What should be the size of a blue team?

Let's say I wanted to convince my management that my company needed a blue team. All the arguments are ready and I'm sure I'll make an excellent presentation. In the end, I will have to specify the cost. So I should be able to say how big my blue team will be.

My blue team will look like the blue team's WikiPedia definition:

A blue team is a group of people who perform an information systems analysis to provide security, identify security vulnerabilities, verify the effectiveness of each security measure and ensure that all security measures continue. be effective after implementation.

Is there a formula to calculate the size of my blue team?

For example, one person in the blue team for every 100 employees, for 100 terminals, for X customers or for every $ 100,000 / € turnover? Or maybe a mixed calculation of that?


My threat model includes my ability to defend against moderately skilled script kiddies and hackers attacking my Internet-facing services, but it does not plan to defend against nation-state attacks and motivated and highly skilled hackers. . Internal threats are something my company has heard about.

If necessary, suppose my company is an IT service provider.