date/ (3)