"People have to be in tune with one another if they are going to work well together"
Greg van der Gaast, Head of Information Security at the University of Salford talks to Jeremy Swinfen Green about how it is possible to manage SOC teams remotely, given the right attitude and culture.
Greg van der Gaast will be speaking at the teissR3 | Resilience, Response and Recovery summit taking place online, 15 - 24 September.
This year, the very popular teissR3 event focuses on how to improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Space is limited. Register your free place by clicking here.
How far can SOCs work remotely in an effective manner? And what are the risks to remote working of a SOC team?
So I think we've had managed SOCs for quite a long time, for a long time in industry terms. And that's proven to work quite well. So I don't necessarily think that there's an issue with remote working of the SOC.
There's certain things, if you have critical incidents, just in terms of human communication and just understanding each other, it's better to be in the same room. You could be facing communication issues. A managed SOC is one thing if they have dedicated internet, strong connections, that kind of thing. Working from home, when a third of your SOC team, you can't hear what they're saying. And they can't send you the files, that can be problematic.
So there is that issue. I'd say the primary issue is probably you have to have, I feel that people have to be in tune with each other, if they're going to work well together. And it can be difficult to get that working remotely. It's one thing if it's forged first in person and then you know each other. You know how each other communicates. And then you can understand each other. And that accelerates the communication response time significantly.
But it's another thing if the whole team has always been remote. It takes longer to get to know someone remotely. That's one thing. And then yeah, like I said, just the technical issues. You want to make sure that it's one thing if your weekly teams call, and someone where it's just chit chat and someone's dropping off because of bad connection. It's not ideal in the middle of an incident when you can't make out every other word someone is saying and potentially action the wrong thing.
So there's some risk both of the kind of human level and communication wise. But overall, done properly, with the right foundations, it can be quite effective. There's advantages as well, flexibility and availability.
Of course. Of course. Do you think talking about communication, if we ignore technology, for a moment, do you think it's harder to communicate when you're not face to face in terms of perhaps the minutia of what we're trying to get across or people's willingness to communicate?
Yeah, absolutely. I think what the work from home thing has highlighted is it's far easier to communicate in person, obviously. I notice that in my public speaking. You can read the crowd. You can see people's expressions. You can see how people interact with each other, how they respond. You can get far more in tune, get far more feedback from a live audience or being face to face with someone.
So that's certainly a loss. One of the pros I've noticed, which may not be as relevant in a kind of instant response scenario, but one of the pros I've noticed is, working from home, everything being over video call, people tend to reach out far more easily. People who used to work across the hall from someone but wouldn't bother getting up and talking to someone, they will just quickly ping them on Teams or Zoom to have a quick chat about something. So that's something that's maybe because of the absence of people in our lives right now, we're seeking out the connection, the discussing more things at random interims. So I think those things have balance themselves out quite well.