For example, the FinOps engineer determined that AuditBoard had overprovisioned servers in one of its cloud providers — extra servers that the company was paying to have and paying to secure. Marcus says having this position quickly paid for itself, noting that AuditBoard has seen a return of 10 times the investment.
7. Enlist employees to become security champions
One way to cut costs is to reduce the number of problems that need security’s attention.
To do that, Jimmy Sanders, president of ISSA International and until early 2024 head of security at Netflix DVD, advises CISOs to create a security champions program.
The program enlists workers throughout the business, and particularly in IT, to receive some security training that they can bring to their everyday roles and their teammates, thereby boosting a better security culture for the organization, he says.
This cuts security costs in a few ways, Sanders says. The security champions can help with basic security needs as part of their day-to-day work, saving the security department time and boosting its efficiency as a result.
The improved security culture means workers are more attentive to risks and cyber threats and, thus, less likely to fall victim to them; that reduces the number of incidents, eliminating the costs of response. Security champions are more likely to loop security into business needs, and to do so early in work and project cycles, when injecting security requirements and security work is not only more effective but less costly to do.