👋 Hello all! So, how big is your security organization and how are responsibilities split across teams?

I’ve been through I don’t know how many reorgs and seen quite a few place, and while some patterns emerge it’s always interesting to see how Security is split up.

In my current company we evolved from:

  • 6ppl: one security team
  • ~12ppl: one security team, distributed between two locations
  • ~12ppl: infrasec team, appsec team
  • ~30ppl: infrasec team, dir team, appsec team, risk/audit team
  • ~60ppl: infrasec team, dir team, corpsec team, appsec tooling team, appsec consulting team, risk/audit team, compliance team
  • Xavier Ashe@infosec.pubM
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I work at a top-10 US bank. If you add our contractors, we have nearly 1000 people in the cyber org. I have 26 people in my direct report org and 235 in my dotted-line org. The 26 folks in my direct report org only do firewall policy changes.

    • 0xCBE@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      it’s impressive! How does your infrastructure looks like? Is it 100% on prem?