Intro
As I put on my Chief Information Security Officer cap, I realize that the balance of investing in
training and investing in additional cybersecurity technologies is a very critical task. This is even
more difficult with my nondescript limited budget. My personal approach would consist of a
combination of both training and technologies, with a bit of an emphasis on the training portion.
Training
Training employees would be the primary focus of my plan, since it is usually said that they are
the weakest link in any cybersecurity situation. Investing in programs that increase the
cybersecurity awareness of all employees is very important. This helps to ensure that everyone at
all levels within the organization understands the importance of common cybersecurity practices.
These include things like recognizing phishing attacks, creating secure passwords, etc. Well
educated employees can help prevent incidents, making training one of the most cost effective
methods of defense.
Technology
For technology, I would like to invest in solutions that bring the highest level of security for
reasonable prices. For example, this would likely include tools like firewalls, endpoint detection
and response (EDR) systems, and intrusion detection systems (IDS) to help protect critical
systems from cybersecurity threats. With the budget constraints in mind, I would prioritize
automated solutions to help increase efficiency.
Conclusion
I would make the spending on training and technology probably about equal, with maybe a slight
focus on technology solutions. This is because you can get more training for your money as
opposed to buying products. Technology can help defend against known threats, but as
employees are the first line of defense, it is equally important to train them. By focussing nearly
equally on both categories, I can ensure the organization is safer from cybersecurity
vulnerabilities.