The world has been slowly but surely moving towards making remote working a new norm for a while now. For example, Workplace Group found that over 50% of their survey responders work remotely at least a couple of days a week. What’s more, the vast majority of employees said that they would prefer a job offer that allowed working remotely, as long as other conditions were similar. In fact, according to Workplace Group, only 20% of people don’t care about the ability to work from home.
Other studies suggested that working remotely generally improves productivity, concentration, and overall efficiency. But all of these factors take a back seat in modern reality, as the 2020 Covid-19 outbreak is taking place. Simply put, for a lot of us working remotely is the only option.
And, for cybersecurity researchers, being able to stay on top of the job tasks while away from the office is especially crucial. After all, most if not all threat actors have been working remotely all their carriers anyway, and they know how to be good at it.
Keeping this in mind, let’s take a closer look at how to work away from the office as a cybersecurity researcher without letting efficiency and security take any hits.
How to work remotely?
One thing we can say for sure is that working from home requires a slightly different mindset. Since you won’t find your boss checking up on you every minute and making sure that everyone is, indeed, working, remote work requires more discipline and self-motivation. However, on the bright side of the coin, you will also find yourself with more free time since there are fewer social coffee breaks and fewer opportunities for office banter. This is exactly what drives productivity up.
Thankfully for us, cybersecurity jobs have always been among the few positions that offer great flexibility in terms of working arrangements. There aren’t many reasons for a security professional to work from company headquarters since most tasks can just as well be completed remotely.
Of course, it’s not to say that there aren’t advantage to working on the sight: sometimes it’s just easier to teach new employees or simply troubleshoot when you can talk face to face. However, there are tools that help minimize the negatives and we will come back to this point later.
For now, let us reiterate: as security researchers we are lucky to have ample remote-working jobs available from a lot of top-level employees. In fact, while in most other fields people risk losing jobs due to the crisis which goes hand-in-hand with the pandemic, demand for cybersecurity professionals may increase with the number of threat actors, trying to take advantage of the confusion caused by the pandemic.
Here is a list of jobs in cybersecurity that can take advantage of remote working possibilities:
Cybersecurity analyst is a person that, as the name suggest, analysis corporate security measures as well as potential threats. Among the responsibilities of a Cybersecurity, an analyst is finding and fixing weaknesses in the company’s cyber defense, teaching other employees about online-safety, running security assessments, and more. A typical salary of security analysis is around 98,000 USD.
The job of a penetration tester is to take the safety measures that cybersecurity analysts and other team-members put in place and completely destroy them, if at all possible. It is a fun job, that’s for sure. Basically, penetration testers are legal hackers that stress test the security of an organization and help identify any weaknesses. Knowledge of Ruby, Java, and Python is part of the skill set that is commonly required to land this job. Penetration Testers can expect a salary of 60,000 to over 100,000 USD.
Security engineers are in charge of implementing an extra safety layer in the defense protocols of a company by creating programs that automatically detect and log successful or unsuccessful security breaches and attacks on the company infrastructure. This job requires total knowledge of existing threats, a deep understanding of PowerShell and other programming languages that the company in question uses, and the ability to work via the command-line interface, as well as though knowledge of common operating systems. The typical pay for this job anywhere from 70,000 to 140,000 USD.
This is the only job on the list that does not have actual coding and defense implementation indirect responsibilities. Instead, instructors are required to teach new members of the cybersecurity team how to deal with constantly emerging threats. This job requires not only experience and education in programming or the online-security field but also actual teaching experience. The pay for this job ranges from 70,000 to about 100,000 USD.
Things to prepare for effective remote working.
Whichever profession an employee has, several general things need to be arranged to make the transition to remote work as painless as possible and ensure that the cybersecurity team stays organized and focused while working from home. Here are the main things:
- Make sure that employees have sufficient hardware and software: obviously, in the case of cybersecurity working from a home laptop is unsafe and creates potential hazards for both, the company and the worker. So it’s important to make sure that employees have dedicated machines and that those machines have all needed software: a kanban-list, messengers, and so on. Also, the company needs to supply home-workers with quality headsets. Without good audio, everyone will regret the decision to work remotely very soon, trust us on this one.
