π Hello all!
So, how big is your security organization and how are responsibilities split across teams?
I've been through I don't know how many reorgs and seen quite a few place, and while some patterns emerge it's always interesting to see how Security is split up.
In my current company we evolved from:
6ppl: one security team
~12ppl: one security team, distributed between two locations
~12ppl: infrasec team, appsec team
~30ppl: infrasec team, dir team, appsec team, risk/audit team
~60ppl: infrasec team, dir team, corpsec team, appsec tooling team, appsec consulting team, risk/audit team, compliance team
I work at a top-10 US bank. If you add our contractors, we have nearly 1000 people in the cyber org. I have 26 people in my direct report org and 235 in my dotted-line org. The 26 folks in my direct report org only do firewall policy changes.