Optimizing Cyber Resources Survey 2024

Are you making the most of your cybersecurity resources?

Over the past two years, the administration has released numerous new cyber mandates and related guidance documents, most notably the Zero Trust Strategy and the National Cybersecurity Strategy and its accompanying Implementation Plan.

Although federal cybersecurity budgets increased substantially in fiscal 2023 and are expected to continue to rise in 2024, agencies have simultaneously faced an increase in cyberthreats and attacks from ever smarter adversaries while working to meet the new mandates.

As it is unlikely that cyber budgets will continue their upward trend (with requests rising almost 27% across fiscal 2023 and 2024, according to Federal CISO Chris DeRusha), we want to hear directly from you about the ways in which your organization is balancing demands and allocating its resources.

Please take a few minutes to fill out this brief survey. To thank you for participating, we will send you a $5 Amazon gift card. You will have a chance to add your email address to receive the card at the end of the survey. We will only use your email address to send you the gift card. We will keep all answers anonymous.

We will publish the results in the coming weeks on FederalNewsNetwork.com.

A Federal News Network Survey, underwritten by

Question Title

* 1. MANAGING YOUR CYBER BUDGET
Where do you expect to spend your dollars in 2024? (please rank the list from 1 to 10, with 1 being your top priority and 10 being your lowest)

Question Title

* 2. MANAGING YOUR CYBER BUDGET
What are your top challenges in managing cyber programs given your current budget? (please rank your top 3 challenges)

	No. 1 challenge	No. 2 challenge	No. 3 challenge
Being agile (more proactive, less reactive)	Being agile (more proactive, less reactive) No. 1 challenge	Being agile (more proactive, less reactive) No. 2 challenge	Being agile (more proactive, less reactive) No. 3 challenge
Ensuring infrastructure resiliency	Ensuring infrastructure resiliency No. 1 challenge	Ensuring infrastructure resiliency No. 2 challenge	Ensuring infrastructure resiliency No. 3 challenge
Training/upskilling cybersecurity and technology employees	Training/upskilling cybersecurity and technology employees No. 1 challenge	Training/upskilling cybersecurity and technology employees No. 2 challenge	Training/upskilling cybersecurity and technology employees No. 3 challenge
Identifying and prioritizing gaps in cyber capabilities	Identifying and prioritizing gaps in cyber capabilities No. 1 challenge	Identifying and prioritizing gaps in cyber capabilities No. 2 challenge	Identifying and prioritizing gaps in cyber capabilities No. 3 challenge
Controlling shadow IT	Controlling shadow IT No. 1 challenge	Controlling shadow IT No. 2 challenge	Controlling shadow IT No. 3 challenge
Retaining/growing your cyber team	Retaining/growing your cyber team No. 1 challenge	Retaining/growing your cyber team No. 2 challenge	Retaining/growing your cyber team No. 3 challenge
Protecting your expanding attack surface	Protecting your expanding attack surface No. 1 challenge	Protecting your expanding attack surface No. 2 challenge	Protecting your expanding attack surface No. 3 challenge
Creating a cyber culture enterprisewide	Creating a cyber culture enterprisewide No. 1 challenge	Creating a cyber culture enterprisewide No. 2 challenge	Creating a cyber culture enterprisewide No. 3 challenge
Meeting new White House mandates	Meeting new White House mandates No. 1 challenge	Meeting new White House mandates No. 2 challenge	Meeting new White House mandates No. 3 challenge
Managing staff morale and avoiding burnout	Managing staff morale and avoiding burnout No. 1 challenge	Managing staff morale and avoiding burnout No. 2 challenge	Managing staff morale and avoiding burnout No. 3 challenge
Taking full advantage of existing tools	Taking full advantage of existing tools No. 1 challenge	Taking full advantage of existing tools No. 2 challenge	Taking full advantage of existing tools No. 3 challenge
Acquiring necessary technology	Acquiring necessary technology No. 1 challenge	Acquiring necessary technology No. 2 challenge	Acquiring necessary technology No. 3 challenge

Other, or additional comments?

Question Title

* 3. MANAGING YOUR CYBER BUDGET
How concerned are you about potential flat cyber budgets or smaller cyber budget growth in fiscal 2024?

Very concerned

Somewhat concerned

Slightly concerned

Not concerned

Question Title

* 4. MANAGING YOUR CYBER BUDGET
How concerned are you about potential flat cyber budgets or smaller cyber budget growth in fiscal 2025?

