Preview Mode Links will not work in preview mode

Defense in Depth

Jan 9, 2020

Links and images for this episode can be found on CISO Series (

Could you be successful with a fully virtual InfoSec team? Many say it can't be done, while some have actually done it and been successful.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Kathy Wang, former CISO, GitLab.

Thanks to this week’s podcast sponsor, Pulse Secure.

Pulse Secure

Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world. Over 20,000 enterprises entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.

On this episode of Defense in Depth, you’ll learn:

  • A fully remote team is possible. Our guest was formerly the CISO of GitHub which is a fully remote organization so the concept of remote work was built into the company's DNA.
  • Two of the most important factors to great remote success are each individual's willingness to over communicate and never be afraid to escalate an issue.
  • Not surprisingly, remote work requires top-down support and it starts at the point of hiring.
  • Trust is a two-way street in remote work.
  • Under the umbrella of "over communicating" is documenting everything.
  • Huge benefit of having a remote team is you are no longer competing with location-based hiring. There are talented people all over the world.
  • With your staff living all over the world, you in effect create a 24/7 office network with everyone operating in different time zones.
  • A fully virtual company is perfect for cloud native companies.
  • It can be very costly to place a person physically on site.
  • Saving money is a great side effect of remote staffing.
  • Make sure to have in-person team building events. Kathy does one to two a year and tries to make sure one of them coincides with a big security event like DEFCON, RSA, or Black Hat.
  • One unforeseen benefit of remote work is that you're always able to start meetings on time. Problem with in-person meetings is you're often waiting for another meeting to finish in a room so you can start your meeting.