{"id":4554,"date":"2025-08-27T07:00:00","date_gmt":"2025-08-27T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4554"},"modified":"2025-08-27T07:00:00","modified_gmt":"2025-08-27T07:00:00","slug":"5-ways-to-improve-cybersecurity-function-while-spending-less","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4554","title":{"rendered":"5 ways to improve cybersecurity function while spending less"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

As a veteran CISO for state and local agencies, Orange County CISO Andrew Alipanah knows how to optimize security functions within impossibly tight budgets. In the past<\/a>, while at the City of Riverside, he utilized the covered and subsidized resources through federally sponsored agencies including CISA (Cyber Security and Infrastructure Security Agency), MITRE, the MS-ISAC (Multi-state Information Sharing and Analysis Center), and others.<\/p>\n

But many of those resources disappeared this year when the US Federal Government slashed budgets for these once free resources. That meant he needed to get even more creative in supporting the cybersecurity function while spending less. To that end, he (along with other CISOs interviewed for this story), focuses on nurturing people and streamlining processes rather than throwing new money at technology.<\/p>\n

1. Maximize resources<\/h2>\n

According to ISACA\u2019s State of Cybersecurity 2024 and Beyond Survey<\/a>, more than 50% of cyber security professionals said their security operations are underfunded, even as threats continue to rise and hiring has stalled.<\/p>\n

\u201cThere\u2019s little likelihood of getting new tools with how budgets look today, so you have to invent ways of saving money and getting more out of your existing resources,\u201d Alipanah tells CSO. \u201cWhen it comes to resources, most people talk about tools. But organizations don\u2019t pay enough attention to people and processes.\u201d<\/p>\n

This was the case when the federal government pulled funding for the Multi-State ISACS<\/a>, a resource he and other county agencies came to rely on. \u201cWhen the Center for Internet Security (CIS), which manages MS-ISAC, announced that every agency has to pay this membership for themselves, we asked the state to buy the membership and put the counties and cities under a single state membership,\u201d Alipanah explains. The state did, and it saved these agencies what he says is millions without raising costs for the state. In particular, the County of Orange saved $26,000 a year in membership fees.<\/p>\n

In another example, Alipanah describes how people, processes and technologies all came together when the county\u2019s CISOs worked together to consolidate various types of EDR products into a single brand of EDR. Of the county\u2019s 26 departments, 18 of them consolidated on one EDR product. The resulting savings were dramatic: more unified response and visibility across county systems, streamlined management, volume discounts, and reduced need for specialized skills.<\/p>\n

\u201cYou can create alliances, mutual support agreements, and larger bargaining units to negotiate better deals,\u201d Alipanah adds. \u201cWe work on skills, policies and procedures, perfect them, and also hone the tools we do have.\u201d<\/p>\n

Lynn Cheramie, departmental CISO for Orange County District Attorney\u2019s Office, works with Alipanah along with the county\u2019s other CISO\u2019s on these and other innovative, cost-saving initiatives. Cheramie describes Alipanah as an \u201cinfluential leader,\u201d which he says is essential to getting more done with less. This particularly applies to closing the gaps between silos and leveraging existing manpower.<\/p>\n

2. Focus on people and processes<\/h2>\n

\u201cTeamwork and influential leadership are pivotal in Orange County. We work side-by-side as extensions across our departments. We can\u2019t all do everything, and we don\u2019t want to reinvent the wheel. We shoulder the burden together, revisit existing initiatives, and reduce that tech debt,\u201d Cheramie explains. \u201cThat\u2019s how you do more with less: step in when there\u2019s a lot to do, be of service to each other and to the county.\u201d<\/p>\n

This extends to all levels of staffing \u2014 the most valuable resource to retain and upskill in tight times. To that point, fractional CISO Dd Budiharto, founder and CEO of Cyber Point Advisory, says retaining and upskilling human resources should take precedence over buying new technology. This, she adds, is a key way to do more with less.<\/p>\n

For example, in a past CISO role, Budiharto recruited incident response \u201cambassadors\u201d from different departments \u2014 communication, legal, procurement, human resources, and accounting. \u201cThey loved it because they learned new skills and were part of something big,\u201d she notes. \u201cAnd, when we were hit with a BEC scam, they were right there, trained and ready to step in. They were very efficient and energized. Now that\u2019s some ROI we\u2019re talking about.\u201d<\/p>\n

In another case, she trained the procurement team to ask a list of fundamental cybersecurity questions of potential new vendors, saving valuable time for the security team by pre-vetting them. Often, these cross-trained people become security champions, Budiharto adds. Some even decide to expand their experience into cybersecurity. And new minds with fresh ideas also invigorate the security function and usher in innovation.<\/p>\n

