This extends to all levels of staffing — the most valuable resource to retain and upskill in tight times. To that point, fractional CISO Dd Budiharto, founder and CEO of Cyber Point Advisory, says retaining and upskilling human resources should take precedence over buying new technology. This, she adds, is a key way to do more with less.
For example, in a past CISO role, Budiharto recruited incident response “ambassadors” from different departments — communication, legal, procurement, human resources, and accounting. “They loved it because they learned new skills and were part of something big,” she notes. “And, when we were hit with a BEC scam, they were right there, trained and ready to step in. They were very efficient and energized. Now that’s some ROI we’re talking about.”
In another case, she trained the procurement team to ask a list of fundamental cybersecurity questions of potential new vendors, saving valuable time for the security team by pre-vetting them. Often, these cross-trained people become security champions, Budiharto adds. Some even decide to expand their experience into cybersecurity. And new minds with fresh ideas also invigorate the security function and usher in innovation.
