Keeping Remote Security Teams Engaged

COVID-19 has increased the prevalence of working remotely, both full-time and part-time.  Keeping remote security teams engaged is a daunting task.  Employees and leaders face new challenges when adjusting to remote work, tracking work, or managing the people performing the work. Traditional managers may struggle to adapt from a pre-pandemic, in-person, ‘brick-and-mortar’, management style, towards a decentralized approach where work is remotely overseen.

This article addresses the unique challenges and offers effective strategies for managing a successful remote security team.  The strategies outlined in this paper discuss the post-pandemic paradigm shift in ‘How We Work,’ and offer practical solutions to adapt & overcome.

The Challenge of a Remote Workforce in Security

When managing security teams, remote employee engagement presents unique challenges. Compared with traditional remote workers, remote security team employees perform less task-based operations.

Let’s take the example of medical transcription, which was commonly performed as remote work before the COVID-19 pandemic. In this instance, maintaining and monitoring remote employee engagement is relatively straightforward. Employees work from an assignment queue to meet a quota.

In contrast, a security team is assigned to a task such as “assess the security of application X.” This sort of assessment involves several subtasks. Particularly outside the socially connected office environment, individuals may struggle to ascertain where to start and what to do next.

With this in mind, this article will discuss some key strategies for maintaining employee engagement.

Strategies to Keep Remote Employees Engaged

The remainder of this paper will expand upon the following strategies for keeping remote workers engaged:

• Daily team meetings: embrace the small talk
• Using agendas in team leader one-on-ones
• Addressing problems at home
• The advantages of ticketing software
• Getting more granular in tickets

Daily team meetings: embrace the small talk

It’s important not to underestimate the value of human interaction to employee engagement and the employee experience. Holding daily team standups through video conferencing ensures better personal connection as faces can be seen, and managers can monitor those who seem disconnected or distracted.

In traditional in-person team meetings, banter outside of the purpose of the meeting is generally not considered productive. However, this kind of banter is great for team building when it comes to remote team members. Such small talk supports a sense of personal connectedness and connection otherwise absent for remote employees.

While it is important for HR reasons to maintain a certain level of professionalism in remote team meetings, small talk contributes positively to the employee experience and helps keep remote employees engaged. Consider reserving the first few minutes of video calls for impersonal but casual discussion of current events, entertainment, and the like.

What is a proper dress code for video conferencing?

The dress code expectations for video conferencing vary among companies. While a particular dress code isn’t necessary, it’s likely best to discourage employees from wearing sleeping or workout clothes to remote team meetings. The difference between working at home and just hanging out at home can easily be signaled with a casual polo shirt and slacks or jeans. Studies show that people feel more productive while wearing business appropriate attire.

Daily standups over video conferencing are a great way to maintain company culture and keep remote workers accountable. It’s unlikely an employee will want to be the only team member seen still in their pajamas on the morning video call.

Getting personal: being open about problems at home

When managing a remote team, a team leader must make time for one-on-one discussion with remote workers. Remote work environments can be isolating, and with the constraints and etiquette of video conferencing, remote employees may lack an outlet for discussion personal challenges and concerns.

Obviously, a security team leader is not a therapist. But a simple check-in of “Hey, how are you doing? Are you doing okay at home?” goes a long way to improving employee satisfaction and supporting employee engagement. When remote employees feel that their team leadership cares for their well-being, this leads to more productive employees.

Furthermore, inquiring gently about a remote worker’s personal circumstances can help a team leader identify issues that are likely to affect employee productivity. These conversations are best kept as a “say what you need to say, no judgment” sort of engagement.

Use Agendas

Of course, one-on-one sessions with team leaders should discuss team progress, task assignments, and expectations. While they can be casual, these chat sessions benefit from a written plan so that the employee is prepared to brief the team leader on the expected activities. As discussed above, the agenda should make room for personal connection.

These one-on-one video calls are best held at least weekly but can be held as often as necessary to ensure team progress. For new employees or employees new to remote work, daily 30-minute sessions can help establish and maintain a pattern of productive engagement and employee satisfaction.

The benefits of ticketing software

Ticketing software is not always the most popular among those attracted to information security. The typical security team employee is like being more of the “how can I break this?” type, given to out-of-the-box thinking. This type often views ticketing software as a constraining obstacle to creativity.

However, when measuring remote employee engagement and monitoring employee productivity, working from tickets offers many benefits. Compared with requests for a daily status email, ticketing software can be used effectively to keep remote workers engaged without putting workers “in a box” or stifling creativity.

Get more granular in tickets

So how can ticketing software be used effectively for remote security teams? One important strategy is to make tickets more granular than you would for a traditional in-person team.

Let’s consider the example of a ticket for “scan the web application for vulnerabilities.” To break this down to a more granular level, team leadership could create the following tickets:

• Scan the web application using Acunetix
• Perform a site spidering operation using Burp Suite
• Document all form fields found in Burp Suite scan
• Perform manual validation of Acunetix findings
• Write an executive summary
• Compile a findings report

“child tickets” can be created and linked to the overall ticket within many ticketing software products. Breaking tickets down to more granular tasks takes more time on team leadership. But the advantage is that this strategy is more likely to keep remote employees engaged because remote employees are more likely to start a task when they know they can finish it efficiently. Using granular tickets also supports monitoring a remote workforce or issues in employee engagement.

Red / Blue / Purple Team Engagements

It’s relatively easy to facilitate engagement with Blue and Red teams working remotely. Rooms within video conferencing software such as Zoom can be left open all day, giving analysts the ability to pop in and out throughout the day as they need to. They can then create breakout rooms for virtual team meetings as required.

Facilitating virtual team engagement can be more of a challenge as such teams don’t typically work together daily. Collaboration tools that offer breakout rooms can help facilitate this engagement. Breakout rooms involve fewer people interacting in smaller video chats. For this to be effective, a facilitator needs to create breakout rooms and assign personnel to them.

Conclusion

Keeping employees engaged in a geographically distributed team is an ongoing challenge.  Doing so while maintaining security levels is challenging. With any remote staff, the key to effective project management is to help remote workers stay connected and create opportunities for the whole team to maintain a sense of shared company goals and social connection.