How to organize information security teams in a company?

Let's discuss the case of a B2B SaaS company with ~1k employees whose software runs in AWS, 100% developed in-house by tens of engineering teams, and I want to determine how to organize information security inside my company. My understanding is that there would be the following wide domains to cover, roughly:

  • Internal company security:
    • Security operations (incident response, reviewing AV/EDR alerts, handling phishing)
    • Employees security training and awareness
    • Securing internal IT infrastructure (servers and workstations, VPN, Office 365…)
    • Compliance (SOC, PCI…)
  • Application security: baselines, helping teams integrate static/dynamic scanning in their pipelines, managing pentests and remediations…
  • Cloud security: architecturing the product in AWS, making sure the configuration is secure, vulnerability management, monitoring, etc.

From my experience, a single team handling all the above is challenging because of frequent context switching, the range of skills needed which is too wide, and the fact that you're easily getting out of touch with all that's happening in the company in various teams. I like [this post](https://j.vehent.org/blog/index.php?post/2019/09/25/Beyond-The-Security-Team) a lot, where the author discusses embedded security teams where you have security people both directly in engineering teams and in a centralized team for governance/compliance, but it lacks some practical ways of implementing it.

Say you have a headcount of 10 people for security (including managers / CISO). How would you go about organizing security teams in such a company? What would be the responsibilities of each team and their communication structure?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s