Cybersecurity team cohesion in remote settings

[00:00:00] CS: These days, keeping your security IT or research team close when more of us than ever work remotely is a challenge. How do you keep team bonds strong when your main path of interaction is your tiny little colleagues trapped in little squares on a computer monitor?

Susan Morrow has been managing a remote team for almost two decades. She dispenses wisdom on coordinating schedules in multiple time zones, making sure everyone's moving toward the same goal while helping team members of all work styles to do and feel their best. Look up from your monitor to prevent eye fatigue. But look back here when you're done because it's another Cyber Work hack. 

[00:00:41] CS: Today's guest is InfoSec Resources Author, past Cyber Work guest, writer, researcher, speaker, and identity expert, Susan Morrow of Avoco Identity. Thanks to COVID changing technologies and employee dictates, remote teams are likely going to be on the menu for good. But Susan has had a remote team since most of us were still milling awkwardly around the microwave at lunchtime. So today, we are going to talk about some of her best advice for keeping a team of remote workers tight. Thank you for joining me, Susan.

[00:01:12] SM: Hi, hi. Yes. I've actually been working remotely and running remote teams for like 17 years. 

[00:01:18] CS: 17 years. Okay. 

[00:01:20] SM: Yes. I know, I know.

[00:01:22] CS: Yes. So where are your team members located, and what are their respective roles?

[00:01:27] SM: Yes. So, I mean, we're all over the UK. But I've also worked in multinational remote teams as well and also multiple console tier remote teams. Yes. So it isn't easy, and it sometimes goes wrong. So my – the thing that I found works best is to keep the team small and tight. Once you atomized teams, try to avoid the 40 people on a Zoom call situation.

[00:02:05] CS: Right, right. 

[00:02:07] SM: Keep teams tight. Atomize them. Keep them in sort of general areas where everybody is actually working on the same like general part of a project. Or you're bringing a guest speaker who is like sort of suddenly working on that particular part of the project but then might pop out again. So they might not be the in-and-out sort of thing.

[00:02:28] CS: So if you have to work with 40 employees on a team, you're saying sort of break them down into sort of smaller sub-teams so that you're not trying to sort of like herd a circus?

[00:02:39] SM: Yes. It would be like herding cats. It really would. Even when I've been in multi sort of play console tier teams, again, because we use [inaudible 00:02:49] in that situation. You do daily five-minute calls and weekly kind of like more catch – sort of like more in-depth calls. But still, the teams were tight and all working towards a particular aspect of a particular project. 

The project manager, obviously, plays a big part in making sure that these calls go well. I mean, I'm working on a sort of multi-remote in-different-country sort of teams at the minute. The only reason it works so well is because you've got a project manager who completely controls the call and who afterwards sends out a list of what decisions were made on the call, who's going to do what. It’s very tight. It's very structured. Yes. 

Of course, you need to also like – the trouble is with working on a remote team is, I’ve gone through years, especially with COVID now – I used to have regular meet-ups where we'll come together in one place and talk about various things. 

[00:03:54] CS: Throw things around, yes.  

[00:03:56] SM: But because COVID, we had several years where we didn't meet at all in face, face-to-face. To be honest, it hasn't made any difference.

[00:04:04] CS: I was just going to ask that. Yes, yes, yes, yes. Because you already had the muscles in place there. So a lot of us were learning this for the first time and – yes.

[00:04:12] SM: Yes. I mean, yes, you do miss people face-to-face. 

[00:04:14] CS: Of course. Oh, absolutely. Now, it’s almost more like a family reunion or something. So these are some of the things that have worked for you. Have you seen other things that didn't work as well in terms of like trying to keep a team together? Was there kind of like the fad of the week where it's like, “Well, if we all do this one thing, then it will keep the morale up.”?

[00:04:34] SM: Yes, yes, yes, yes. Pointless meetings. 

[00:04:38] CS: Yes, right. 

[00:04:38] SM: [inaudible 00:04:38] where a manager will come in to micromanage a team and say, “We have to have a meeting at such and such time, every Friday. They have them going by the wayside, and they don't really achieve anything.

[00:04:52] CS: No. They just want to make sure you're not wearing a bathrobe or something.

[00:04:57] SM: Also, some people just don't take to it, honestly. 

[00:05:03] CS: Oh, remote work you mean?

