IT Security Staffing as a Percentage of Total IT Staff…Is it Right for You?
Maintaining strong security doesn’t require you to expand your IT staff. In fact, IT security staffing as a percentage of total IT staff has remained relatively steady for a while according to an informal poll of some of the long-tenured CISO’s and other Information security professionals we work with on a regular basis. However, you may want to assess your security staffing needs by reviewing your current staffing ratio.
Ratio of IT Staff to Users
Some experts suggest the ratio of IT staff to users range is between 1:20 and 1:100. Ratios offered by Kurt Aubuchon in the InfoSec Island post, “How Many Information Security Staff Do We Need?” range from1.5:100 up to 8.5:100. While IT security staffing as a percentage of total IT staff appears to range from 3 percent to 11 percent.
Of course, it really depends on several factors including the number of locations, the hardware and software used, the proficiency of users, and the hours of direct support. As Aubuchon writes, it’s difficult to pinpoint an exact number:
Perhaps because the “right” number of information security staff is highly sensitive to the nature of the business and the regulatory environment, or perhaps because the information security discipline is less mature than IT infrastructure or operations, there just aren’t very many good benchmarks out there.
Confidence in IT Security Staff
A 2011 Symantec Threat Management Survey found that “most enterprises are not confident in their security posture and that staffing is a major issue limiting IT security’s effectiveness.” Specifically, 46 percent of those who lack confidence cited insufficient security staff, while 45 percent pointed to a lack of time to respond to new threats.
Worldwide, 43 percent reported understaffing as a major issue. While in North America, that number is 53 percent and I see nothing to suggest those numbers won’t grow.
Sixty-six percent of businesses that lack confidence in their ability to respond to threats rated their staff as less effective. The top three issues that affect staff effectiveness are recruiting (46 percent), retention (42 percent), and skill gaps (35 percent).
Knowing all this doesn’t solve your hiring issues, it merely points out that you are not alone in your efforts. Balancing the right IT security staffing ratios with the ability to find the best new hires is the challenge shared by all.
That’s where Pinnacle Placements can help. We are a premier, full-service executive search firm specializing in helping businesses meet their unique needs when identifying and attracting security professionals. When you’re looking for the right IT security staff, we can help you recruit the security experts you need.