Close this search box.

What is a Lean Security Team, and how to know if you are part of one

SIEM platform

Recently I wrote a blog about what makes a lean security team tick, however, after I posted, it occurred to me that I probably should have spent a few minutes talking about the different types of security teams we run into and how to determine if you fit into the lean security team category. You might say, well, why do I care if I am on, or manage, a lean security team or not? Great question. Let me answer that question with a short story from my personal experience. 

I have worked for seven different cybersecurity startups, from very early in their lives to very late in the startup lifecycle. At each company, the resources available to the marketing team varied widely. For instance, at company A, if I wanted to produce a video, I would do it all myself, from recording to editing to posting. However, at company B, for that same video, I would provide the content while a team of others would work on the editing and publishing. You could say company A had a lean marketing team while company B had a complex marketing team. Was one approach better than the other, that is debatable. What is clear to me is that by understanding the resources I had available at the company, I knew what could and could not be done, especially when bringing technology in-house. 

Now back to the world of cybersecurity. Over the years, I’ve worked with hundreds of security teams, from the team of 1 to teams with the ability to bring in every new piece of technology they wanted. If you drew a spectrum, those two examples would represent the furthest extremes. Most teams lay somewhere in between these polar opposites. Here are a few questions you can ask yourself to determine where you and your team fit into the security team continuum. 

  • Are you a security “jack of all trades”?
  • Do you, or anyone on the security team, moonlight as IT, or vice versa?
  • Does the team manager (aka SOC or SecOps Manager) also work cases?
  • Do triage alerts yourself?
  • Is automation a big part of your team’s strategy (even aspirationally)?

If you answered “Yes” to the majority of the questions above, then congratulations, you are more than likely on a lean security team. No what? As I mentioned, the whole reason to understand the type of team you are on or managing is to inform expectations and how you properly enable your team. So, if the more you think about it, the more you feel like you are indeed managing a lean security team, here are a few quick considerations.

Monitor Morale: While a lean security team can be just as effective as a more complex, more resourced security team, you, as a manager, need to pay close attention to your team members’ morale. If you see someone’s productivity drop, do not jump to conclusions. Take a few minutes to “check in” and see if they might need a break. While it’s not ideal to have members out for a day, maybe you can offer a shorter shift one day or a longer lunch, just something to let the team member know you recognize their efforts and care about their well-being.

Mix it Up: While most lean security teams do not have specialists who only work a certain types of cases, there are some interesting things you could offer to break up the monotony that can occur over time. Maybe you offer shift changes once a quarter or even try a new shift structure that enables someone who might have always worked late at night to pull some afternoon duty. Small changes can keep things lively and recharge a worn-down security team.

Smart Enablement: We all need the right tools to complete our jobs. This is especially important for the lean security team, where time is the “coin of the realm”. If your team is saddled with manually intensive legacy processes, now might be a good time to consider making some tooling changes. There are new options in the market that enable you to automate those manual processes, giving your team back precious time to catch and eradicate more threats. We focus on delivering products that help lean security teams to maintain a competitive advantage over attackers. When you have five minutes free, I recommend exploring our solution for yourself.    

As I stated before, lean security teams can be just as effective as large, complex teams if expectations are managed correctly, and the team is enabled to be as effective as possible. To learn how Stellar Cyber can help your lean security team contact us today.


Scroll to Top