Building Great Security Teams in the New Normal, Insights from Black Hat Asia 2022

Introduction

The COVID-19 pandemic accelerated digital transformation in a way few could have predicted. Organizations across the globe, including those in Asia, had to rapidly adapt to new work models and security demands. A now-familiar meme asks, “Who led the digital transformation of your company? A) CEO, B) CTO, or C) COVID-19,” highlighting how the pandemic forced a rapid evolution of business practices.

As we settle into a “new normal,” security teams face unprecedented challenges—and opportunities. At Black Hat Asia 2022, one key discussion revolved around how to build great security teams that are resilient, agile, and prepared to tackle today’s ever-changing threat landscape. Below are the main insights and best practices shared.

The Global Shift in Work Trends

Data from across the world, including Singapore, show a permanent shift toward remote and hybrid work. While Singapore’s office attendance patterns have rebounded somewhat, remote work remains a substantial part of the workforce strategy. Globally, many organizations have adopted flexible policies that accommodate health concerns, personal preferences, and efficiency gains.

Key takeaway:

• Hybrid work is here to stay. Security strategies must adapt to protect distributed teams, cloud-based services, and devices outside traditional corporate perimeters.

Evolving Talent Needs: The Post-COVID-19 Scenario

A McKinsey & Company analysis points to shifting occupational demands worldwide. In the post-COVID-19 era, the need for STEM professionals (including cybersecurity experts) is on the rise, while certain other roles are declining or undergoing transformation. Security teams must therefore: 1. Recruit and retain top security talent amidst increased competition. 2. Upskill existing employees to handle more specialized or emerging areas (e.g., cloud security, DevSecOps, threat intelligence). 3. Offer flexible career paths that attract diverse backgrounds and skill sets.

Key takeaway:

• Continuous learning and upskilling are crucial. Security leaders should proactively invest in training programs to ensure their teams remain ahead of evolving threats.

Rethinking Organizational Structures

Traditionally, security leadership centers on a Chief Information Security Officer (CISO) who oversees several core functions: • GRC (Governance, Risk, and Compliance) • IT (Infrastructure and Operations) • Security Operations • Architecture • Security Engineering

Under this structure, organizations can leverage Managed Security Service Providers (MSSPs), virtual CISOs (vCISOs), or freelancers to fill gaps or provide specialized expertise. This hybrid approach helps maintain robust security coverage without necessarily growing the internal team beyond capacity.

Key takeaway:

• Hybrid staffing models allow for flexibility. Consider mixing full-time staff with contracted experts, MSSPs, or vCISOs to optimize budget and expand capabilities quickly.

The Hybrid Staffing Model

The pandemic has taught us that work can be done effectively from anywhere. Security teams are increasingly global, employing: • Gig workers for specialized short-term projects • Contractors or freelancers to scale up quickly • vCISOs to gain executive-level security guidance without a full-time hire • MSSPs for continuous monitoring and specialized threat intelligence

This model can be local, regional, or global. Factors like time zones, legal requirements, and data sovereignty must be carefully considered.

Key takeaway:

• Hybrid staffing provides agility. It’s an effective way to tap into broader talent pools while managing costs and ensuring continuous security coverage.

Three-Hour Regional Team and “Follow the Sun”

Security is a 24/7 responsibility. Threats do not respect time zones. The “Three-Hour Regional Team” concept involves structuring teams so that no single member works in isolation for an entire shift. Instead, responsibilities roll from one region to another, ensuring fresh eyes and constant vigilance.

Follow the Sun is a broader approach where major security operations centers (SOCs) or teams in different time zones hand off responsibilities in real-time. For example: • Vancouver / Los Angeles • United Kingdom / Portugal • Singapore

This ensures continuous incident response and minimal fatigue, leveraging regional expertise around the clock.

Key takeaway:

• Global coverage can dramatically reduce response times and incident impact. Effective handoff processes and clear communication are critical to making this model work.

Building and Retaining a High-Performing Security Team

1. Recruit Strategically: Look beyond traditional IT or cybersecurity backgrounds. Professionals with diverse skills (e.g., data science, behavioral analytics, or communications) can bring fresh perspectives.
2. Train Continuously: Cyber threats evolve quickly. Provide ongoing training (SANS courses, certifications like CISSP, OSCP, etc.) to keep skills current.
3. Retain Talent: Offer career development paths, mentoring, and leadership opportunities. Culture matters—promote collaboration, recognition, and work-life balance.
4. Leverage Technology: Automate routine tasks so that analysts can focus on higher-value activities. Tools like SIEM, SOAR, and AI-driven threat detection help teams stay ahead of the curve.
5. Foster a Security Culture: Security is everyone’s responsibility. Encourage cross-department collaboration and ensure that security best practices are understood organization-wide.

Risks and Considerations

• Legal and Regulatory: Different countries have varying laws on data privacy and breach disclosure. A global security team must navigate these carefully. • Communication Gaps: Time zones and cultural differences can lead to misunderstandings. Invest in robust communication tools and protocols. • Resource Allocation: Balancing internal staff and external providers requires clear definitions of ownership, accountability, and escalation paths.

Value Propositions of a Modern Security Team

• Scalability: Hybrid models allow organizations to quickly ramp up or down. • Cost-Efficiency: Outsourcing certain functions can be more cost-effective than maintaining large in-house teams. • Expertise Diversity: Specialists from around the world bring varied experiences and insights. • Reduced Response Times: A follow-the-sun approach ensures round-the-clock monitoring and incident response.

Conclusion

In the wake of COVID-19, organizations have embraced a new normal that includes remote work, hybrid staffing, and 24/7 global collaboration. The pandemic may have accelerated the digital transformation, but it also created opportunities for security teams to reinvent themselves. By leveraging hybrid models, continuous training, and global collaboration, security leaders can build resilient, innovative teams that protect their organizations in an ever-evolving threat landscape.

Black Hat Asia 2022 highlighted that the key to building a great security team lies in flexibility, global mindset, and ongoing skill development. Whether through partnerships with MSSPs, freelance experts, or a geographically distributed in-house staff, the future of security depends on embracing new ways of working—because, in this new normal, agility is everything.