I've been hearing about this concept of applying the Moneyball (Sabermetrics) concept to cybersecurity...

Listen to this podcast for more about it

What appears to be driving this thinking is that too many enterprises are investing in one very experienced and very expensive resource instead of developing a larger, competent, and less expensive team with the same money.

Is this the answer to protecting an enterprise's digital assets?

I think it is certainly a part of the answer in the shorter term. I recently published a customer needs catalog on protecting an organization's digital assets. It covers a lot of ground.

I've also been narrowing the focus to designing effective cybersecurity teams and in there are a number of success statements around reliance on a single resource, or not having a broad set of competencies. It also highlights all of the different team structures that could be in place. Here’s an example:

1. Centralized Structure: In a centralized structure, all security responsibili…