IT administrators weren't expected to be security pros, until they were. I was in the same position where our network was too "live and let live" to be protected from emerging security threats. My journey began by asking questions and led to professional certifications and a better understanding of what security really is and how to approach it.
Some certifications will blaze a path for you and your team to become legitimate security analysts. My first two were Security+ and CEH (in progress). The next step, for me, is to pursue CISM, which is more on the management side., but that works for me. GIAC Certifications provide a similar track to begin your security career. Theres more than "one way" to build your skills.
Do you trust certifications or do you value experience more?