- Work out all connectivity problems: not only do remote workers need to have a reliable and fast internet connection to avoid appearing as a bunch of laggy pixels on team meetings, but this connection also needs to be secure. According to a study by ESET, over 15% of home routers have vulnerabilities. Companies need to supply instructions on how to set up a safe connection and maintain security. Though, if a cybersecurity specialist does not understand this, maybe your company should reevaluate its hiring policy 🙂
- Set an overlapping working time for all employees: working from home does not mean working whenever people fancy to get something done. The working schedules of all team members should overlap by at least 6 hours, they should be hard-set and people are expected to be always available. Not necessarily answer immediately in chat, but be ready to set up a meeting with their superiors during their working hours.
- Don’t control time, control tasks: one advantage of working from home is increased productivity. So, even if employees take a few extra minutes on lunch breaks, does it really matter as long as work is getting done equally well or better? Actually, team leaders need to adjust to the fact that they don’t really have effective ways to control how long people spend actually working. So, productivity needs to be controlled in terms of completed tasks, rather than time logged completing them.
- Make sure that everyone is in sync: gather the team, remotely or in person, and explain how the processes of remote-work will be set up. Explain security protocols, how people should stay online, and what time of leaving messages unanswered is acceptable. Go over things like notifying others that you are on a lunch break and using correct chat statuses, so that other team members can always check that a person is away or busy at the moment. Ideally, create and carry out a short test to make sure that everybody understands all the important points.
Working remotely in practice
As we have already mentioned above, working remotely requires a slightly different mindset, and, maybe even a different skill set. While it is true that in our field we don’t absolutely have to be in the office to do our job, sometimes it’s just easier to walk five feet to your right and glance at the monitor of a more experienced colleague to see what they are doing or tug the team leader on the shoulder to grab their attention.
You can’t do that when working from home. Anyway, not until VR technologies are completely entering our lives.
The point is, there are things that are limiting about remote-work, and especially for those that are new on the job, they can make even simple tasks more complicated than they have to be. Thankfully, there are tools designed specifically to smooth this part out.
In ANY.RUN, we try to help distributed teams work on goals with maximal efficiency. Particularly, we developed a feature that we call TeamWork. This is a function of our service that allows a team to work on a task together and view what tasks were launched by each team member.
A big advantage of TeamWork is that it allows connecting accounts of all teams in any group. This means that free accounts can join corporate accounts in a single environment, making our remote working service very accessible.
What’s more, recently we’ve added the functionality to manage licenses and assign them to accounts. For instance, a company may buy multiple licenses and distribute them to their employees. If somebody becomes unavailable their license can be revoked from that person’s account and reassigned to another one. A great way to manage dynamically changing teams.
Of course, TeamWork allows team leaders to assign and control tasks and helps researchers stay in the loop and see what everybody else is working on at the moment. This is a good way to coordinate efforts and reach results faster and, additionally, can be used to train new staff in real-time.
Note, that only users with Hunter accounts can create groups, but anybody can join a group to work on common goals and shared researches — all one needs to do is sign up in the service, which is free and barely takes a couple of minutes. Groups can be created from the “My Team” tab in the profile menu. Also, groups can be toggled to open and closed. In open groups, all members can see all tasks, while in closed groups only the team leader can see and manage created tasks.
Whether we like it or not, remote jobs are the future. Probably not just for the cybersecurity industry, but for the world in general. Being able to adapt to this lifestyle of working and living in the same place is extremely important, especially as the pandemic is taking place.
While many companies and people were slowly transitioning to remote work, and even regularly working from home on the odd day of the week, nature decided that this transition will be much more abrupt. In 2020, most of us living in the USA, UK, Italy, Spain, and other countries weren’t given a choice whether to work from home or not due to quarantine and isolation requirements.
Thankfully, jobs in cybersecurity don’t require employees to be on location to work effectively and remote working tools such as ANY.RUN‘s TeamWork feature help preserves the collective thinking approach, giving multiple people the ability to focus and coordinate efforts while concentrating on a single task.