Unless it is the blind leading the blind
"Security" experts, internal or external, need to be vetted by people that really are experts. Are your experts skilled in computer forensics or do they just try to string together log files? Are your experts aware that PS enables attackers to hide all kinds of stuff, and that Win 10 makes forensics even more challenging? Do your experts know how to tune your defenses, and keep them updated? Do you experts know the hows and whys for network design within the scope of security? Do...
In my personal experience, most of those in the corporate world who are referred to as security experts don't even have a toolkit, let alone the knowledge of how to use it. Furthermore, outsourcing to security experts gets you a room of log junkies that flood your internal team with false positives, which eventually get tuned out, which eventually leaves you with a false sense that all is well.
Bottom line, your are screwed regardless if you don't know what you are doing to begin with.