Name: Ramon Lee
Title: Balancing Cybersecurity Training and Technology on a Limited Budget
BLUF: With a limited budget, I would prioritize cybersecurity training for employees while
investing strategically in essential technology to reduce human-related risks, which are the
leading cause of cyber incidents.
Introduction
In today’s cybersecurity landscape, human error remains one of the largest vulnerabilities. While
advanced technology is important, the effectiveness of these tools depends heavily on how well
employees understand and use them. As a Chief Information Security Officer (CISO), my goal is
to maximize risk reduction by balancing investment between staff training and security
technology.
Budget Allocation Strategy
1. Prioritize Training (60%)
The majority of my budget would go toward regular and role-specific security awareness
training. According to recent studies, over 80% of cyber incidents are linked to human error
(Infosecurity Magazine, 2021). Training reduces phishing risks, credential mishandling, and poor
device hygiene. I would also include simulated phishing attacks and updated modules that reflect
the latest threats.
2. Invest in Core Technology (40%)
I would allocate the remaining budget to essential technology, focusing on endpoint protection,
intrusion detection systems, and multi-factor authentication. Instead of purchasing every new
tool, I would prioritize scalable solutions that integrate well with existing infrastructure.
Conclusion
While technology is important, human behavior is often the weakest link in cybersecurity. That’s
why training must be a top priority—empowering employees to recognize and avoid threats. A
well-trained workforce, combined with targeted tech investments, provides the best defense
within budget limits.