

Ask HN: When to hire a dedicated security engineer? - Liuser

I suspect this is largely dependent on the type of company and the information that they deal with as to how early a company decides to have dedicated security engineers.&lt;p&gt;Can you share your experiences and reasons as to when you decided to hire your first security engineer?  How many employees did you have?<p>This is the initial hire that is responsible for bettering the overall security posture of the company from administration to technical.
======
rational-future
A good security guy (not someone who just has a ton of certifications) is very
expensive. If you have to ask, you don't need one. That is unless your
partners or clients demand one or you screwed big previously or you're in
business under threat (e.g. of Chinese government interest).

~~~
Liuser
Is this more of a reactive approach? Meaning you're hiring a security engineer
after a major incident has occurred, instead of proactively ensuring you have
the proper infrastructure and process in place first.

~~~
rational-future
IMHO it's a matter of chance/game theory. Taking a proactive approach is
expensive (security will slow down your development and operation) and most
likely won't benefit you much.

