Recreating “water cooler” moments for people to share cyber security concerns

"Three or four weeks before the government lockdown we could see what was coming and we began to test that we could operate remotely."

Michael Jenkins MBE, CISO of Brunel University talks to Sooraj Shah about how they ensured that home working during the CPVD-19 pandemic imitated the office environment as far as possible.

Michael Jenkins will be speaking at the teissR3 | Resilience, Response and Recovery summit taking place online, 15 - 24 September.

This year, the very popular teissR3 event focuses on how to improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Space is limited. Register your free place by clicking here.

Video transcript

How has the team recreated the water cooler conversations that colleagues may have had before remote working became a fixture, both with staff and students in regards to site security?

Yeah, the sort of transition for us as a team into what we have to cope with business continuity practise kind of happens, you know, a good three or four weeks before the UK government's formally closed down in terms of lockdown and the mitigation measures that they put in place. So we could see what was coming on the horizon, and we began to test that we could ourselves operate remotely.

And that was particularly important for our cybersecurity operations centre. We needed to make sure that my analysts could operate from home and that they had access to all the instrumentation and the next generation SIEM, which we use Exabeam for. And that was probably the most crucial element of pre-deployments, as I would call it if you like, into the home.

So we did a number of test exercises with the analysts working from home a couple of days a week, and we prepared gradually for that. And then we began to actually think about our community. And it was probably about a week before our university community sort of disappeared to work at home, and it became very important then at that point to ensure that we had good messaging in place and that they could see immediately that they would be getting regular bulletins from my team and actually had to become and operate in a cyber secure home.

So yeah, it was an incredible journey, but I think we were lucky in that we could see it coming.