Very concerned

Somewhat concerned

Slightly concerned

Not concerned

Question Title

* 5. MANAGING YOUR CYBER BUDGET
How do fluctuations in the federal budget process, including the likelihood of delays brought on by now expected continuing resolutions, affect the following cyber efforts? (please rank each item from 1 to 5, with 1 being the most impactful and 5 being the least impactful)

	1 (most impactful)	2	3	4	5 (least impactful)
Hiring cyber workers	Hiring cyber workers 1 (most impactful)	Hiring cyber workers 2	Hiring cyber workers 3	Hiring cyber workers 4	Hiring cyber workers 5 (least impactful)
Training cyber workers	Training cyber workers 1 (most impactful)	Training cyber workers 2	Training cyber workers 3	Training cyber workers 4	Training cyber workers 5 (least impactful)
Planning for filling gaps in your cyber capabilities	Planning for filling gaps in your cyber capabilities 1 (most impactful)	Planning for filling gaps in your cyber capabilities 2	Planning for filling gaps in your cyber capabilities 3	Planning for filling gaps in your cyber capabilities 4	Planning for filling gaps in your cyber capabilities 5 (least impactful)
Acquiring tools to fill gaps in your cyber capabilities	Acquiring tools to fill gaps in your cyber capabilities 1 (most impactful)	Acquiring tools to fill gaps in your cyber capabilities 2	Acquiring tools to fill gaps in your cyber capabilities 3	Acquiring tools to fill gaps in your cyber capabilities 4	Acquiring tools to fill gaps in your cyber capabilities 5 (least impactful)
Taking more advantage of your current toolsets	Taking more advantage of your current toolsets 1 (most impactful)	Taking more advantage of your current toolsets 2	Taking more advantage of your current toolsets 3	Taking more advantage of your current toolsets 4	Taking more advantage of your current toolsets 5 (least impactful)
Being agile (more proactive, less reactive)	Being agile (more proactive, less reactive) 1 (most impactful)	Being agile (more proactive, less reactive) 2	Being agile (more proactive, less reactive) 3	Being agile (more proactive, less reactive) 4	Being agile (more proactive, less reactive) 5 (least impactful)

Other, or additional comments?

Question Title

* 6. MANAGING TALENT & TEAM RESOURCES
Is the current size of your cybersecurity team sufficient?

We need to maintain our current organization — filling empty positions efficiently and continuing to upskill employees regularly

We need 5% more people

We need 10% more people

We need 25% more people

We need 50% more people

Additional comments?

Question Title

* 7. MANAGING TALENT & TEAM RESOURCES
Considering your current cybersecurity organization, how would you rate your workforce’s skill sets and capabilities?

Strong

Strong — but we struggle to maintain skills as technology and demands evolve

Solid — but we lack employees with knowledge in some critical technology areas

OK — but we need to invest in upskilling and adding new talent

Poor — we struggle to keep pace with current workloads much less plan for future needs

Additional comments?

Question Title

* 8. MANAGING TALENT & TEAM RESOURCES
Is your organization relying on cyber tools and services to help make up for any shortfalls in cyber personnel or skill sets?

It is a principal component of our cyber strategy and budget planning

We are exploring potential new ways to implement cyber tools and automation capabilities to determine gaps that they can help us address

We want to invest in a strategic review to determine our shortfalls and how additional cyber tools could help us

No, we are not increasing our reliance on cyber tools and services

Additional comments?

Question Title

* 9. MANAGING TALENT & TEAM RESOURCES
Rate the degree to which you agree or disagree with the following statement: “We are leaning into cyber automation and orchestration tools so that we can free up our staff to focus on cybersecurity needs unique to our agency’s mission and delivery of services as well as on coming future threats.”

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Additional comments?

Question Title

* 10. MANAGING TALENT & TEAM RESOURCES
How confident are you that your current cybersecurity staff can identify and remediate vulnerabilities quickly and effectively, and build and manage a holistic cyber infrastructure?

Very confident

Somewhat confident

Slightly confident

Not confident

Additional comments?

Question Title

* 11. ADDRESSING MENTAL HEALTH & BURNOUT
Rate the degree to which you agree or disagree with the following statement: “Looking across our organization, burnout increasingly affects the employees on our cyber and technology teams.”

