On Monday 16th March 2020, the Triskele Labs executive team made the decision to enforce Social Distancing to flatten the curve and help to reduce the spread of COVID-19. This included for the first time, running our Security Operations Centre 100% remotely from a dispersed location. Something we never thought would happen but we have done this to support our community.
This is something we have not seen before and something our Prime Minister calls a once in a 100-year event, it is something every business must be prepared for. When we made the decision, we immediately enacted our documented and tested BCP that is part of our ISO27001 certification and has been recently updated as part of our CREST SOC work. Who knows how long this is going to go on for and it is possible we will be running in this scenario for 6+ months and it could become the new social norm!
So; what did Triskele Labs do to ensure our customers are being supported and we seamlessly enacted our plan? We stayed calm and followed the process which for us includes:
Each morning, our Executive Team along with our SDMs hold a daily standup with each of our teams including Advisory, Penetration Testing and Security Operations. We cover what we did yesterday, what is planned for today and any roadblocks. All of these are done via Microsoft teams with webcams turned on to give some form of Social Interaction.
We are fortunate our SOC team are all in Melbourne with good Internet connectivity. Our team all work from home and during their shift handover, organise a teams call. This is joined by our team lead for morning and afternoon and led by the team for evening handover. All calls are recorded and our team leads review the evening calls the next day. Any issues are discussed during the standups. This has been seamless.
Our Advisory team is still kicking goals with BAU. We are in the middle of a PCI audit, ISO27001 Gap Assessment, writing 4 strategies 30 third party risk assessments and 9 CPS234 implementations and that is just this week! The team have adapted to video calls and our clients are providing the same information as normal.
Our Pen Testers have not stopped. In fact, we found a critical IDOR vuln in a web app at 2 am last night. The biggest change is Internal Penetration Tests. We got right onto this and built a whitebox loaded with customised Kali VMs and remote management tools through Solarwinds. Yep, we can still run internal Penetration Tests during social distancing. The first box is going out this week!
All in all, it has been a challenging time for everyone but I am so proud of the way the team has reacted. Cool, calm and collected. We have spent years building out our processes and ensuring when this day happened, we were ready. Stay safe out there everyone!