As a non-technical person working in the cybersecurity industry, I often find myself asking, “Do I need to be worried about [insert novel threat]?” I am almost always pleased to learn that the experts have considered these threats and created simple protective measures so that no, I do not necessarily need to be worried about [insert novel threat]. In taking a few simple precautions, you might never need to worry about these intimidating cyber risks ever again!
If you were going to test the fault-points of a building, you wouldn’t hire the architect, you’d hire a demolitions expert. Similarly, you don’t want the designer of your network testing its security. If the team that configures your network does so incorrectly, they are most likely unaware. The creator of the environment has an inherent bias based on the angle from which they view it. They are blind to vulnerabilities, not necessarily because they are under-qualified, but because they are too close to the project. A security team has a “black box perspective”, which means they have the same outside view of the system that an attacker would. This outsider point of view is just one of the advantages a security expert has over an internal IT team. They also have the training, experience, time, and resources that would be impossible to lump in with a standard IT program.