Articles & Blogs
Ideal Approach to Cybersecurity’s Internal and External Staffing
Written By: By Sean Dowling, VP, Head of HITRUST and vCISO Services at Accorian ||
Building and maintaining a protected security team is more crucial than ever in today’s rapidly evolving threat landscape. I’ve had the honor of assisting many firms in building and enhancing their information security management programs. Through my experience, I’ve witnessed the vital role a well-rounded security team plays in an information security department, and I take this responsibility with utmost seriousness.
Cybersecurity is not just a box to check off on a compliance list—it’s an integral part of protecting your organization’s assets, reputation, and future. The importance of getting the balance equitable between internal and external resources can’t be overstated. It’s about blending the deep organizational knowledge of your internal team with the specialized expertise of external partners to create a resilient, proactive security posture.
The Value of Internal Expertise
Your internal security team is the backbone of your organization’s defense. They bring with them an intimate understanding of your systems, processes, and culture. I’ve observed how internal teams, leveraging deep-rooted knowledge, are seamlessly able to conduct tailored risk assessments that are not only comprehensive but directly aligned with the organization’s specific business needs. Whether managing compliance with GDPR, HIPAA, HITRUST, or responding to incidents, the internal staff are essential for executing a security strategy that aligns with organizational needs.
Internal teams are also invaluable for incident response. Under high pressure situations, they know the intricacies of the systems they’re protecting, allowing for quicker action to mitigate these threats. The importance of this familiarity during a security incident cannot be overemphasized as time is often the most critical factor in limiting damage.
In addition, cybersecurity is a vast and rapidly evolving sector, and while internal teams are essential, their capacities do face constraints. This is where partnerships with external resources come into play, and in my journey, I’ve witnessed numerous organizations benefit extensively by leveraging the strengths of both parties.
Leveraging External Expertise
In my role at Accorian, we have offered services to smaller organizations that might not need a full-time Security Operations Center (SOC), and who have benefitted immensely from our Managed Security Services (MSS). We, as providers offer continuous monitoring and response, which adds an additional layer of protection that complements the work of internal teams. Having the option to scale resources as needed allows these organizations to stay agile without overextending their budgets. We, as external partners bring with us specialized expertise that can fill gaps in areas such as penetration testing, threat intelligence, and 24/7 monitoring services that may be too costly or impractical to handle entirely in-house.
However, outsourcing does come with its own set of challenges. It’s important to ensure that third-party relationships don’t introduce additional risks. My persistent recommendation has been to establish a strong vendor risk management program and define clear Service Level Agreements (SLAs) to manage expectations, ensuring that external partners are as invested in your security posture as you are.
To vCISO or to not vCISO
As a Virtual Chief Information Security Officer (vCISO), I believe that engaging a vCISO will significantly benefit both small and large organizations. Adding a vCISO can be a game-changer for your information security strategy by providing the benefits of CISO-level guidance without the hefty expense of a full-time executive. Here’s how a vCISO can enhance your cybersecurity program:
Cost Reduction
- Hiring a full-time CISO can be prohibitively expensive, especially for small to mid-sized businesses. A vCISO offers a cost-effective alternative, enabling organizations to leverage experienced security leadership as needed.
Scalable Staffing Solutions
- A vCISO provides your organization with a scalable staffing solution, particularly useful during high-demand periods or specific security projects.
Access to Expanded Expertise
- Unlike an in-house CISO, who may specialize in a few key areas, many vCISOs work across different industries and bring a wealth of knowledge in areas such as threat intelligence, risk management, compliance, and incident response.
Strategic Oversight and Alignment
- A vCISO provides strategic guidance to align your security initiatives with overall business goals, helping you prioritize efforts that bring the most value.
Increased Agility and Faster Implementation
- Because a vCISO is often experienced with various security programs, frameworks, and technologies, they can help accelerate the deployment of key security initiatives.
Objective Perspective and Risk Management
- A vCISO can offer an objective, third-party perspective on your organization’s security posture, helping to identify blind spots or areas that may be overlooked by internal teams.
By engaging a vCISO, your organization benefits from strategic oversight, expanded expertise, and cost efficiencies, allowing you to build a robust security program that is both effective and sustainable.
Tools That Bring It All Together
Technology plays a pivotal role in helping internal and external resources work together. Implementing the right tools can provide significant economies of scale and ensure that security operations run smoothly.
Security Information and Event Management (SIEM) systems are a great example. They consolidate logs and security data from across your organization, allowing for more efficient detection and response to incidents. With the insights provided by SIEM, internal teams can prioritize critical issues, while external partners gain the visibility needed to offer strategic guidance.
Similarly, Endpoint Detection and Response (EDR) solutions provide proactive monitoring for your organization’s endpoints. These tools are particularly beneficial when external vendors handle monitoring, as they facilitate quicker threat detection and faster incident response.
I’ve also witnessed Automation and Orchestration tools transform security operations. Automating repetitive tasks, like patch management or compliance reporting, reduces human error and allows your team to focus on strategic initiatives. The ability to quickly pivot and adapt in response to evolving threats is what keeps an organization resilient.
Finally, with the ongoing shift towards cloud technologies, Cloud-Based Security Solutions have become essential. These solutions offer the flexibility and scalability that internal teams need to secure workloads in an increasingly distributed and digital landscape.
Finding the Right Balance
I believe, the key to building a successful Information Security Management Program (ISMP) lies in balancing internal and external resources. Internal teams provide strategic oversight and in-depth understanding of the organization, while external partners offer specialized skills and scalability. By leveraging the strengths of both and implementing tools that streamline operations, organizations can build a robust and adaptable security posture.
At the end of the day, cybersecurity isn’t static. It evolves, just as your organization does. Ensuring that your security department is properly staffed with the right blend of internal and external resources will enable you to not only protect your systems today but also anticipate and prepare for the challenges of tomorrow.
How Can Accorian Help?
We at Accorian have guided several teams through this journey, and I believe that by taking this hybrid approach, any organization can position itself to grow securely in an increasingly complex digital world. We provide comprehensive staffing and supplemental services to support organizations’ Information Security Management Programs (ISMP). With expertise in most of the security compliance frameworks being implemented today, Accorian enables organizations to maintain a balanced, robust security posture by supplementing internal teams with skilled professionals for both tactical and strategic needs. Whether a company requires a full team for day-to-day security operations or an on-demand vCISO for executive oversight, Accorian’s flexible approach ensures that they receive tailored solutions aligned with their ISMP goals.
About the Author
Sean Dowling is a seasoned information security expert and a valued member of the HITRUST Assessor Council. With extensive experience in cybersecurity and compliance, Sean has played a critical role working with hundreds of organizations in building and maintaining their Cybersecurity programs.
Sean is passionate about guiding organizations to build resilient security postures, emphasizing on the importance of a balanced approach between internal capabilities and strategic partnerships. His work focuses on enabling businesses to achieve compliance while securing their assets against evolving cyber threats.