post date:
November 5, 2025
At a time when cyber-attacks are escalating but security budgets are tightening, organisations are increasingly relying on what The Stack calls the “$0 CISO” - security leaders forced to deliver meaningful risk reduction with minimal financial resources. This article by Kate O' Flaherty explores how CISOs can still drive real progress by focusing on processes, culture, and the smart use of open-source tooling rather than expensive platforms.Benn Morris, CEO of 3B Data Security, a sister company of UBDS Digital, offers practical and grounded guidance throughout the piece. He stresses that when budgets are constrained, CISOs must first implement achievable security processes aligned to the organisation’s maturity - rather than deploying heavy controls that staff will ignore or work around. He highlights the importance of building a strong security culture, noting that awareness, curiosity, and a “positive learning philosophy” often deliver more impact than tooling alone.Morris also outlines how open-source technology can fill critical gaps for cash-strapped teams. From transforming old hardware into firewalls to using free SIEMs, intrusion detection systems, and digital forensics tools, he explains how security leaders can create meaningful visibility and control without licence fees — while warning that such tools still require time, expertise, and ownership to manage effectively.As cyber-threats continue to outpace corporate budgets, the article makes clear that resilience increasingly depends on creativity, collaboration, and clarity of purpose. For CISOs operating with little or no budget, the path forward lies in sweating existing assets, strengthening culture, and focusing on the practical steps that reduce risk where it matters most.
