EDUCAUSE 2023: Managing a Remote Higher Ed Cybersecurity Team

Thompson noted that challenges still exist with flexible work policies, such as managing on-campus parking costs and space considerations. However, the survey indicated that when it comes to remote work, the opportunities outweigh the challenges, she said.

How the University of Illinois Manages a Remote Cybersecurity Staff 

Managing remote employees is one thing, but having a cybersecurity staff working offsite poses its own unique challenges. Taylor Judd, director of information security at UIUC, said the university received additional cybersecurity funding, which raised the team’s headcount from 14 to 50. Adding staff means that collaboration and transparency among the team members and other departments is more important than ever — and that can be challenging by the very nature of cybersecurity roles, Judd said.

“We as cybersecurity professionals tend to be very secretive,” he said. “We very intentionally tried to break out of that mold, especially as a remote team. We have been very intentional about reaching out, developing processes and standards. The need for collaborative projects is even more important in a remote work environment. How are you connected to your data center people? How are you connected to help desks? How are you connecting to your networking team?”

DISCOVER: Find out how a modernized digital experience can improve hybrid work.

Rather than focusing on whether employees are productive at all hours of the workday, Judd said leaders should focus on what matters to them as an organization. For him, it’s customer service.

“Are tickets not just being closed, but are they being closed in a timely fashion?” Judd said. “I honestly don’t care if a ticket is closed every day or not. What I do care about is if it’s been open for two weeks or longer and nobody has responded to it, because that’s a customer service loss.”

Using data to track performance can help identify gaps in coverage and productivity, and staying in constant communication with all team members ensures that managers do not lose track of the projects everyone is working on.

The cybersecurity team also embarked on a three-month pilot of a 4/10 work schedule, where employees worked four days a week for 10 hours a day. A survey after the pilot revealed that the schedule resulted in a 46 percent improvement in throughput, and employees reported better work-life balance and overall job satisfaction, Judd said.

Managing Cybersecurity Incidents While Working Remotely

The day-to-day work of a remote IT employee can be monitored and tracked using data and communication tools, but cyber incidents can be complicated to manage offsite for those in cybersecurity roles.

The first step, Judd said, is to make sure your incident response plan is up to date. The UIUC team developed a guidebook on handling cybersecurity incidents remotely.

“My team has done a fantastic job over the last few years of developing dozens of playbooks to handle very specific incidents,” he said. “What we didn’t have was a broader guidebook. What are we doing from a management structure? How are we running an incident remotely? We had other processes, but they were largely built around the historical incident management process, not one built around a remote incident management process.”

Remote cybersecurity teams should also have a plan for off-band communication in case a security breach renders the usual collaboration tools not appropriate. Regular engagement with vendors, emergency planning offices and law enforcement can also ensure that if a cyber incident occurs, remote teams are prepared to communicate with the proper authorities.

Teams should also regularly practice their incident response plans and be prepared to be onsite when needed, Judd said.

He outlined a security incident that the cybersecurity team was able to remediate remotely, using endpoint detection and response tools to identify and stop the attacker before a major breach occurred. In this instance, vendor partnerships and the compromised unit’s IT support team were crucial in allowing the incident response team to shut down the attacker without being onsite.

“It makes a lot of sense when you think about it,” Judd said. “Our attackers are remote. Why can we not defend remotely?”

Keep up with EdTech: Focus on Higher Education’s coverage on our EDUCAUSE event page and via X (formerly Twitter).