I’ve looked high and low to find this statistic. I learned about the poverty line, and what percentage of an orgs money should go to security, but I think there should be a statistic of how many people should be dedicated to security.
Like we can spends X Amount of dollars on SIEM and alerting, but a human has to go through that info. And you can’t just have 1 guy with alert fatigue, and you can’t have 50 guys with access to sensitive data. There’s a sweet spot, where you are optimal and safe.
What are your opinions, or, does anyone have this statistic?
Would this number be X amount of sec ppl for every X amount of end users or assets?