Are you confident in the security of your work-from-home environment?

LeadershipSecurity & GRC
2.2k viewscircle icon2 Upvotescircle icon6 Comments
Sort by:
Managing Partner, Partnerships & Strategy in Software5 years ago

No. I believe no one should be confident. Covid has accelerated WFH and introduced the challenge of securing not just one or few offices, but potentially thousands. As we’ve seen with recent hacks (SolarWi, Microsoft Exchange, FireEye, Facebook) the frequency and severity of attacks seems to have increased of late. With the increasing use of cloud services and various different devices, there just seems to be more points of weakness attackers could exploit, not just at the end point but throughout the software supply chain.

Lightbulb on5 circle icon1 Reply
no title5 years ago

Well said Jay.  In addition to securing networks and endpoints, user training is vital for mitigating intrusion and data loss risks.

Fractional CIO in Services (non-Government)5 years ago

Comfortable, but not over confident

Lightbulb on2
President and National Managing Principal in Software5 years ago

We're professional services. We've got one corporate office and then 200 people that went onsite to clients. We were pretty well remote-friendly, anyway. We're loaded up with security software (Zscaler, Netskope, CrowdStrike, etc.). Got a cocktail right, all loaded up on the laptop.

Lightbulb on1 circle icon1 Reply
no title5 years ago

I have had CIOs express the need to secure their execs' home offices and I'm like, why just the execs? Who cares? It should be everybody. You should have a solid security solution rolled out everywhere. And I already know they have all these tools like Zscaler, but they're worried about the home internet connections as well. It's a toss-up.

Lightbulb on1
Sr. Director of Security Engineering in Software5 years ago

I actually feel good about it. I'm not all that worried about it right now, to be honest. There is always room to improve and iterate, but I feel like we have a strong foundation.

Content you might like

What is the best work travel advice you’ve ever been given?

Read More Comments

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models.  Scope includes Environment Setup:  Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation.  Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

Which of these areas are you targeting for funding increases in your 2026 cybersecurity budget? (Choose all applicable)

Threat detection & response 50%

Identity & access management 61%

Cloud security 48%

Security awareness training 30%

Other 2%

N/A

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

Do you agree with the following statement? I have implemented new systems or technologies to compensate for hiring challenges at my organization this year.

Strongly Agree8%

Agree60%

Neither Agree nor Disagree20%

Disagree10%

Strongly Disagree1%

View Results