[00:05:04] SM: Yes. They just want to – younger people in particular, they find it – in my experience, right? This might not be true for, obviously, everybody. But I've had a lot of problems where younger people just, they can’t take it because they want that social connection. 

[00:05:19] CS: Yes, right. 

[00:05:20] SM: Yes. But it’s not fair on them because also oldies have our lives in place. You know what I mean? 

[00:05:26] CS: Yes. I have enough friends.

[00:05:30] SM: I remember my first job where I worked in a lab. I worked in a lab. I laughed more than I worked. We played. It was very inefficient in some ways when I think about it. We played together. We went out together. It was great fun, right? You're never going to replace that with the remote working.

[00:05:51] CS: Yes. I mean, I don't want to just leave that in the past. Do you have any suggestions for young people who are increasingly seeing like only remote options here? How else do you sort of keep morale up? Because I feel like in March, April 2020, there were a lot of virtual happy hours. They didn't last long because it didn't – it's still not the same thing but – yes. 

[00:06:15] SM: No. I mean, like the Zoom to school is fine. But it’s not – obviously, you do – I think if you can do have regular in-face meet-ups. You don't have to do it every week. 

[00:06:28] CS: Right. 

[00:06:29] SM: You don't have to. But every so often, have a meet-up, even if you – I mean, one of my friends at a big company, she has remote meetings with people all over the world. Yes. I know that they have regular – not every month perhaps but every sort of quarter. She'll fly over to the UK. She'll meet up with members of her little team. They will also bring a new – they'll have a sort of company-wide thing where they'll do it as a company-wide thing. 

So, again, they'll atomize, even in person. But then they'll expand out into like other teams. They'll have team meetings. They’ll have wider team meetings. They'll have company meetings. They will even have jollies as well. But then she hasn't – she worked for a very big company, and she manages to do it by like doing that. But it does mean that she has to travel now quite a bit.

[00:07:26] CS: Now, I want to wrap up, hopefully, with good advice here. For team leaders who are maybe worrying that their team is drifting away from them, either from a productivity standpoint or just from a morale standpoint. But they're not necessarily getting feedback from team members, and they don't want to just kind of crack the whip to shake things up. Do you have any tips for diagnosing or attempting to solve team drift like this?

[00:07:54] SM: Well, with – in development, it becomes pretty obvious pretty quickly when people are not uploading to GitHub, for example. When they start making repository entries. Or when you know you're up against a deadline, and they don't meet it, and they would normally. It's really obvious in development with stuff like that. That's always been my indicator. 

Making amends after that happens is much harder, how to bring them back into the fold. That's a bit hard, actually. It can be a real struggle. You have to see them face-to-face. You have to talk to them face-to-face. You can't do it. You can’t. I mean, you can try. But you're never going to get the same interaction, the same level of body language with people.

I'm sure that people don't reveal as much online as they would privately in person. [inaudible 00:08:57], there could be anything going on in their life that you don't know about, and you need to get to the bottom of it. You just need to find out what’s going on. They might be, they might just hate working for your company and then [inaudible 00:09:09]. 

[00:09:09] CS: Right, right. But you need to know that too, though. Yes. 

[00:09:12] SM: You need to know. Quite honestly, I think a private conversation is still needed in this day and age, one way or another.

[00:09:19] CS: Yes. All right. So this is all excellent advice. I hope team leaders are taking some notes here. Listeners who want to get more insights from Susan Morrow can find her articles over at resources@infosecinstitute.com. Listen to our past episodes of Cyber Work. But, Susan, where else can listeners find you?

[00:09:38] SM: They can find me on avocoidentity.com. That's the company I work for. LinkedIn, I'm on LinkedIn. Also, you can find me if you just do a general search. You can find me. I tend to write quite a lot for various organizations.

[00:09:58] CS: Well, Susan Morrow, thank you for all of your great rice today. I really appreciate it. 

[00:09:58] SM: Absolutely. Thanks, Chris. 

[00:10:02] CS: And thank you for watching this episode. If you got something useful out of it, please share it with a colleague, and maybe subscribe to our podcast feed and YouTube page while you're at it. You just type in Cyber Work on YouTube or in your podcast feed, and you're on your way. There's plenty more of them to come. So we will see you next time. Bye for now. 

[00:10:20] CS: Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12 most in-demand cybersecurity roles. I ask experts working in the field how to get hired and how to do the work of these security roles, so you can choose your study with confidence. I'll see you there.