The Human Factor: How I Would Manage My Company’s Finances & Cybersecurity Training
If I were the CISO of a major tech corporation with a limited budget for both new technology and cybersecurity training, I would allocate approximately 60% of my budget towards the training. While I understand that technology costs a significant amount of money, I believe providing the necessary training is worth the larger investment. Computers and other devices cannot protect themselves without user inputs, so ensuring adequate training from its employees is vital to maintaining company and user cybersecurity.
Why invest in training people more than invest in new technologies?
The majority of cyber attacks are not caused by hackers being smarter than the computer, rather they are caused by people falling for the scams and traps that hackers lay out. Over 95% of cyber attacks are caused by human error, and they continue to rise and become more dangerous for people’s information security (OVHCloud, 2025). In the workplace, even if employees are cautious in how they handle their data, it is still vital to dedicate the majority of the budget to training them to be a stronger and more effective human firewall. In a world where artificial intelligence (AI) seems to be taking over people’s jobs especially in cybersecurity, improving on training for employees is vital in securing both jobs and data security.
How I would train my employees
There are a wide variety of cyber attacks that can occur within the workplace from spam emails to complex internal affairs, so I would do widespread training for employees to cover all bases. Spam emails are the most common scam that both employees and clients fall for, so training employees on how to both identify and prevent them would be one of the most effective strategies to improve their cybersecurity knowledge. While the more complex attacks are less likely to happen, it is important to train employees in preventing them in case of emergencies. I would also implement policies and training where I would enforce and teach the importance of installing VPNs and firewalls into both work and personal devices to prevent them from being shut down from non-user based attacks.
How would I use the rest of the budget for technology?
While I believe using the majority of the budget for training employees is important, companies still need technology to implement their training. Around 80% of employees prefer to use separate devices for work and home, so I believe investing in separate work devices that could be used for the office and remote working would be best for the maximum efficiency (Beyond Identity Blog, 2021). On top of that, the budget should also be used to maintain the upkeep of devices in case of damage caused by the user or wear and tear overtime. Alongside the training for employees to use firewalls and VPNs, the budget should also be used to upgrade them if better and stronger ones are implemented to maintain the best versions of security within the organization.
Conclusion
A lot of people believe that removing people from information security roles and replacing them with AI would be the best way to keep information secure within the workplace. While I can understand that argument to an extent, I believe investing in training people to be more knowledgeable and safe with stopping and preventing cyber attacks, it would be safer than relying on AI that is relatively new and unpredictable. While we may have a “short arm” in our knowledge in technology, we can make strides to closing that gap in our knowledge and keep people safer in the technology world.

Citations
BYOD: Exploring the Evolution of Work Device Practices in a New Remote-Forward Era [Survey]. (n.d.). Www.beyondidentity.com. https://www.beyondidentity.com/resource/byod-exploring-the-evolution-of-work-device-practices-in-a-new-remote-forward-era-survey

‌Capone. (2019). Capone – The impact of human behavior on security. Google Docs. https://docs.google.com/document/d/1J3v_V167mktbGVynbtHW8yHXW9onjaBzVASo-behDfY/edit?tab=t.0

‌Human Error is the biggest cyber threat to Disaster Recovery Plan. (n.d.). Us.ovhcloud.com. https://us.ovhcloud.com/resources/blog/cyber-threat-human-error/

‌