Select Page

What on earth were they thinking? That’s what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services.

Of course, we don’t know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any organization.

Fire the internal team and you take a huge risk

Patreon is a content-creator site that handles billions of dollars in revenue. For reasons unknown to us, Patreon fired not just a couple of staff members or someone in middle management. No: the company fired its entire security team.

It’s a big decision with significant consequences because it results in an incalculable loss of organizational knowledge. At the technical level, it’s a loss of soft knowledge around deep system interdependencies that internal security experts will just “know” about and accumulate over time. Knowledge that is rarely ever written down.

Fire the team, and all that knowledge is gone. Can it be rebuilt? Possibly, but in the middle of a crisis, how long will it take an external team to figure things out? It’s anybody’s guess, but it won’t be easy.

images from Hacker News