How to Distinguish “Activity” from “Resilience”.
You don’t need to be a technical expert to audit cyber value. You only need to know how to test the logic.
Dean Kastelic
Principal Consultant
Having joined a few cyber programs that had already collapsed into “financial black holes,” I often wondered how those budgets ever passed the executive sniff test.
What I observed is that cyber budgets are approved without real scrutiny because executives hesitate to challenge the “tech.” They fear that challenging the investment will expose the organisation to a data breach. They feel trapped by the “expert.”
“This creates a dangerous dynamic: millions allocated based on anxiety rather than measurable risk reduction.”
This is how the Financial Black Hole survives. It feeds on unawareness and fear. But here’s the truth: you don’t need to be a technical expert to audit cyber value. You only need to know how to test the logic.
The “Zero-Spend” Sniff Test
To test, in your next budget review, select the single largest line item (often a managed service or a tooling platform) and ask this specific question:
The Waste (Optics)
“Our NIST score will drop” or “We won’t be compliant”
VERDICT: You have found the waste. You are paying for a score, not a defense.
The Value (Resilience)
“We will lose the ability to detect ransomware traversing the network”
VERDICT: You have found value. That is a defensible, threat-anchored investment.
The 90/10 Reality
Some interesting research shows that spend on chasing the first answer (Optics) is as high as 90% on some programs. A solid “Defensible” program spends 90% of its budget on the second (Resilience).
The “Waste Ratio” Decoder
I’ve put together 5 common signs of a “Watermelon” program into a printable one-pager for your next Board meeting.
Click ‘Full Screen’ in the viewer below to save.
Benchmark Your Waste Ratio
Our 3-minute diagnostic reveals if you are funding optics or resilience.