this post was submitted on 13 Jun 2023
4 points (100.0% liked)

Blue Team

7 readers
1 users here now

Blue Teamers are the first (and sometimes last) line of defense in the ongoing cyber war. This place is to chat out detection strategies, complain about SIEMs, compare SOAR playbooks, or post mean memes about the Red Team.

founded 1 year ago
MODERATORS
xavier@infosec.pub
4
What does your security organization look like? (infosec.pub)
submitted 1 year ago* (last edited 1 year ago) by 0xCBE@infosec.pub to c/blueteam@infosec.pub
2 comments fedilink hide all child comments
 

πŸ‘‹ Hello all! So, how big is your security organization and how are responsibilities split across teams?

I've been through I don't know how many reorgs and seen quite a few place, and while some patterns emerge it's always interesting to see how Security is split up.

In my current company we evolved from:

  • 6ppl: one security team
  • ~12ppl: one security team, distributed between two locations
  • ~12ppl: infrasec team, appsec team
  • ~30ppl: infrasec team, dir team, appsec team, risk/audit team
  • ~60ppl: infrasec team, dir team, corpsec team, appsec tooling team, appsec consulting team, risk/audit team, compliance team
top 2 comments
sorted by: hot top controversial new old
[–] xavier@infosec.pub 1 points 1 year ago (1 children)

I work at a top-10 US bank. If you add our contractors, we have nearly 1000 people in the cyber org. I have 26 people in my direct report org and 235 in my dotted-line org. The 26 folks in my direct report org only do firewall policy changes.

[–] 0xCBE@infosec.pub 1 points 1 year ago

it’s impressive! How does your infrastructure looks like? Is it 100% on prem?