Many Threats, Few Dollars: How to Get the Most From Cyber Budgets?

By: Guy Delp, director of Cybersecurity and Analytics, Lockheed Martin


No one said being a CISO was easy. A cybersecurity organization’s mission and focus can change in an instant but as cybersecurity leaders, we’re often asked “where is the best place to spend our next dollar”? This makes strategic investment planning a difficult task.  So how will you answer this question the next time you’re asked? Frankly, it depends on where you are in the cybersecurity lifecycle.


If you’re a recent victim of a cybersecurity attack, the common reaction is to quickly procure a new tool to fix the issue.  The challenge is that in general, these reactionary decisions are made based upon perceptions of how the attack occurred versus a methodical understand of the breakdown in the people, process and technology that occurred.  Did the SIEM fire an alert but no one took notice because it’s buried in the noise?  Did a virtualized system go un-patched in a test environment because the team forgot about it?  


While tools are certainly part of the answer, our experience has been that successful organizations begin with a focus on people.  People are the backbone of a strong cyber defense, but it’s how we invest in our team that makes a difference.  


For me the key focus areas are:


  • Analyst Training: When it comes to analysts, focus less on training individual tools and instead focus on training the methodology that links the tools together.  Don’t train to a checklist, train them how to think. 
  • User Awareness Training: Often overlooked from an investment perspective is training the workforce to be resilient.  Rather than view your employees as thousands of potential targets, view them as thousands of potential sensors that can inform your network defense.
  • Superstars:  The strongest cybersecurity teams are motivated by core superstar leaders, so don’t forget to invest in them.  When looking for a cybersecurity superstar, consider these three essential criteria:






Knowing the technical aspects of the mission is not enough. Your superstars need to be leaders as well.  Sharing information is paramount. No one will be successful if your superstar adapts an “information is power” mentality.   They need to mentor, they need to motivate and also need to be able to get their hands dirty in the mission.   The most successful superstars understand the technical and political aspects of their environment. Rapid change is likely, so quick learners will adapt best.    The security organization does not operate in a vacuum.  The most successful individuals are those who can navigate across organizational boundaries to drive the results they need.


So in the end there are many ways to spend those dollars. There are no simple answers, but when it comes down to it, my priority is people first. If we invest in our team, invest in strong leaders, we will see returns through stronger, more reliable, more sophisticated cybersecurity practices.

February 18, 2015