Oct 12 2023
Digital Workspace

EDUCAUSE 2023: Managing a Remote Higher Ed Cybersecurity Team

The University of Illinois Urbana-Champaign shares the unique challenges in establishing flexible work policies for cybersecurity staff. 

Before the COVID-19 pandemic, remote work was not the norm in higher education. However, once institutions realized that remote and flexible work policies were not only possible but also offered several advantages — from improved productivity to talent recruitment and retention benefits — many embraced it.

At the 2023 EDUCAUSE conference in Chicago, a panel of cybersecurity staff members from the University of Illinois Urbana-Champaign spoke about their team’s willingness to embrace a hybrid and flexible work model.

UIUC surveyed IT employees in July 2022 to investigate the scope, opportunities and challenges associated with remote work among the university’s IT staff. The survey revealed that 88 percent of respondents were already working in hybrid or remote capacities.

“The other interesting thing was the overwhelming support for remote and hybrid work among supervisors,” said Sandra Thompson, assistant director of cybersecurity program administration for UIUC. “Ninety-eight percent said they supported it, and the most common comment was that there was no reason not to support it. Their employees were happy, and productivity did not go down.”

Click the banner below to learn how to modernize your hybrid employees’ digital experience.

Thompson noted that challenges still exist with flexible work policies, such as managing on-campus parking costs and space considerations. However, the survey indicated that when it comes to remote work, the opportunities outweigh the challenges, she said.

How the University of Illinois Manages a Remote Cybersecurity Staff 

Managing remote employees is one thing, but having a cybersecurity staff working offsite poses its own unique challenges. Taylor Judd, director of information security at UIUC, said the university received additional cybersecurity funding, which raised the team’s headcount from 14 to 50. Adding staff means that collaboration and transparency among the team members and other departments is more important than ever — and that can be challenging by the very nature of cybersecurity roles, Judd said.

“We as cybersecurity professionals tend to be very secretive,” he said. “We very intentionally tried to break out of that mold, especially as a remote team. We have been very intentional about reaching out, developing processes and standards. The need for collaborative projects is even more important in a remote work environment. How are you connected to your data center people? How are you connected to help desks? How are you connecting to your networking team?”

DISCOVER: Find out how a modernized digital experience can improve hybrid work.

Rather than focusing on whether employees are productive at all hours of the workday, Judd said leaders should focus on what matters to them as an organization. For him, it’s customer service.

“Are tickets not just being closed, but are they being closed in a timely fashion?” Judd said. “I honestly don’t care if a ticket is closed every day or not. What I do care about is if it’s been open for two weeks or longer and nobody has responded to it, because that’s a customer service loss.”

Using data to track performance can help identify gaps in coverage and productivity, and staying in constant communication with all team members ensures that managers do not lose track of the projects everyone is working on.

The cybersecurity team also embarked on a three-month pilot of a 4/10 work schedule, where employees worked four days a week for 10 hours a day. A survey after the pilot revealed that the schedule resulted in a 46 percent improvement in throughput, and employees reported better work-life balance and overall job satisfaction, Judd said.

Digital experience campaign CTA


Managing Cybersecurity Incidents While Working Remotely

The day-to-day work of a remote IT employee can be monitored and tracked using data and communication tools, but cyber incidents can be complicated to manage offsite for those in cybersecurity roles.

The first step, Judd said, is to make sure your incident response plan is up to date. The UIUC team developed a guidebook on handling cybersecurity incidents remotely.

“My team has done a fantastic job over the last few years of developing dozens of playbooks to handle very specific incidents,” he said. “What we didn’t have was a broader guidebook. What are we doing from a management structure? How are we running an incident remotely? We had other processes, but they were largely built around the historical incident management process, not one built around a remote incident management process.”

taylor judd
It makes a lot of sense when you think about it. Our attackers are remote. Why can we not defend remotely?”

Taylor Judd Director of Information Security, UIUC

Remote cybersecurity teams should also have a plan for off-band communication in case a security breach renders the usual collaboration tools not appropriate. Regular engagement with vendors, emergency planning offices and law enforcement can also ensure that if a cyber incident occurs, remote teams are prepared to communicate with the proper authorities.

Teams should also regularly practice their incident response plans and be prepared to be onsite when needed, Judd said.

He outlined a security incident that the cybersecurity team was able to remediate remotely, using endpoint detection and response tools to identify and stop the attacker before a major breach occurred. In this instance, vendor partnerships and the compromised unit’s IT support team were crucial in allowing the incident response team to shut down the attacker without being onsite.

“It makes a lot of sense when you think about it,” Judd said. “Our attackers are remote. Why can we not defend remotely?”

Keep up with EdTech: Focus on Higher Education’s coverage on our EDUCAUSE event page and via X (formerly Twitter).

Getty: Adobest, Jacob Ammentorp Lund, SDI Productions, bernardbodo

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT