๐๐ญ๐๐ซ๐ญ๐ฎ๐ฉ ๐๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ: ๐๐๐ญ๐ข๐จ๐ฌ ๐๐ง๐ ๐ 24-๐๐จ๐ง๐ญ๐ก ๐๐ข๐ซ๐ข๐ง๐ ๐๐ฅ๐๐ง How companies like Datadog, HashiCorp, GitHub, GitLab, Segment, Optimizely staff security teams, based on CISO interviews.
1
1
16
Replies
TL;DR: Tad Whitaker recommends: - 1:40 security:Full Time Employee (FTE) ratio - 1:100 IT:FTE. GitHub had a 1:40 ratio. GitLab 1:24.
1
0
1
Tad recommends adjusting the ratio based on how critical your company is as a vendor within your customerโs supply chain attack thread model: - Critical: 1:29 - High: 1:40 - Medium: 1:75 - Low: 1:100
1
0
2
The post describes the purpose of the core types of security teams (IT, Security Operations, GRC, and Product Security) and provides a comprehensive 24-month hiring plan broken down by quarters and teams, with specific job titles and levels for each role. Great resource love it!
1
0
1