You might think that a starting point for building a cybersecurity team would be to hire a technical system administrator to oversee security systems or a cybersecurity generalist who understands cybersecurity compliance and governance.
We would like to suggest a different approach.
Before you hire anyone, you should define a cybersecurity strategy based on your corporate needs and objectives. This discovery and planning process can be led internally, or you can hire a consultant to help you, but the strategy should always come before the first hire takes place.
Defining your strategy begins with a self-assessment to determine your business goals related to technology, digital assets, known technology and so forth. Marketing will want to review privacy policies, terms and conditions, customer databases and any other digital assets that pertain to their job. Executives should review company IP and financial information and determine what level of protection they want to keep that data safe from competitors or external threats. You are also going to evaluate the technology, applications and architecture currently setup within the company.
You can learn more about how to conduct a self-assessment in an earlier blog found here.
Once you understand the current cybersecurity environment and have evaluated the needs of the company, you can then define a robust cybersecurity strategy with the required roles and infrastructure to best execute that strategy. This includes any missing architectural requirements, operational requirements, non-operational skillsets and industry compliance requirements that need to be met. You should also define what kind of service levels you expect to have from your cybersecurity team as well.
As you plan, start with your immediate needs, but include where the organization will be in the future. This allows for a better organizational structure and a technical infrastructure to be developed that can scale as the company grows and will provide a more cost-effective and functional team to evolve over time.
Once you have defined what you need, you will need to determine who to hire.
The reality is that every company needs to define and build the right team for themselves. It isn’t possible to say, here’s the perfect structure, but you can get the ideal structure for you. Well, at least as perfect as you can build, providing for the resources that you have at your disposal and the budget that has been allocated toward cybersecurity.
There are multiple ways to find the right people with the right skillsets, but an external hire isn’t always your best option for all positions. A better place to start is to evaluate who you already have on staff. In doing that, and by training, you’ll probably be able to not only find a cheaper alternative but one that’s actually better for the entire organization.
Because that individual will be integrated already with the culture and the team. And when you look at it from the employee’s standpoint, they’re probably going to be more challenged by the opportunity, and that’s going to excite them. Additionally, you’re establishing cybersecurity as a mindset when you have cross-functional team members who understand the needs of multiple departments first-hand.
At some point, you will need to look externally.
When you do, you will need either a generalist or a specialist. Your strategic plan can help guide you toward which is right for you, but it’s usually better to start with a generalist than a specialist. You simply can’t afford to hire somebody who won’t be relevant six months or a year down the road because you need them to have more skillsets than they currently have. That’s what’s happening with many companies, and this is why companies get stuck with inefficient teams that tend to outsource the majority of the operations to a cybersecurity provider.
As you grow, you will likely need specialists to complement your team. When you do, you will find that a mix of generalists and specialists on your team provides the perfect balance for the company. Each person generally respects the other, and both sides work well together because they share different perspectives and have different abilities than the other person.
This is critical.
You don’t want team members with the same background or mindset in a cybersecurity team. That’s how threats are overlooked. When everyone thinks the same way or has the same educational background, they take the same approach to the problem. There is no creativity, and this team is never going to disrupt past processes and structures. And frankly, in cybersecurity, you want to have a team that’s going to disrupt. They need to stay ahead of the bad players and cannot become complacent.
If you need help in establishing or complementing your cybersecurity team, we would love to connect with you. Reach out to us at www.parabellyx.com and we can discuss how our team can assist you.
Parabellyx are security-matter-experts who take a focused and business-aligned cybersecurity approach to developing strategies that accomplish your key business goals and objectives. We then train your entire organization in security, preparing you for any threat until a security mindset is entrenched across your entire company, protecting and ‘future-proofing’ your information, your employees, your customers, your shareholders and your reputation.