We looked past the obvious places—vendors and tools—and took a hard look at the small, recurring costs that quietly add up. Some subscriptions and services had made sense once, but now just sat there, barely used. I remember reviewing a code-scanning service and realizing we were paying for more than we needed. By trimming it back to match what we really used, we saved money right away, without adding risk. It was a reminder that sometimes, the biggest gains come from quiet, careful housekeeping, not dramatic cuts.
4. Restructure teams and outsourcing around value
Security organizations tend to evolve in silos, shaped by technology domains, incidents or vendors rather than by the risks they are meant to manage. Reviewing the target operating model involves deliberately reorganizing teams and partners around value domains, not tools. Value domains, or clusters of related risks, prioritize risk management alignment over technological segmentation. Consolidating overlapping functions, such as incident response, vulnerability management and threat intelligence across IT, OT and data protection, reduces handoffs, eliminates duplication and improves speed of execution. The objective is not headcount reduction, but the release of capacity and the better allocation of scarce expertise to the most material risks.
When we pulled teams together, we didn’t cut headcount. We just stopped letting groups like incident response and vulnerability management work in isolation. By focusing everyone on the same risks, we made it easier to respond and to deploy our experts where they had the greatest impact. We also took a hard look at outsourcing, combining SOC and MDR for OT, IT and data protection into one operation. That move cut costs, improved efficiency and lowered risk.