Liana Jones
CYSE 200T
April 15,2026
Professor Duval
Balancing Cybersecurity Training and Technology Investment
BLUF: I would spend about 60% of the budget on user training and 40% on
cybersecurity technology because human error is the biggest risk.
If I had the position of being a CISO one of my tasks would be determining how to
allocate scarce cybersecurity funds towards employee awareness training vs technical
security tools. Most cyberattacks succeed due to human error clicking on phishing
emails and choosing easy passwords (IBM Security, 2023). For that reason, I would
allocate more money to training employees to identify threats and exercise better
judgment (CISA, 2022).
However, technology is still needed to defend systems and catch attacks. Firewalls,
antivirus, and monitoring tools can detect activity that your users may miss. But the
strongest technology can be defeated by poor employee awareness training.
Therefore if I was a CISO I would spend roughly 60% on training and 40% on cyber
tech. By doing this you combat human error first but still have a great technical defense.
The percentages could vary based on the company but spending more on people would
be a priority.
Conclusion:
Cybersecurity measures are composed of both humans and technology, however
humans are the weakest link. Training would be my priority if I were to become a CISO
but I would still invest in crucial tools as well.
References
IBM Security. (2023). Cost of a Data Breach Report.
Cybersecurity and Infrastructure Security Agency (CISA). (2022). Cyber Essentials
Guide.