Build Your Cyber Security Team Now
Let me tell you something I learned the hard way when working on my new book: you can’t fight ransomware alone. You need a proper cyber security team.
This blog post summarizes the main points of my latest podcast episode. If you’d like, you can listen to it or watch it at https://www.backupwrapup.com/
I’ve spent the last several episodes talking about backup basics and hardening your infrastructure. The 10 table-stakes items you need just to say you have a backup system. Then we covered immutability, MFA, role-based access controls, and disabling RDP (otherwise known as the ransomware deployment protocol). All good stuff. All necessary.
But here’s what kept hitting me when Dr. Mike Saylor and I were writing “Learning Ransomware Response and Recovery”: having hardened systems is only half the battle. The other half? Having the right people who know how to use those systems when everything goes sideways.
Think of it like those old TV warnings – “The stunts on this show are performed by professionals. Please don’t attempt them at home.” That’s ransomware response in a nutshell.
Why Your Cyber Security Team Can’t Just Be Your IT Department
Look, I love IT folks. I am one. But incident response is a different beast entirely. When ransomware hits, you need people who’ve been through this rodeo before. People who know the playbook. People who can configure your defensive tools properly.
Take XDR systems, for example. You know what an improperly configured XDR system gets you? A flood of false positives. And you know what happens when you’re drowning in false positives? You start ignoring alerts. And then when the real attack comes, you miss it because you’ve trained yourself to tune out the noise.
This is where a professional cyber security team earns their keep. They know how to tune these systems. They know the difference between “this needs immediate attention” and “this can wait.” They’ve seen enough real attacks to recognize the patterns.
Building Your Cyber Security Team: Blue Teams and Red Teams
Let’s talk about who actually needs to be on your team. You’ve got two main players: blue teams and red teams.
Your blue team? They’re your defenders. These are the folks making sure you have the right defensive tools in place – XDR, SIEM, SOAR systems. They’re monitoring your environment. They’re responding to threats. They’re the ones who come in when you’re under attack and execute your incident response plan.
Red teams are different. They’re basically ethical hackers you hire to attack your own systems. They’ll test whether all that hardening you did actually works. They’ll find the gaps in your defenses before the bad guys do. Some organizations start here – hire a red team to hack you, get a hit list of what’s broken, then know where to start fixing things.
Both roles are part of your cyber security team strategy, and both matter. Defense and offense. You need people who can build the walls and people who can test whether those walls actually hold.
The Role of MSSPs in Your Cyber Security Team
Not every company can afford a full-time, in-house cyber security team with all these specialized roles. That’s where Managed Security Service Providers come in. An MSSP is like having a cyber security team on retainer. They bring the expertise without the overhead of full-time staff.
They can help with everything from configuring those XDR systems properly to providing 24/7 monitoring. Some focus just on making your current systems more secure. Others provide full security-as-a-service where they’re responsible for the whole shebang.
The key is finding one that understands backup systems specifically. There are things about backup infrastructure that only a backup security expert will catch. Generic security folks might miss the nuances.
How Cyber Insurance Became Part of Your Cyber Security Team
Here’s something that’s changed in just the last five years: cyber insurance companies have evolved way beyond just paying ransoms. They’re now actively part of your cyber security team structure.
Modern cyber insurance providers give you checklists of defensive measures you need to implement. They’re helping you build resilience before you get hit. And yes, when you do get attacked, they fund the incident response – bringing in the blue team, the forensics experts, even the hostage negotiators (because yes, negotiating with ransomware operators is now a professional specialty).
But here’s the catch: you need to actually do what they tell you to do. Pay for insurance, ignore their requirements, get hit, and then find out they’re not paying? That’s a very bad day. Read the fine print. Follow the checklist. Make your cyber security team accountable for meeting those requirements.
Your Cyber Security Team Implementation Timeline
Look, I get it. Reading this might feel overwhelming. You’re thinking “I need all these people and tools and processes and I need them yesterday.”
Here’s the good news: you don’t have to do everything on day one. This is a journey. It might take you a year or longer to get from where you are to where you need to be. That’s OK.
But you need to start somewhere. And this is where professionals really help – they can prioritize for you. If I looked at your setup and you weren’t doing 3-2-1 backups, that’s priority one. If you don’t have real immutable backups (not just something marketed as immutable), that’s priority two. Your cyber security team helps you figure out what comes next.
The critical part? All of this has to happen in advance. It doesn’t matter when you invent a time machine, but it matters very much when you implement good cybersecurity. Vaccines only work if you take them before you get sick.
These things are doable. They won’t be free, but they’re doable with time, effort, and the right people on your side. That’s what a cyber security team gives you – the expertise to actually execute when it matters most.
Don’t wait until you’re infected to start building your defenses. Contract your blue team now. Run your red team exercises. Get your insurance in place. Build your cyber security team before you need them, because by the time you need them, it’s already too late.
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data