Building a Distributed Security Team

Building a Distributed Security Team

September 21, 2023
Written by
Ed Bailey's Image

Ed Bailey is a passionate engineering advocate with more than 20 years of experience in i... Read Morenstrumenting a wide variety of applications, operating systems and hardware for operations and security observability. He has spent his career working to empower users with the ability to understand their technical environment and make the right data backed decisions quickly. Read Less

Categories: Learn

In this live stream, Cjapi’s James Curtis joins me to discuss the challenges of building a distributed global security team. Watch the full video or read on to learn about some hard-won examples of how to be successful with remote team building and management.

Talent is hard to find, and companies are hiring from all over the world to build the best teams possible, but this trend has a price. Traditional management processes don’t always transfer over to remote management — everything from building a culture to the basics around assigning, tracking, and measuring work needs adjustment.

Challenges to Building a Distributed Security Team

Team leads rarely have the experience or training necessary to handle the challenges of remote management, which can impact the effectiveness of teams and weaken an enterprise’s security posture. Here are some of the areas of difficulty they face.

Establishing a Culture

Every company has to decide on its approach to security. Enterprises subject to a lot of regulation tend to be more conservative — others, not so much. Whatever you decide, the way you intend to operate has to be clearly communicated across the organization.

Culture refers not only to the business as a whole, but to the culture of each individual and their respective countries. Expectations, working styles, and even how certain things are phrased can differ depending on each employee’s location.

Defining and Measuring Work

In an office setting, you know people are coming in at 9 am and leaving at 5 pm, so it’s easy to stop by someone’s desk or have check-in meetings — but with people all over the world, it can be hard to keep track of what work is getting done and when.

Coordination Between Individuals and Teams

If you’re not all sitting in the same office in the same city, traditional whiteboarding sessions aren’t possible, making collaboration challenging. Not only that, but people might be working at different times of the day depending on their time zone and the holidays or customs of their country.

There is also the popular misconception that security is just one team working amongst itself. But in reality, security is a collection of different groups — like red or blue teams, IR, SOC, and even lawyers. Coordination between all of them adds another layer of complexity that requires additional attention, especially since they often have different backgrounds and levels of technical knowledge.

Communication Is Key for Distributed Security Teams

Setting remote security teams up for success will depend heavily on how well you communicate. Consistently communicating standards and processes is just as important as building relationships with everyone who works for you. Small details like asking people to keep their cameras on during Zoom calls can make a big impact, especially since there’s a high probability that you’ll never physically meet some of your employees. It’s a strange thing to think about, but part of the new paradigm we all have to get used to.

Frequent 1-on-1’s with members of the team, group work sessions, or even team happy hours give individual contributors the sense of direction and feeling of community that’s baked into an office setting. If you’re hosting a happy hour or coffee meet-up, make sure it’s during business hours so people don’t feel obligated to spend their personal time at a work event.

Leverage Remote-Friendly Tools to Distribute and Manage Work

Deciding what kind of frameworks you’ll work with can have a big impact on the success of your team. Start by choosing whether you’ll operate in a task-based or service-based style, and if you’ll incorporate SRE frameworks or things like Agile or Waterfall. Ask for input from the team, try it out, and then adjust things if necessary.

Consider what would work best for your specific situation. For example, Agile might sound great, but if you’re not a dev shop or you start tying engineering work to it, things can get messy. Task-based work turned out to be the best option for me because it makes it easy to understand my team’s progress. Cloud-native collaboration tools like Confluence are also great, and they can give some much-needed flexibility.

Engagement tools like Slack and Microsoft Teams are also making distributed work much easier. Choose the one that your team can adopt with the least amount of friction so you can keep the lines of communication open as much as possible.

Success in remote leadership roles requires a different approach from what worked in the office. Watch the entire conversation on YouTube, and let me know what’s working for you in the comments or on Twitter. Be sure to get in touch with James at Cjapi if you need more help learning how to build good security teams from someone who has done it for groups in 10 different countries.


Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

Feature Image

How to Cut Through the Chaos of Custom App Log Management

Read More
Feature Image

Cribl’s Blueprint for Secure Software Development

Read More
Feature Image

Calling All MSSP’s and MDR’s! Cribl.Cloud is Here for You!

Read More

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.


So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?