Summary: Protecting an organization against the plentiful cyberthreats that pervade the digital landscape can be a difficult task. While many organizations employ a dedicated security team to mitigate cyber risks, robust security requires cooperation and contribution from everybody in the company. With an extended cyber team, security becomes everyone’s responsibility.

As technology continues to advance and cyberthreats grow more sophisticated, it becomes ever more important for organizations to have effective security in place to protect their sensitive data, critical infrastructure, and other vital assets. Many companies suffer from cybersecurity weaknesses due in part to the isolation of their security teams from the rest of the organization. For protection against cyberthreats, an extended cyber team can be far more effective.

Traditional Security Teams

Traditionally, cybersecurity teams have been somewhat isolated from the rest of the company, and the scope of their work has been fairly narrow and distinct from regular business operations. They have been focused on issues such as protecting the perimeter, checking for compliance, and maintaining antivirus software. Many organizations have treated cybersecurity as a topic that is separate from all other functions and employees, an approach that can be detrimental to the business as a whole.

In recent years, more and more organizations are recognizing that cybersecurity is an issue that affects the entire company and should be a matter of concern for all departments. The growth in popularity of cloud technology and remote working environments has led to a breakdown in network perimeters and highlighted the importance of cybersecurity hygiene and best practices for all employees, not just security experts. Many organizations are advancing their tactics and cybersecurity strategies.

The Extended Team Model

The Extended Team Model (ETM) in cybersecurity is an approach that highlights the importance of organization-wide cooperation for security initiatives. An isolated security team can install and maintain security solutions, respond to alerts, and manage incidents, but there is no way for them to control the actions of the rest of the organization. By allocating responsibility for IT functions to personnel in other areas of the company, ETM can more effectively protect the entire organization against cyberthreats.

The human element is crucial in a massive proportion of both malicious and unintentional security incidents. However, when everybody in an organization is tasked with maintaining the company’s security posture and given the training and education to do so, it is possible for people to be an asset rather than a liability. This model relies on the cooperation of all members of the company as they collaborate with each other, complementing each other’s skills and expertise in order to optimize development and maximize the efficiency and efficacy of their efforts.

Benefits and Features

There are a number of reasons that an organization might choose to utilize ETM for its cybersecurity needs. Some of the particular advantages of ETM are:

  • The purpose of the extended team is to complement the work of those with IT titles rather than to replace them.
  • Everybody has important tasks and responsibilities, but the core team maintains control over project management.
  • The extended team is fully invested in the effectiveness of the security strategy.
  • The core team has knowledge of the organization’s needs and capabilities, allowing for greater control over collaboration and processes like integration.
  • ETM grants access to subject matter experts.
  • The extended team can all learn from each other, providing mutual benefits.

Using an Extended Cyber Team

Organizations looking to use ETM to bolster their cybersecurity teams and protect against emerging threats should keep a few things in mind in order to get the most out of the model. In the beginning, the process of adopting the model may be time- and resource-intensive, requiring an initial investment in order to get the extended team running. The goal is to achieve a process that can become autonomous down the line so extended cyber team members can onboard new hires more smoothly.

For ETM to help an organization as much as possible, the core IT or security team should understand the company’s primary cybersecurity concerns, prioritizing duties before delegating tasks to the extended team. ITEGRITI offers help with building extended security teams with guidance from trusted experts.

Here is a list of things ITEGRITI can do for you:

  • Develop an Extended Security Team Program
  • Develop Awareness training
  • Manage the Extended Security team, Weekly or Monthly calls, training, campaigns, awards, etc.
  • Maturity spider charts
  • Communications to reduce/ Bridge SILO’s
  • Recognition program (Awards)


Building and maintaining a robust security strategy can be difficult for an organization of any size. A dedicated security team can do a great deal to protect against attacks and other incidents, but cybersecurity is everyone’s job. Many companies believe that people are the weakest link in cybersecurity, but this does not have to be the case. Everybody in an organization is a vital part of security with the potential to protect against attacks and to cause them. The extended security team allows each person to hold responsibility and actively contribute to keeping the company secure and preventing cybersecurity incidents. While the initial process of establishing this approach will be a little time- and resource-intensive, the ultimate aim is to create a process that will eventually become autonomous. This means extended cyber team members will be able to onboard new hires without too much of a hindrance.

ITEGRITI has deep experience across critical infrastructure cybersecurity programs, compliance, risk, and audit.  Contact us today to learn how we can leverage this experience to help you accomplish your cybersecurity goals.

Contact Us:

ITEGRITI Services: