Security Operation Center – In vs Out

Let’s just say your boss, your partner, your manager or someone came to you and said something along the lines of “we need cybersecurity.” Currently, on Google, if you simply type in “cybersecurity” about half a billion results pop up. It’s overwhelming. So, let’s start with the basics… Let’s just say you don’t want to spend forever and a day looking for something you have no idea about, nor do you particularly care about… You want a one stop shop for a cyber security company that will grow with you, won’t cost an arm & a leg, will increase efficiency and significantly minimize risk. Click here.   

Let’s just say that you end up having to hit the web and sort through those half a billion results. Where do you start?! For one, you must understand what your business is doing, why it is looking at cyber security, and what does it want to achieve? Are you looking to reinforce an in-house IT team? Or are you looking to get a brand-new cyber security team in place? Let’s just say you want to build an entirely brand new, maybe even a state of the art, security operations center for your new IT team. However, one thing must come first before all the fancy tech comes into play – personnel. Who’s going to run it?! Well, Glassdoor has the average salaries for security engineers and analysts in VA from $99k-$110k. At a bare minimum 8 employees are needed to run a Security Operations Center (SOC). An efficient, and safer bet is probably 12 engineers/analysts because of sick days, vacation, shift schedules, etc. – especially if you need it to be 24×7 for compliance reasons. You’re already over a million dollars. And that’s before you even spent money on the fun stuff!  

Here are the often-unforeseen down sides to buying “the fun stuff”:  

  • You must buy all the hardware (devices) and software (operating systems/applications) 
  • You are responsible for the updates, patches, and changes made to the systems 
  • Your technology will quickly become outdated, requiring you to start the process over 
  • As your business grows, so too does your IT bill. They are direct correlations.  

The good part about running an in-house IT team is that you have complete control over the direction of the security, you control the transparency, and you greatly minimize the risk that is assumed in the case of outsourcing. However, all your eggs are in one basket – and that basket comes at a cost.  

Now, let’s just say you decide to outsource your security operations team. First and foremost, lets cover the downsides. The biggest downside to outsourcing is the risk that is involved simply by trusting a 3rd party with access to your sensitive information and data. That being said, as long as you don’t offshore your security, meaning look outside the US, your data should be fine if you do your research. It would be ironic for a security company in the US to not be secure. But hey, it’s 2020. Weirder things have happened. The other biggest thing to keep in mind that could become a downside is the amount of analysis you are getting from the outsourced security team. Just because it is outsourced doesn’t mean it’s better. You might be paying upwards of 14k/month for the most basic of services.  

Now that that’s out of the way, lets focus on the benefits of a truly outsourced managed security service provider (MSSP). First off is the cost, instead of owning the cost of the software and hardware, you can think of it as renting it. A MSSP isn’t meant to dig massive percentages out of the bottom line of your financial statements. It is supposed to be a comprehensive and robust security team that provides a machine learning, artificially intelligent suite of programs that when managed and piloted by a team of highly specialized security engineers, delivers a scalable IT security solution with 24×7 access and a no hassle complete compliance regulation procedure already taken care of. The beauty of Steel Patriot Partners is that we have created a system in which our programs are able to work with an in-house team. Making them more robust, efficient, and productive. Yet, at the same time, we are able to deliver the same level of security that an in-house team would provide – at an exponentially less cost.  

Now let’s say that the negative connotation that has surrounded the cyber community, almost since its conception, turned you off to cyber security. The notion that they are anti-social, 1’s & 0’s kind of people. At Steel Patriot Partners, not only do we pride ourselves at being industry leading professionals with a first of its kind product. But we are also real people, solving real problems, that can really affect our local community. We might be new, but so is the industry. We have 25+ years of combined cyber security experience and a never-ending passion for educating and empowering the local businesses in our community on what we do best. Because at the end of the day, if we can get the word out and get the conversation started about cyber security and change the narrative around it; the more resilient our entire community becomes as a result. If you are interested or know someone who is interested, please give us a follow on social media (FacebookTwitterLinkedIn), send us an email, give us a call at 703-297-4405 or contact us directly! Whatever the way, we look forward to hearing from you and appreciate your time for reading our content! Stay secure!