All too often companies misunderstand the value of their cybersecurity teams and underfund their development. At the same time, many of these teams struggle to communicate to leaders the importance of having a well-funded security program. These struggles can lead to serious gaps between the resources allocated to security and the actual support needed to properly protect corporate and customer information.
Before joining Facebook as a security engineer in 2015, I worked in industries from consulting to manufacturing to retail. I observed that leaders often treat security as a liability cost — until the company experiences a security breach, after which increased support is a given. But typically, increased support came too late, and was proportional to the size of the breach and subsequent media attention.