According to the latest cybersecurity workforce study report<\/a> conducted by ISC2, the majority of more than 15,000 organizations surveyed said they lack the talent they need to meet their cybersecurity priorities, even as their organizations cut back on hiring. The report also cites the value of diverse backgrounds and pathways into the cybersecurity operation.<\/p>\n

To that end, Michael Manrod, CISO of Grand Canyon University, utilizes student interns to augment the cybersecurity staff, the majority of whom stay on after graduation. \u201cIf you intern a lot of people and keep some of the great ones, you can have an exceptional team. Our top performers today were our students seven to ten years ago,\u201d he says. \u201cDipping into internal talent pipelines is always less expensive than entering bidding wars for specific skills.\u201d<\/p>\n

3. Clean house<\/h2>\n

Manrod is also big on what he calls \u201cgarbage collection.\u201d He and his team regularly visit their technology contracts to identify and remove tools that are no longer needed or effective. They pay particular attention to solutions acquired years earlier to solve a problem that might not exist anymore, or which is now covered under other platforms and operating systems in their environment.<\/p>\n

\u201cAt an EDU, I need to be very selective in what products I keep and what I acquire. So, I keep an eye out for products I can get rid of in 2025 to pay for reducing new threats in 2026,\u201d Manrod explains. \u201cInstead of just throwing a bunch of new point products into the mix, we look at how to harden the host. Assuming that there will be a chance for some bad things to get through, we look at how we can block those bad things using out of the box configurations like Windows Defender Application Control (WDAC), or host firewall rules.\u201d<\/p>\n

Recently, Manrod\u2019s team decided not to renew an ID\/IAM vendor contract after eight years with that vendor and instead utilize Microsoft Authenticator to support multi-factor authentication (MFA). However, with attackers finding new ways to get around MFA, they ended up adding a specialty product using the money saved to address new adversary tactics.<\/p>\n

4. Augment with AI<\/h2>\n

As he cleans house and frees up more security operations budget, Manrod is set on securely enabling college-wide AI initiatives. Inversely, he and his team also use AI to improve efficiencies within the cybersecurity department.<\/p>\n

For example, they are using approved AI chatbots to augment efficiency gaps, such as writing scripts to query the SIEM, analyzing threats across traversal paths, supplementing training, and for faster querying and answers to questions SOC analysts have. So, while Manrod and others say AI isn\u2019t ready for prime time in SOC functions just yet, a trusted AI chatbot has already proven to save his staff time, freeing them up for other critical security functions.<\/p>\n

\u201cIf we\u2019re doing it right by supplementing the human to make them better, smarter, stronger, faster, and more capable by working alongside the chatbot, AI could be very productive,\u201d he says. \u201cBut, a lot of AI application is done terribly. So that\u2019s something we\u2019re keeping an eye out for.\u201d<\/p>\n

5. Make it about governance<\/h2>\n

Tariffs are undoubtably impacting technology spending<\/a>. So, identifying and cleaning out waste and overlapping processes and technology is an important cost-reduction step.<\/p>\n

Spend More or Spend Better , a report<\/a> published by advisory firm Alvarez & Marsal (A&M), encourages CISO\u2019s to focus on efficiency and impact rather than just chasing bigger budgets. In a follow up interview with CSO, the report\u2019s author, Lorenzo Grillo, who leads the firm\u2019s Cyber Risk Services practice in Europe and Middle East, advises CISO\u2019s to identify and eliminate wasteful spending, conduct gap analyses, and focus on process improvements that elevate security posture.<\/p>\n

\u201cIn one of our recent cases, the organization had focused all the attention and budget on security solutions, leaving the company with significant weaknesses in governance and processes. The cyber cost optimization initiative led the company to an improved cybersecurity posture with a risk reduction below the company risk appetite,\u201d Grillo notes. \u201cOptimizing target operating models, roles and responsibilities, and cataloging services and technologies should improve the efficiency of the cybersecurity organization and mitigate cyber risk.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

As a veteran CISO for state and local agencies, Orange County CISO Andrew Alipanah knows how to optimize security functions within impossibly tight budgets. In the past, while at the City of Riverside, he utilized the covered and subsidized resources through federally sponsored agencies including CISA (Cyber Security and Infrastructure Security Agency), MITRE, the MS-ISAC […]<\/p>\n","protected":false},"author":0,"featured_media":4555,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4554","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4554"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4554"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4554\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4555"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}