What is size (how many team members) and critical functions (e.g. SOC, GRC, etc.) of your cyber security organization and the reporting line?

People & LeadershipSecurity Strategy & Roadmap
651 views2 Upvotes5 Comments
Sort By:
Oldest
Chief Supply Chain Officer3 months ago
I think the answer to this is going to vary wildly from organization to organization. We have the the CISO office, Security Architecture and Integration, GRC, and SOC for 35 FTE. This does not include vendor partner support, the major one being after hours security monitoring. I do know that Gartner has presented this topic at a conference I have attended on a way to make a determination of right sizing an information security team. 
Director of Information Security3 months ago
It depends on industry and geography in which the client is operating.  Cybersecurity in most organizations reports into CRO function as it is part of operational risk or in some cases I have seen it reporting to CEO. 

From team member perspective, usually it consist of IAM, DataSec, AppSec/DevSecops, Risk Analyst, Cyber Governance and Vulnerability Management teams.  The number of team members in each sub domain vary based on the size of the enterprise. 
Director of IT in IT Services3 months ago
In a medium to large-sized company, the cybersecurity team typically consists of anywhere between 10 to 50 members, or even more. In addition, you have to consider the Organization the type of the organization, is it reactive, partner, engaging, ...

Some of the key functions within the team include:

The Security Operations Center (SOC): This team is responsible for monitoring and responding to any security incidents or threats that arise. Here, we find the SOC analysts, incident responders, threat hunters, and SOC managers.

Governance, Risk, and Compliance (GRC): This team ensures that the organization adheres to regulatory requirements and properly manages risks. It includes GRC analysts, compliance officers, risk managers, and audit specialists.

Threat Intelligence: This team is dedicated to gathering, analyzing, and disseminating threat information, with the goal of anticipating and mitigating threats. Here, we find threat intelligence analysts and researchers.

Vulnerability Management: This team is responsible for identifying, evaluating, and resolving vulnerabilities present in the organization's systems and applications. It includes vulnerability analysts and professionals who conduct penetration testing.

Security Architecture and Engineering: This team designs and implements the security controls and architecture for the organization. Here, we find security architects, security engineers, and DevSecOps engineers.

And so on with the rest of the key functions, such as Identity and Access Management, Application Security, Data Protection and Privacy, Incident Response and Forensics, and Security Awareness and Training.

Overall, this entire team typically reports to the Chief Information Security Officer (CISO), who is responsible for the organization's overall security strategy and execution.

I recommend checking, the research by Monika Sinha
How to Create an IT Organizational Structure That Drives Efficiency (gartner.com) 
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
VP of IT3 months ago
The number of my team member is 215 professionals, the distribution is:
CyberDefense 80 professionals (SOC, Detection/Contention, IR, TH)

Cybersecurity Engineering 54 professionals (App Security, Architecture and Infrastructure, VM, Asset Protection)

CyberRisk 33 professionals (Technology, Cyber and Information Security RA)

Strategy and Information Security 33 professionals (Information Security, Governance, Awareness and training, Strategy)

CyberIntelligence and Data Science 15 professionals (AI, Machine Learning and Intelligence)
CISO in Insurance (except health)3 months ago
When it comes to defining the size of a security team, a crucial factor is the integration of security in other teams. In my past roles, we've successfully built cross-functional teams with security as a core element. Each team member, with their level of seniority, was equipped with a minimum level of security knowledge, ensuring a robust security culture across the organization. 

Moreover, if you have chosen to outsource specific functions of a security team, like a SOC, it will affect the number of security team members. 

Lastly, the maturity and seniority of your security team members play a pivotal role in determining the total number. I advocate for creating high-performing teams with fewer members but higher seniority. In conjunction with cross-functional teams, this approach can lead to a 50-member security team for a multi-billion organization. 

As you can understand from my answer, there is no one-size-fits-all here. It depends on multiple factors, including your strategy and vision for the team. 

Content you might like

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

I am increasingly having to present to our board and it’s not always the best experience. Do you have any advice on how best to approach a company board that is not technical at all?

People & Leadership
Chief Cloud Officer in Software6 years ago
My board experience has primarily been with board members that are not technical. The approach I take is to "translate" technical bits into business impact information. It seems many non-technical board members care most ...read more
64 3 Replies
Read More Comments
177.4k views169 Upvotes153 Comments

Who performs access fulfilment (provisioning and de-provisioning of user access) to the network and systems within your company?  Is it a first-line function operated by Technology (e.g. Service Desk)?  If not, what department or team performs this function within your company?

Security Strategy & RoadmapIT Strategy & RoadmapService Desk
VP of IT in Manufacturing9 days ago
IT Service Desk.  Hiring manager fills in a web form that starts a ticket.  We standardized equipment options (standard laptop, WFH equipment, iPhone) so they just have to tell us which one(s) apply.  And what apps of co...read more
1 Reply
Read More Comments
1k views4 Comments

What is your preferred way to read a book?

People & LeadershipPeer Insights

eBook/Kindle16%

Print Edition64%

PDF/Tablet10%

Audio Books (I prefer to listen)8%

Something else?1%

View Results
6.6k views6 Comments

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Disruptive & Emerging TechnologiesData & AnalyticsPeople & Leadership+1 more
Principal in Finance (non-banking)a year ago
Almost too many to list. I believe original content — written, photos, and videos — are all but certain to become widely synthetic. Perhaps people will do some humanizing of the content but most of it will be artificially ...read more
5 1 Reply
Read More Comments
175.5k views40 Upvotes97 Comments