Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track

Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders

Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders

In the Spring of 2020, COVID-19 hit home for most Americans. At that point, we went from hearing whispers about an overseas virus to knowing we were dealing with a deadly pandemic steadily making its way to the United States.

Despite decades of growth in remote work, everyone in the cybersecurity space was instantly thrust into a new world, where nobody had an office and where few of us were going to share a workspace for the foreseeable future. This presented challenges for everyone, regardless of title or role. 

As intelligence is very much a service, and intelligence processes are often shared between teammates, we all knew we were going to have to adapt and overcome to be successful in the “new normal,” which has now lasted for longer than anyone anticipated. Now, roughly nine months later, I thought it would be a good time to talk about some of the lessons learned from this past year and what we might be able to take with us going forward.

Communication Has Taken on New Meaning

We here so much about the “value of communication” in our personal and professional relationships that as a phrase, it has almost become cliché. As a result, many of us do not really consider what we mean by “communication,” which is not just talking and hearing. In a world where none of us can be in rooms together, the value of communication has become magnified. What I’ve learned during the pandemic is that to communicate effectively and efficiently, multiple comms avenues need to be kept open and some structure need to be placed around times when communication is required. Be we have to balance this and also not turn remote work into a world where everyone must be available 24/7. People still need to be able to shut off work as well.

For my team, this means a few dedicated Slack channels for specific purposes and a couple meetings per week with specific agendas and goals. Beyond that, and perhaps most importantly, I have a weekly 1-on-1 meeting with every member of my team. This was a learning experience for me, to be honest. I thought that would be too much for many people, but my team requested we have these … and I am so thankful they did. With the running communications of Slack, the formal communication of structured meetings, and everyone on the team having a slot each week that is 100 percent dedicated to their needs, I am able to remain confident that everyone on our team can be heard and feel connected despite our distances.

One additional item we added is a monthly virtual happy hour. This is a chance for everyone to get together on Zoom, eat some good food (at company expense), and talk about ANYTHING but work. This is not a mandatory event and we make sure this is never a work meeting. But we want to do what we can to stay connected on a human level with our teammates. This is good for the heart and soul, especially in times of rigid lockdowns like we are seeing in parts of the world.

Empathy is Key

While having communication structures in place is vital to success in a world of forced isolation, I do not believe there is much value unless leaders care about their people and are able to express that concern in authentic ways. This may be the biggest challenge for some leaders, especially those who struggle with emotional intelligence (EQ).

Unlike in the “normal” world where people may be in offices together and have regular opportunities to witness the subtle signs of trouble, there is none of that in the remote world. Leaders must take the extra time to consider the impact that this deadly pandemic, lockdowns, budget cuts, and isolation is having on their teams. I also think this has been an excellent opportunity to reconsider the value of old norms, like dress codes, schedules, and meeting protocols. Our people are trying to do their jobs while also suddenly being full-time teachers for their kids, raising pets, managing home improvements, fielding deliveries of food and other supplies, gauging medical risks, and being overwhelmed by a world that is nothing like they imagined it would be. In that light, when a dog barks or a baby cries on a Zoom call, it is not a big deal. I hope 2020 taught us to see the humanity in our teams, acknowledge it, and make sure they all know that it is OK to be a person instead of just a “human resource.”

Personally, I have made extra effort in this new world to be more openly human myself. I acknowledge days when my energy is low because the world weighs heavy. I have talked about the challenges of moving from a life of significant travel to being nearly 100 percent grounded. I do not do this to burden the team or make them my therapists, but to make it acceptable to share what is really going on in our lives as we adapt. If this means a project needs another day or two to get done, we find the time. If it means encouraging someone to take a mental day off or reminding them that just because the office is always 10 feet away does not mean I expect (or want) them spending more time in it. Leaders need to recognize these struggles and proactively address them. Otherwise, we risk losing people to disconnection and depression long before we will lose them to a competitive marketplace.

Adapting Strategies for Communication

One of the most important elements of effective intelligence programs — and the area where most organizations are most likely to fail — is planning and direction. Far too many organizations are still failing to develop intelligence requirements based on the needs of their stakeholders. This can happen due to a lack of understanding of the importance of these requirements or, nearly as often, a lack of access to the stakeholders needed for an intelligence team to understand the requirements. While the former has not changed much in a fully remote world, the latter certainly has.

What we lost in the ability to meet directly with people can be a benefit in a remote world where managers and leaders — who are often the stakeholders the intelligence team needs to talk to — are able to be more efficient. So, for companies trying to build new or mature existing intelligence programs, the Age of COVID has been an excellent time to capture 30-60 minutes with that hard-to-find manager to get needed input regarding how the business works and what their intelligence needs might be.

With Cloud-Based Tech, Continuity Can Be Maintained

You may have noticed that I waited until nearly the end of this article to talk about the actual work. This was intentional. To me, people matter more than projects. If we take care of our people, they will almost always take care of the mission. In an entirely remote world, I’ve learned to rely on this thinking even more. That said, we cannot ignore how remote work has impacted our ability to get things done. In intelligence, we must consider how complicated projects will be completed when people may not be able to collaborate as they did. Also, how do we deliver those vital intelligence products to the people who need them? SOCs and Fusion Centers are not always centralized. Leadership could be almost anywhere. And, in the worst-case scenarios, we still must be able to support incident response teams even though we cannot be in the room or side-by-side working on issues.

Thankfully, this may be the easiest transition from on-site to remote because we are working in a time where so many tools are already designed to help us collaborate regardless of location. 

What the Age of COVID highlighted to me was the importance of a systemic approach, where technologies like intelligence fed Threat Intelligence Platforms (TIP), Security Information and Event Management (SIEM), ticketing, and Security Operations and Response (SOAR) are all cloud-based and integrated. Additional dependencies on storage and collaboration in the cloud (hosted by trusted companies like Atlassian, Cisco, Google, Microsoft, and Zoom etc.) have ensured we can work on projects and talk through issues together.

While we’ve had to make some adjustments on what productivity looks like, and how to collaborate in day-to-day and ad-hoc cybersecurity work, we are lucky enough to work in an industry where the shift from the office to remote was well-supported by technologies most of us already owned.

The Way Ahead to Success

Eventually we will move beyond this pandemic, but what we return to may not be the “normal” we remember. Many companies are going to recognize there are significant cost savings associated with a remote workforce and reduced travel. There will also likely be some shifts in the employment landscape, as positions that were once geographically dependent move to more competitive markets. I would expect to see significant numbers of people leaving some of the more expensive US cities as people already living in less expensive places can compete for their roles at far lower labor rates.

In short, I think we will see some significant long-term impact from what we all learn in 2020 and 2021. But, with the leap forward on remote work, I think the teams that will thrive are those that are able to address the issues around communication and empathy. Because, while the technologies will certainly make us all equally (if not more) effective as we were in “the before time,” people are still the heart of intelligence teams. Those who do not focus on them, particularly in a market where the geographic barriers for competition are fading, may find they lack the people to succeed in a market that was already facing a talent shortage. Those who still do not believe in EQ or people-first models – who focus almost solely on the efficiency and cost-savings lessons of this pandemic – may have the hardest time adapting to the new normal.

RelatedHow to Build a Better Cyber Intelligence Team

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.