[funsec] Probably way off topic...
Jon.Kibler at aset.com
Sat Nov 1 10:38:57 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
I have a client that is trying to justify hiring a network/security
person for their IT staff. Senior management already thinks they are
overstaffed. Here is a rough outline of their environment:
Company size: ~200
Number of locations: 12 across 8 states
Number of "full time" computer users: ~150
~100 sales (wholesale / distribution)
~15 management / executive / HR
~15 clerical / administrative / purchasing
~15 accounting / finance / payroll
The I.T. Department is responsible for:
All communications and networks:
9 Telecoms (voice, cell)
8 ISPs (Internet, WAN)
12 PBXes w/ ~180 handsets
~90 Cellphones and laptop cell Internet
16 VoIP Gateways
~16 Network Firewalls
14 Port Servers
12 IDS sensors
All software and services:
Windows 2003 Server
Web Sites (1 external, 2 internal)
Email / Email Filtering
Event Correlation Management System
AV/Host Firewall/NAC Suite
Web Content Filtering
~20 outside service providers
~200 RFID and/or bar code scanners (ERP integrated)
~40 network printers
~120 desktop printers
All I.T. related purchases, installation, configuration, maintenance
Physical security systems
Currently, their staff consists of:
-- IT Manager / Jack of All Trades
-- 1 ERP/EDI support person
-- 1 Systems Admin who also does network admin and hardware support
-- 1 Help Desk who also does web site, email, host based security,
and teleco / PBX support
The staff recently lost their primary hardware support person and a
part-time administrative person when budgets were cut. Current staff is
overworked, but pay for overtime has been eliminated.
The IT manager asked me to help him put together some information to
help support his push for more staff. I did some Googling, but did not
find anything from the past couple of years that was of any real use.
So, what I am asking is, do you have any information concerning IT
staffing guidelines? Specifically:
o What would be the size of a typical IT staff that would have to
support the above resources?
o Anyone aware of any studies/guidelines for IT staff size based on
the number of "non casual" computer users in an organization?
o Anyone aware of any studies/guidelines for what should be the IT
budget based on either a percentage of revenue or a percentage of
o What is the typical size of an organization before they staff a
"dedicated" I.T. security person?
TIA for any info!
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the funsec