Building the Right Cybersecurity Team Structure

Implementing the right cybersecurity team structure is crucial to managing the two essentials of business: risk, and cost. The arrival of technology and the emergence of the Fourth Industrial Revolution (4IR) has enabled cybercrime to increase – fundamentally altering how organisations must enhance security measures. Managing risk now means managing cyber risk, which comes at a cost.

In the age of digitisation, protection utilising traditional IT security measures is not enough as threats are no longer just limited to a few devices. Enterprise networks are interconnected, with several endpoints. Any threat or attack on a company has a significant effect on business performance, making security a bigger organisational issue, requiring more than the expertise of an IT department.

Cybersecurity is arguably much more than an IT function. Cybersecurity staff exist in a specialist space of their own, that involves depth of knowledge and layers of diversity. Cybercrime has grown so much in complexity that it is now truly the domain of multiple specialists. 

What roles must exist within your cybersecurity team structure?

A cybersecurity team needs to think like an anti-crime unit. Team members must have a holistic understanding of the latest techniques used by hackers, and the motivations behind them. Cybersecurity team members also require a deep appreciation of business. They need to think critically and possess knowledge of where the flaws might be within a business’s networks, applications, or even people – while continually challenging their understanding.

Operational cybersecurity decisions need to be made swiftly, but still must be based on information and data. Strategic decisions involving cyber security can affect the risk profile of a company for years into the future, requiring a completely different pattern of thinking to operational decisions.

Given the complex and different tasks that fit under the umbrella of cybersecurity, how should you structure your cybersecurity team?

A Cyber Security team must include the following roles:

Security Incident Manager

A Security Incident Manager controls incidents in real-time, with a 360-degree view of all security issues within the IT infrastructure. Many businesses operate 24x7x365 – and these businesses need 24-hour monitoring to ensure that there is no breach, or impact on users, at any time. Security Incident Managers usually depend on their security team, situated in a Security Operations Centre (SOC), to conduct continuous monitoring and analysis.

Penetration Tester

A penetration tester – also known as an ‘ethical hacker’ or a ‘white hat’ – is an expert who finds and exploits vulnerabilities in a computer system. The simulated process identifies an organisation’s weak spots as well as the areas that developers may have missed. It is ideal to do a penetration test just before putting a system into production, then further testing not less than once a year. For environments which are continually changing, penetration tests may be required more frequently – twice yearly, or even quarterly.

A penetration tester is normally not a full-time member of a team, but if organisations rush to get a return on investment while negating this vital part of cybersecurity, the risk of being hacked by a cybercriminal increases drastically.

Cyber Risk and Compliance Specialist

Cybersecurity governance, risk and compliance specialists ensure organisations remain up to date on all regulatory and licensing requirements per company, state, and federal regulations. Risk and compliance roles have traditionally sat in the Chief Financial Officer’s portfolio, whereas Cyber Security roles are often created with a Chief Information Officer’s organisation – meaning the Cyber Risk role often straddles two very different business units.

Businesses in Australia specifically must be compliant with:

1. Notifiable Data Breaches Scheme
2. PCI DSS (if utilising credit card payments or dealing with information related to card payments)
3. APRA CPS 234 Standard (if your business forms part of the entities regulated by APRA)

…and other standards may apply if dealing with high-risk Government departments such as Defence.

Cyber Security Strategist

The Cyber Security strategist is responsible for defining the strategic roadmap for Cyber Security by interfacing with core business functions and technology teams. The strategist identifies future state security capabilities and considers strategic risk areas of the organisation while ensuring every significant business and technology decision includes sound Cyber Security thinking.=

This role cannot be done by a technology professional with technology training alone. It is the realm of MBA-qualified executives or consultants, with years of business experience, who understand both the cyber world and the business world.

Outsourcing versus in-house teams

Which cybersecurity roles should you outsource, and which should you keep in-house?

In-house IT professionals spend most of their time managing their network and driving new solutions for the business, leaving very little time for security – which requires its own set of niche skills.

In-house cybersecurity teams require skilled people with specialised processes and tools to execute them. Few businesses have the internal staff component necessary to manage such a comprehensive cybersecurity programme, nor the capital. Some of the roles listed above – such as Security Incident Managers and Penetration Testers – are highly specialised and command very high salaries, making them challenging to retain once hired.

Cybersecurity team members need to have clear lines of communication with key business executives, with standardised ways of presenting data. They need access to business support applications, analysis tools, data repositories, analysts and more. Moreover, with the continuous disruption of emerging technologies, cybercriminals never rest. Organisations need to ensure that an in-house cybersecurity specialist is provided with ongoing training to keep at the forefront of new developments. One must take the cost of training into consideration and budget accordingly for this necessary expense.

Achieving cybersecurity with an internal team while maintaining costs is nearly impossible for most organisations.  An outsourced, managed solution then becomes an obvious consideration.

Outsourcing your cybersecurity resources and leadership affords you a service provider that specialises in understanding your business and lowering its risk. There is no need to worry about hiring, retaining, and training specialist staff. Results are then delivered faster than any in-house effort as help is available at any time. Additionally, the costs of an outsourced service provider, although variable, is significantly lower than the price of hiring in-house experts.

The cybersecurity team structure of the future

Virtual teams will become the cybersecurity system of the future. Keeping up with the pace of security changes for many businesses is a struggle and, in most cases, they don’t have the budget to employ in-house security expertise. As a result, virtual security teams, with retainer-based professionals and specialised knowledge, become the only viable option. It makes business sense to have managed cybersecurity services to keep data safe and in turn, control day-to-day security.

At StickmanCyber, our cybersecurity managed service, service along with our CISO-on-demand service provides our customers with an expert team of security professionals, who look after the cybersecurity of your business, 24x7x365.