David McLeod, CISO, Cox Enterprises
David McLeod, Cox Enterprises

“Training and recovery.” That’s where David McLeod, chief information security officer of Cox Enterprises, says that CISOs should spend their money in 2020.

Training often focuses on making employees less of a security risk. That includes teaching them what not to click on and how to proactively protect the information that is a part of their everyday work. McLeod sees employees as something more powerful.

“Train everyone so you have a wall of passionate people surrounding your business. I’m talking about creating a neighborhood watch,” McLeod says. “I find people who are eager to know what they can do, and they help expand our culture of proactive protection akin to a neighborhood watch. So if I’m going to drive security for the least cost and the highest effectiveness, I’m always increasing my neighborhood watch.”

Recovery isn’t far behind, though, because sooner or later, there will likely be a security incident, such as a breach, ransomware attack, or worse. “Some hacker’s going to get in. It’s all about recovery. It’s all about keeping the business going. You can do a lot of harm to a business if you have to shut down your revenue systems for three days,” McLeod says.

Read more from David McLeod and from other top experts in my story for Forbes, “Chief Information Security Officer Priorities For 2020.”