Security specialist Sophos only employs two IT security pros

CIO Jason Richards: Companies don't need 'an army of security professionals'

Security software company Sophos employs just two IT security specialists to protect itself against cyber-attacks, according to Sophos CIO Jason Richards.

Richards suggested that Sophos is no different from any other organisation in terms of the threats it faced. In fact, he thinks that the company may be under more pressure to be secure because of the extreme reputational damage a successful breach would cause given the market it's in.

But despite this, the company, which employs about 2,000 staff, only employs two IT security professionals.

"It's two people, they run the whole security function at Sophos," Richards told Computing.

"The reason we can do this is that we run Sophos' own products, and I'm a great believer in drinking our own champagne. We want security to be simple and we want people to be confident of using our products and not needing an army of security professionals," he added.

Richards explained that he wanted Sophos to be a template for how other organisations could use Sophos products with a small team.

He said that Sophos, like many other organisations, struggles to recruit the right people. "If you don't have the right people who can talk to the business, then even if they are ‘techy' people, you have a real challenge on your hands," he said.