2. Focus on people and processes: “Teamwork and influential leadership are pivotal in Orange County. We work side-by-side as extensions across our departments. We can’t all do everything, and we don’t want to reinvent the wheel. We shoulder the burden together, revisit existing initiatives, and reduce that tech debt,” Cheramie explains. “That’s how you do more with less: step in when there’s a lot to do, be of service to each other and to the county.”This extends to all levels of staffing, the most valuable resource to retain and upskill in tight times. To that point, fractional CISO Dd Budiharto, founder and CEO of Cyber Point Advisory, says retaining and upskilling human resources should take precedence over buying new technology. This, she adds, is a key way to do more with less.For example, in a past CISO role, Budiharto recruited incident response “ambassadors” from different departments, communication, legal, procurement, human resources, and accounting. “They loved it because they learned new skills and were part of something big,” she notes. “And, when we were hit with a BEC scam, they were right there, trained and ready to step in. They were very efficient and energized. Now that’s some ROI we’re talking about.”In another case, she trained the procurement team to ask a list of fundamental cybersecurity questions of potential new vendors, saving valuable time for the security team by pre-vetting them. Often, these cross-trained people become security champions, Budiharto adds. Some even decide to expand their experience into cybersecurity. And new minds with fresh ideas also invigorate the security function and usher in innovation.According to the latest cybersecurity workforce study report conducted by ISC2, the majority of more than 15,000 organizations surveyed said they lack the talent they need to meet their cybersecurity priorities, even as their organizations cut back on hiring. The report also cites the value of diverse backgrounds and pathways into the cybersecurity operation.To that end, Michael Manrod, CISO of Grand Canyon University, utilizes student interns to augment the cybersecurity staff, the majority of whom stay on after graduation. “If you intern a lot of people and keep some of the great ones, you can have an exceptional team. Our top performers today were our students seven to ten years ago,” he says. “Dipping into internal talent pipelines is always less expensive than entering bidding wars for specific skills.”
3. Clean house: Manrod is also big on what he calls “garbage collection.” He and his team regularly visit their technology contracts to identify and remove tools that are no longer needed or effective. They pay particular attention to solutions acquired years earlier to solve a problem that might not exist anymore, or which is now covered under other platforms and operating systems in their environment.”At an EDU, I need to be very selective in what products I keep and what I acquire. So, I keep an eye out for products I can get rid of in 2025 to pay for reducing new threats in 2026,” Manrod explains. “Instead of just throwing a bunch of new point products into the mix, we look at how to harden the host. Assuming that there will be a chance for some bad things to get through, we look at how we can block those bad things using out of the box configurations like Windows Defender Application Control (WDAC), or host firewall rules.”Recently, Manrod’s team decided not to renew an ID/IAM vendor contract after eight years with that vendor and instead utilize Microsoft Authenticator to support multi-factor authentication (MFA). However, with attackers finding new ways to get around MFA, they ended up adding a specialty product using the money saved to address new adversary tactics.
4. Augment with AI: As he cleans house and frees up more security operations budget, Manrod is set on securely enabling college-wide AI initiatives. Inversely, he and his team also use AI to improve efficiencies within the cybersecurity department.For example, they are using approved AI chatbots to augment efficiency gaps, such as writing scripts to query the SIEM, analyzing threats across traversal paths, supplementing training, and for faster querying and answers to questions SOC analysts have. So, while Manrod and others say AI isn’t ready for prime time in SOC functions just yet, a trusted AI chatbot has already proven to save his staff time, freeing them up for other critical security functions.”If we’re doing it right by supplementing the human to make them better, smarter, stronger, faster, and more capable by working alongside the chatbot, AI could be very productive,” he says. “But, a lot of AI application is done terribly. So that’s something we’re keeping an eye out for.”
5. Make it about governance: Tariffs are undoubtably impacting technology spending. So, identifying and cleaning out waste and overlapping processes and technology is an important cost-reduction step.Spend More or Spend Better , a report published by advisory firm Alvarez & Marsal (A&M), encourages CISO’s to focus on efficiency and impact rather than just chasing bigger budgets. In a follow up interview with CSO, the report’s author, Lorenzo Grillo, who leads the firm’s Cyber Risk Services practice in Europe and Middle East, advises CISO’s to identify and eliminate wasteful spending, conduct gap analyses, and focus on process improvements that elevate security posture.”In one of our recent cases, the organization had focused all the attention and budget on security solutions, leaving the company with significant weaknesses in governance and processes. The cyber cost optimization initiative led the company to an improved cybersecurity posture with a risk reduction below the company risk appetite,” Grillo notes. “Optimizing target operating models, roles and responsibilities, and cataloging services and technologies should improve the efficiency of the cybersecurity organization and mitigate cyber risk.”
5. Make it about governance: Tariffs are undoubtably impacting technology spending. So, identifying and cleaning out waste and overlapping processes and technology is an important cost-reduction step.Spend More or Spend Better , a report published by advisory firm Alvarez & Marsal (A&M), encourages CISO’s to focus on efficiency and impact rather than just chasing bigger budgets. In a follow up interview with CSO, the report’s author, Lorenzo Grillo, who leads the firm’s Cyber Risk Services practice in Europe and Middle East, advises CISO’s to identify and eliminate wasteful spending, conduct gap analyses, and focus on process improvements that elevate security posture.”In one of our recent cases, the organization had focused all the attention and budget on security solutions, leaving the company with significant weaknesses in governance and processes. The cyber cost optimization initiative led the company to an improved cybersecurity posture with a risk reduction below the company risk appetite,” Grillo notes. “Optimizing target operating models, roles and responsibilities, and cataloging services and technologies should improve the efficiency of the cybersecurity organization and mitigate cyber risk.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4045059/5-ways-to-improve-cybersecurity-function-while-spending-less.html
