Cybersecurity functions best when the company works with its employees, and when employees are satisfied with their jobs. I would divide the funds up for training between two major sources: Interpersonal, internal training of employees from the company, and training from certified professionals. Perhaps, I would also allocate some funds to a new, internal division that sniffs out unsafe practices and internal dissatisfaction.

Certified Professionals – 25%

External professionals would do well to set employees on the right course. The experience of a professional would set employees on the right track, as they have a proper example placed in front of them. One article from swisscyberinstitute.com suggests that proper training of employees not only
improves their skills and knowledge, but also shows employees they are valued, reduces turnover, and prepares employees for higher responsibilities (5 benefits of cyber security training for employees in 2022 2022) . It also sets a good entry for those who might in turn, would be tasked with the future training of other members of the company, as well. In this regard, I would allocate a moderate amount, perhaps 25% of the funding towards this. It’s a respectable amount of funding towards establishing the baseline of what I would consider to be the main method of teaching.

Internal Training – 50%

Employees training employees works to create a sort of internal brotherhood, a sort of kinship that cant be created by just forcing employees to learn cybersecurity. In the same way that siblings form a bond, or that friends or loved ones bond, so too is there in the relationship between a mentor and a student. In
the process of having employees working together to achieve a common goal, so too do they turn the business into a form of loyalty, a type of family, as it were. Employees with connections within their own business are less likely to betray the company as a whole for any reason. I would allocate a majority of the funding to the training of employees peer to peer as a means of proper encouragement for good training, and a reason for people to learn beyond their requirements, as a means of good re-compensation. Of course, employees who establish themselves as mentor figures would do well to receive compensation for their efforts, and they would receive a general standing wage as long as their
position of internal trainer persisted.

Internal Investigation – 25%

As unfortunate as it is, sometimes there are just bad eggs within an organization. From the outside do
parasites weasel their way in without any intention of working towards the companies goals. Those
without any shred of honor will take what they will from the inside and utilize it to further their own
goals. Somewhat aligned with this, mayhaps not intentionally, are disgruntled employees who feel
slighted after some events that could possibly occur. One article, written by tech42llc, suggests the
different categories of these people, with examples such as the second streamer, who work their job but
also sell information and credentials on the side as a means to make money, the inadvertent insider,
whose incompetence allows perpetrators an easy mark to prey on, and the general disgruntled
employees, who simply seek to sabotage work as a result of their perceived slight (Top Security Risks
and Disgruntled Employees Every Business Owner Ought To Know 2021) . By having an internal
service of some sort who is constantly on the patrol for wrongdoing, but also having a department for
achieving unity in some capacity, by means of discovering employees who feel disgruntled, you might
link security and cybersecurity together, as a means of stopping the problem before it even occurs. I
would give a rough 25% or so to this, maybe a little more, maybe a little less, but I consider this mostly to be more something along the lines of a maintenance fee, as it were. I think that in order for a
building to stand, you must do routine inspection and maintenance, and so too a companies pillars, the
people within, should be tested and properly guided and cared for.

Conclusion

In short, Cybersecurity is built around the principle of attempting to prevent issues before they ever
occur. The same goes for the people who work in the field as well, and even those who are only
moderately intertwined with it. A stitch in time saves nine, and preventative measures might prevent
the wound altogether.

References

Tech42. (2021, September 14). Top Security Risks and Disgruntled Employees Every

Business Owner Ought To Know . tech42llc. Retrieved from https://www.tech42llc.com/top-
security-risks-and-disgruntled-employees/

Swiss Cyber Institute. (2022, May 20). 5 benefits of cyber security training for employees in
2022. Swiss Cyber Institute. Retrieved April 8, 2023, from
https://swisscyberinstitute.com/blog/5-benefits-of-cyber-security-training-for-employees/