Updated: Nov 20
I have met people that do not have many technical skills and are afraid that means that they can not adequately protect their organization. I have also met highly technical people that think all they have to do is buy that one amazing gadget and they will be covered.
The answer is not all technical or non-technical. You can spend a fortune investing in amazing tech, but still be completely insecure if you don't have the processes behind it to back it up. Process and policy go a long way in building a cybersecurity posture, but there are a few key items such as a firewall that you will still need.
I have met people at organizations without adequate process that openly hand me all the employees passwords. Sometimes there is no account management processes and people who have been terminated still have active accounts. There is nothing to stop a disgruntlted employee from using active creditionals for negative things. These are examples of things the organization does not need expensive tools to address. They need training and process. There is no one size fits all answer to cyber. The best protection is a mix of technology and procedures.