Defense in Depth: Building a Fully Remote Security Team

Could you be successful with a fully virtual InfoSec team? Many say it can’t be done, while some have actually done it and been successful.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Kathy Wang (@wangkathy) describing how she built a globally-distributed fully remote security team as GitLab’s former CISO.

Thanks to this week’s podcast sponsor, Pulse Secure

Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world. Over 20,000 enterprises entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.

Got feedback? Join the conversation on LinkedIn.

On this episode of Defense in Depth, you’ll learn:

  • A fully remote team is possible. Our guest was formerly the CISO of GitLab which is a fully remote organization so the concept of remote work was built into the company’s DNA.
  • Two of the most important factors to great remote success are each individual’s willingness to over communicate and never be afraid to escalate an issue.
  • Not surprisingly, remote work requires top-down support and it starts at the point of hiring.
  • Trust is a two-way street in remote work.
  • Under the umbrella of “over communicating” is documenting everything.
  • Huge benefit of having a remote team is you are no longer competing with location-based hiring. There are talented people all over the world.
  • With your staff living all over the world, you in effect create a 24/7 office network with everyone operating in different time zones.
  • A fully virtual company is perfect for cloud native companies.
  • It can be very costly to place a person physically on site.
  • Saving money is a great side effect of remote staffing.
  • Make sure to have in-person team building events. Kathy does one to two a year and tries to make sure one of them coincides with a big security event like DEFCON, RSA, or Black Hat.
  • One unforeseen benefit of remote work is that you’re always able to start meetings on time. Problem with in-person meetings is you’re often waiting for another meeting to finish in a room so you can start your meeting.

Defense in Depth