Do you think your org relies too much on external cybersecurity consultants (as opposed to internal team’s skills)?
Yes – internal skills should be leveraged more39%
No – external consultants should be leveraged more43%
No – current balance is ideal19%
I’m not sure
54 PARTICIPANTS
Sort By:
Oldest
SVP of Information Security in Banking2 months ago
Internal assets should be leveraged more before utilizing external assets. If you do use external consultants, then knowledge transfer should be done so as to not be dependent on the external assets. Group Director of Information Security in Banking2 months ago
Having been a consultant myself , I have realized that reliance on external consultants is largely in organizations where one of the below mentioned culture exists:1. Culture where certain budget owners don’t want to take absolute ownership of their own decisions and share part of risk by saying that “but we deployed the best of consultants”. This is also possible where budget owners are non competent and got to their Infosec decision making position without merit.
2. Where budget owners are in unholy alliances with consultants and may have ulterior motives of engaging them for their services.
3. Budget owners are genuinely missing on modern skill sets within their teams, teams who have not voluntarily up-skilled themselves for years and this is the most justified of the cause of short term reliance on consultants until the new team is built.