Building the Cyber Security Team

Every organization needs to understand the importance of building their internal and external cyber security teams, functionality and capabilities. We often see that the cyber security function is performed by someone in the IT department under the direction of a particular director or C-level leader. This person who has been charged with the responsibility of cyber security might be good at interacting with a technical security system, but might not be as strong in the areas of risk management, communication or business management. Some companies will be large enough that they will have an internal security team. Others will need to rely on external vendors and external relationships.


The internal team begins with leadership that is responsible for cyber security oversight. The board and the C-Suite don’t want to be perceived as people that sit in their ivory tower and don’t talk with anyone else in their organization. They don’t want to be someone who just stays in their desk typing out policies and doesn’t ever collaborate with anyone in the organization. That is NOT how effective or sustainable cyber security is done. You need to get comfortable with going out and mingling. The more people you talk to within your organization, the better off you, your organization and your security posture will be.

As a leader, you want to be that person who is always going out and chatting with the C-suite, with marketing, with communications and with business process leaders. Because security touches every part of the organization, it creates an open door to work with every single department and engage every single person. When you do that, you put your company in a powerful position to build a comprehensive cyber defense team. This is security at work!


You need to have a diverse group of people with useful skillsets and then help those complimentary strengths work together for the greater good of the organization. Your security team could be made up of technical people that are really good at pulling apart code, using a firewall or other technical security solutions. These types of analytical capabilities are important but your team must be well-rounded. If you have a team full of just one type of person, you are lacking people who understand risk, people who are good communicators, people who understand how business works in the context of cyber security.


A healthy cyber security team will have talented and experienced people in the following positions:

1. People that are good at dissecting malware as a first line of defense

2. People that are good analysts with the ability to:

a. Interact with different security systems

b. Absorb the data that is available

c. Figure out what threats are on the network

d. Determine what do about those threats

e. Assess whether or not our security posture is strong enough

3. People that are good at-risk management at an enterprise level and can see the big picture

4. People that can communicate cyber security information to company leadership and key people throughout the organization

Also, before the data breach storm happens, you want to put your post breach team together (your crisis management team) and negotiate terms with them:

1. Legal Advisers

2. Public Relations Advisers

3. Cyber Forensics Providers

4. Incident Response Partners

5. Government Organizations

If there is a cyber attack, you can then bring the right people in at the right time to contain the damage, eliminate the threats and help you get back to business as usual. When you’re in the middle of an attack is not the time to assemble your team.


If you don’t have the cyber security resources inside the organization that will allow you to compete, you have to augment what you have by reaching outside. Many organizations aren’t large enough to have an internal IT security team. Perhaps they only have one individual as a security resource. Fostering strong external relationships is the way to develop critical cyber security capability. This could be relationships with security consultants, SOC (Security Operations Center) providers to provide you with their cyber security operations capabilities, other consultants that can assist you with leadership and cyber strategy development. These are key people that you need to be able to rely on for risk management, security leadership, security operations and communication with the board. You need to be able to see where your weak spots are and then shore those up. Evaluate what your in-house capabilities are, then augment that with outside vendors to build up a strong security posture.