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Question Title

* 12. ADDRESSING MENTAL HEALTH & BURNOUT
What, if any, of the following factors contribute to employee stress on your organization’s cybersecurity teams? (choose all that apply)

Ability to keep pace with technology evolution

Anxiety about threat landscape

Concerns about recruiting and hiring additional cyber staff

Lack of appreciation

Little or no time for training

Long hours

Overwhelmed by manual tasks/inability to be strategic enough

Unrealistic expectations by leadership, or congressional and oversight organizations

Other (please specify)

Question Title

* 13. ADDRESSING MENTAL HEALTH & BURNOUT
Have you personally considered leaving your agency because of job stress?

Yes

Additional comments?

Question Title

* 14. PRIORITIZING FOR FUTURE CYBER NEEDS
What percentage of your cyber tools are cloud-hosted or cloud-native now?

More than 90%

75% to 90%

50% to 75%

25% to 50%

Less than 25%

Question Title

* 15. PRIORITIZING FOR FUTURE CYBER NEEDS
What percentage of your cyber tools do you hope to make cloud-hosted or cloud-native by the end of fiscal 2024?

More than 90%

75% to 90%

50% to 75%

25% to 50%

Less than 25%

Question Title

* 16. PRIORITIZING FOR FUTURE CYBER NEEDS
How confident that your agency can currently meet the requirements of CISA Binding Operational Directive 23-01 (or DoD Instruction 8531.01) on improving asset visibility and vulnerability detection?

Very confident

Somewhat confident

Slightly confident

Not confident

Additional comments?

Question Title

* 17. PRIORITIZING FOR FUTURE CYBER NEEDS
How much of a concern is ensuring the security of software as a service applications for your cyber team?

Major concern

Somewhat of a concern

Slightly a concern

Not a concern

Additional comments?

Question Title

* 18. PRIORITIZING FOR FUTURE CYBER NEEDS
Rate the degree to which you agree or disagree with the following statement: “We currently devote adequate resources to improving critical infrastructure security and ensuring CI resiliency.”

Strongly agree

Agree

Neither agree nor disagree

Disagree

Strongly disagree

Additional comments?

Question Title

* 19. DEMOGRAPHICS
Which of the following best describes the organization you work for?

Civilian

Defense

Intelligence Community

Judicial

Legislative

Other (please specify)

Question Title

* 20. DEMOGRAPHICS
What is your job title?

Chief information security officer

Deputy CISO

Chief information officer

Deputy CIO

Information systems security manager

Security architect

Security engineer

Information assurance software engineer

IT project manager

IT specialist (InfoSec)

Computer systems security manager

Computer network defense analyst

Other (please specify)

Question Title

* 21. DEMOGRAPHICS
How many years have you been in your role in government?

Less than 2 years

2 to 5 years

5 to 10 years

10 or more

Optimizing Cyber Resources Survey 2024

Are you making the most of your cybersecurity resources?

Question Title

* 1. MANAGING YOUR CYBER BUDGETWhere do you expect to spend your dollars in 2024? (please rank the list from 1 to 10, with 1 being your top priority and 10 being your lowest)

Question Title

* 2. MANAGING YOUR CYBER BUDGETWhat are your top challenges in managing cyber programs given your current budget? (please rank your top 3 challenges)

Question Title

* 3. MANAGING YOUR CYBER BUDGETHow concerned are you about potential flat cyber budgets or smaller cyber budget growth in fiscal 2024?

Question Title

* 4. MANAGING YOUR CYBER BUDGETHow concerned are you about potential flat cyber budgets or smaller cyber budget growth in fiscal 2025?

Question Title

Question Title

* 6. MANAGING TALENT & TEAM RESOURCESIs the current size of your cybersecurity team sufficient?

Question Title

* 7. MANAGING TALENT & TEAM RESOURCESConsidering your current cybersecurity organization, how would you rate your workforce’s skill sets and capabilities?

Question Title

* 8. MANAGING TALENT & TEAM RESOURCESIs your organization relying on cyber tools and services to help make up for any shortfalls in cyber personnel or skill sets?

Question Title

Question Title

* 10. MANAGING TALENT & TEAM RESOURCESHow confident are you that your current cybersecurity staff can identify and remediate vulnerabilities quickly and effectively, and build and manage a holistic cyber infrastructure?

Question Title

* 11. ADDRESSING MENTAL HEALTH & BURNOUTRate the degree to which you agree or disagree with the following statement: “Looking across our organization, burnout increasingly affects the employees on our cyber and technology teams.”

Question Title

* 12. ADDRESSING MENTAL HEALTH & BURNOUTWhat, if any, of the following factors contribute to employee stress on your organization’s cybersecurity teams? (choose all that apply)

Question Title

* 13. ADDRESSING MENTAL HEALTH & BURNOUTHave you personally considered leaving your agency because of job stress?

