Let's say I wanted to convince my management that my company needed a blue team. I have all the arguments ready and I'm sure I'll give a great presentation. At the end I will have to spell out what it will cost. Therefore I should be able to say how big my blue team will be.
My blue team will look like the okay Wikipedia definition of a blue team:
A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.
Is there are a formula of some sort to calculate how big my blue team should be?
For instance, one person in the blue team per 100 employees, per 100 endpoints, per X customers or for every 100K$/€ of turnover? Or maybe a mixed calculation of that?
My threat model includes being able to defend against script kiddies and medium-skilled hackers that attack my services that are internet-facing, but it does not plan to defend against nation-state attacks and high-skilled and motivated hackers. Insider threats are a thing my company has heard of.
If needed, assume that my company is an IT service provider.