Skip to the content
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
LOG IN

Why you shouldn’t hire internal Cyber Security staff.

We provide Cyber Security services to a range of organisations from Top50 ASX listed to Startups to Government and we work with Business Owners, IT Teams, CISOs, internal Cyber Security staff and CFOs.

Over time some businesses grow large enough, typically over 500 people, that they start to do some back of the envelope maths. This maths might suggest that an internal Cyber Security staff member appears cheaper and provides more time than an external cyber security contractor.

At Vertex Cyber Security, we help businesses get the best Cyber Security for their business. We work with businesses that have internal Cyber Security and those that don’t. We enjoy both structures and do not have any concern with working with internal Cyber Security staff.

That said we have noticed a number of common observations:

  1. The average time for internal Cyber Security staff to stay in one role is less than 2 years. This means you need to factor in hiring costs, upskilling and loss of productivity costs resulting from this.
  2. Internal cyber security staff don’t keep up with the changes of technology or cyber attacks as they aren’t exposed to as many technologies and attacks as a Cyber Security business would be.
  3. Internal cyber security staff don’t get the same level of experience, training, documentation or automation available as a Cyber Security business as they only perform the task once, not multiple times a week.
  4. It takes internal Cyber Security staff at least twice the time to perform the same task as they don’t have the same level of practice.
  5. Internal Cyber Security staff can be protective of their role and have had less experience implementing the latest cyber protections. There is a tendency for them to prioritise avoiding risk of losing their job and keeping the peace over better cyber security.
  6. Internal Cyber Security have limited knowledge being one person compared to a team providing a range of capabilities from a Cyber Security business.

As shown with Optus and other large companies that have been cyber attacked, they had a lot of internal cyber security yet still failed to implement appropriate Cyber protections.

This doesn’t mean that you shouldn’t have internal Cyber Security staff nor does it mean that you should always have internal Cyber Security staff. It does mean that before thinking about hiring any internal Cyber Security staff consider that the cost is probably at least double what you may think. Also it is important to balance the decision with the strategic and business priorities.

Either way we would always recommend making sure you have at least some regular Cyber Security services provided by an expert Cyber Security business to reduce the potential impacts highlighted earlier.

To be honest this is based on multiple attempts in the past where we helped businesses hire internal Cyber Security staff only to discover these common observations. We have learnt from our mistakes and now try to help businesses understand why they should and why they shouldn’t hire internal Cyber Security staff.

If you want to see the difference an expert Cyber Security business brings, contact Vertex Cyber Security.

CATEGORIES

Protection - Staff

TAGS

cyber employees - cyber staff - employees - hiring cyber - staff

SHARE

PrevPreviousUrgent Update for Safari as it is vulnerable again
NextBroken Access Control – Penetration TestingNext

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • 121 King St, Melbourne VIC 3000
  • Lot Fourteen, North Terrace, Adelaide SA 5000
  • Level 2/315 Brunswick St, Fortitude Valley QLD 4006, Adelaide SA 5000

(c) 2025 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.