Just How Important is a FTE IT Security Expert? Let’s Break it Down
By Jeremy Louise | June 10th, 2019
I’m often struck by just how quickly the cyber security landscape continues to advance. Hacks and other types of threats are getting more sophisticated, yes – but so are the tools used to defeat them. Cyber attackers and the businesses they’re targeting are making every effort to stay one step ahead of one another, in a relationship that shows no signs of slowing down anytime soon.
I was talking to a client of mine just the other day about this very same topic and like most people, he spends a lot of time worrying about whether or not that “next big attack” is right around the corner. He was debating on whether or not to bring an IT security expert onto his staff full time, and his justification for doing so certainly gave me pause:
“The Internet is too dangerous to leave this to chance. I can’t outsource something this important, can I? I need someone to come in and get to know my business in a way that someone looking in from the outside never could, right?”
Needless to say, it’s a topic I have my fair share of opinions on.
In this article, I’ll be discussing the need to bring as much knowledge and expertise regarding cyber security to your organization as possible – and the different ways that you can do so. We’ll dive deeper into exactly what an FTE IT security expert is, what they have to offer and why outsourcing is still one of the best options when it comes to protecting your organization from all of the latest threats.
What is an FTE IT Security Expert, Anyway?
The acronym FTE stands for “full time equivalent,” which means that an FTE IT security expert is exactly what it sounds like: a full time worker (or sometimes multiple workers with part time responsibilities) that you bring into your organization with the exclusive task of managing your cyber security operations across the board.
It will be their job to protect all of your critical business information from theft, unauthorized access, managing compliance requirements and maintaining the security posture of their organization. The majority of their day-to-day work involves finding risks to your enterprise, uncovering possible gaps in your protection and then filling those gaps before something bad happens to you.
They’ll need total visibility into every aspect of your IT – from computer networks to cloud servers to mobile devices, desktops and your daily non-IT processes. But more than anything, they’ll need to assess the unique (and constantly changing) threats that your specific organization faces and determine the best course of action on how to eliminate them as much as possible.
Which, of course, is where the problems begin.
The Cyber Security Hiring Landscape as It Exists Today
According to one recent study, there are not enough cyber security professionals currently available to respond to growing demand that organizations like yours will require to adequately face today’s volatile cyber security landscape. In fact, there are nearly three million cyber security jobs available around the world that lack the qualified people to fill them, despite the fact that salaries for those positions regularly BEGIN at around $95,000 per year.
Equally complicating things is the fact that formal training in this field is essentially a very recent development. Tech Crunch estimates that there are very few cyber security experts over the age of 30 who A) actually have a degree in cyber security, or B) have a degree in some type of related field like computer science. But if you think that this is a problem somehow created by the pros themselves, think again: another study revealed that about 43% of people said that their organizations actually provide inadequate security training and related resources to begin with, thus making the possibility of a data breach even more likely than it already was, regardless of your staff’s expertise.
All of this is to say that the perfect IT security person or team that you’re looking to hire may not actually exist – and if they did, you might not have the resources – financial or training oriented – necessary to support them anyway.
This is why I recommended to my client that he forgo the in-house security team and instead outsource to a third-party firm with qualifications (not to mention, a reputation) that he trusted. Make no mistake about it: the stakes are far, far too high to get this wrong to overlook the meaningful factors that should be considered while evaluating your cyber security posture. Finding even a single person to do everything you need would be incredibly difficult – not to mention prohibitively expensive in most cases.
But when you outsource to a third-party provider, you’re not enlisting the help of one person – you’re getting the insight and expertise of many, all working in tandem with one another, who really do add up to more than a FTE IT security expert. Outsourcing means you don’t have to worry about whether your IT person has let their qualifications lapse or if they’re spreading themselves too thin. You also don’t have to depend on one person to catch everything, only to see something slip through their fingers at the last second-That’s what your IT outsourcing partner is for.
Instead of relying on one person (who is still a human being, after all), why not leverage the power of many people who are all singularly focused on keeping you and your people safe from harm?
Plus, maybe your organization just isn’t the right size to justify the cost of another full time employee. Perhaps your area is dealing with a fairly significant skills gap to this end and you just can’t find the right person to bring into the fold in the first place. Don’t let your data go unprotected because hiring an FTE IT security expert isn’t in the cards for you.
Maybe it doesn’t have to be in the cards at all.
IT Security is a Balancing Act, But It’s an Important One
Regardless of the reason, if you want to get serious about cyber security and are looking for someone to come in and lend a helping hand with regards to protecting your business – terrific, we might be able to help.
It’s Your Move!
I absolutely recommend that you give either myself or one of my colleagues at TSI a call so that we can help make sure all your bases are covered, and provide an opportunity to share how we step in and handle all of our existing clients’ cyber security needs seamlessly and cost effectively