You don't have to hire a Network engineer it takes cost.. you just need Mr. Google and Mr. Youtube
Please explain to me how you would even approach security? I'll make it easy and say that all 100 users (managers and all) are "trusted"...
Did you know you need more than a router to provide effective security? What were you thinking? An ACL that blocks all incoming traffic from the outside? You need a real firewall for that which you provided no real example of. Yes you need a real IT professional.
We could talk all day about security if you want (not really - since that requires time which a professional has invested in)
But what about services for these 100 users? Access from home? VPN? Access from the inside? Are both allowed?(Yes you need licenses for this!!!)
Where are your weakest points in the network? Running any legacy software/discontinued OS? Application layer inspection? What device does that again??
Seriously - quite a funny story but when someone thinks they can Google or Youtube a custom network configuration - let me know your Public IP and I'll let you know when/if you're safe..
I am going to continue laughing now but with my head hanging in shame for you!