Stephen Mancini


The challenges of securing an organization from various cyber threats are well known. However, it is particularly challenging for smaller organizations to secure themselves due to an often-perceived limitation on funding, and there exists no clear methodology for how an organization should invest the resources it does have. Furthermore, the need to secure oneself is predicated upon an understanding of the threat actors and their methods. This also presents a further challenge as to what information is needed and how to effectively share said information among organizations to understand the threats and threat actors. The following study demonstrated while there exists no clear methodology for cyber investment, nor does there exist a clear process for how best to share cyber-threat intelligence, a smaller organization with limited funds and personnel was able to demonstrate that it is possible for smaller organizations to secure themselves through directed and methodical actions. The study was conducted via interviews over a 2-week period and solicited input from all levels of the organization. The interviews focused on a variety of topics ranging from awareness to local policies to knowledge of recent cyber events. Ultimately, the analysis of the organizational responses revealed several key themes, mainly that a smaller organization could secure itself despite limited resources because its organizational leadership was able to set the tone.