Question Title

* 14. PRIORITIZING FOR FUTURE CYBER NEEDSWhat percentage of your cyber tools are cloud-hosted or cloud-native now?

Question Title

* 15. PRIORITIZING FOR FUTURE CYBER NEEDSWhat percentage of your cyber tools do you hope to make cloud-hosted or cloud-native by the end of fiscal 2024?

Question Title

* 16. PRIORITIZING FOR FUTURE CYBER NEEDSHow confident that your agency can currently meet the requirements of CISA Binding Operational Directive 23-01 (or DoD Instruction 8531.01) on improving asset visibility and vulnerability detection?

Question Title

* 17. PRIORITIZING FOR FUTURE CYBER NEEDSHow much of a concern is ensuring the security of software as a service applications for your cyber team?

Question Title

* 18. PRIORITIZING FOR FUTURE CYBER NEEDSRate the degree to which you agree or disagree with the following statement: “We currently devote adequate resources to improving critical infrastructure security and ensuring CI resiliency.”

Question Title

* 19. DEMOGRAPHICSWhich of the following best describes the organization you work for?

Question Title

* 20. DEMOGRAPHICSWhat is your job title?

Question Title

* 21. DEMOGRAPHICSHow many years have you been in your role in government?

Question Title

* 22. Thank you for taking part in our survey. To receive your $5 Starbucks gift card, please provide your email address.

* 1. MANAGING YOUR CYBER BUDGET
Where do you expect to spend your dollars in 2024? (please rank the list from 1 to 10, with 1 being your top priority and 10 being your lowest)

* 2. MANAGING YOUR CYBER BUDGET
What are your top challenges in managing cyber programs given your current budget? (please rank your top 3 challenges)

* 3. MANAGING YOUR CYBER BUDGET
How concerned are you about potential flat cyber budgets or smaller cyber budget growth in fiscal 2024?

* 4. MANAGING YOUR CYBER BUDGET
How concerned are you about potential flat cyber budgets or smaller cyber budget growth in fiscal 2025?

* 6. MANAGING TALENT & TEAM RESOURCES
Is the current size of your cybersecurity team sufficient?

* 7. MANAGING TALENT & TEAM RESOURCES
Considering your current cybersecurity organization, how would you rate your workforce’s skill sets and capabilities?

* 8. MANAGING TALENT & TEAM RESOURCES
Is your organization relying on cyber tools and services to help make up for any shortfalls in cyber personnel or skill sets?

* 10. MANAGING TALENT & TEAM RESOURCES
How confident are you that your current cybersecurity staff can identify and remediate vulnerabilities quickly and effectively, and build and manage a holistic cyber infrastructure?

* 11. ADDRESSING MENTAL HEALTH & BURNOUT
Rate the degree to which you agree or disagree with the following statement: “Looking across our organization, burnout increasingly affects the employees on our cyber and technology teams.”

* 12. ADDRESSING MENTAL HEALTH & BURNOUT
What, if any, of the following factors contribute to employee stress on your organization’s cybersecurity teams? (choose all that apply)

* 13. ADDRESSING MENTAL HEALTH & BURNOUT
Have you personally considered leaving your agency because of job stress?

* 14. PRIORITIZING FOR FUTURE CYBER NEEDS
What percentage of your cyber tools are cloud-hosted or cloud-native now?

* 15. PRIORITIZING FOR FUTURE CYBER NEEDS
What percentage of your cyber tools do you hope to make cloud-hosted or cloud-native by the end of fiscal 2024?

* 16. PRIORITIZING FOR FUTURE CYBER NEEDS
How confident that your agency can currently meet the requirements of CISA Binding Operational Directive 23-01 (or DoD Instruction 8531.01) on improving asset visibility and vulnerability detection?

* 17. PRIORITIZING FOR FUTURE CYBER NEEDS
How much of a concern is ensuring the security of software as a service applications for your cyber team?

* 18. PRIORITIZING FOR FUTURE CYBER NEEDS
Rate the degree to which you agree or disagree with the following statement: “We currently devote adequate resources to improving critical infrastructure security and ensuring CI resiliency.”

* 19. DEMOGRAPHICS
Which of the following best describes the organization you work for?

* 20. DEMOGRAPHICS
What is your job title?

* 21. DEMOGRAPHICS
How many years have you been in your role in government?