Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceFire & Life SafetyPhysical Security

Special Report

How to bring a virtual GSOC to life

By preparing security operations centers for remote connectivity, security leaders can increase reach, productivity and efficiency.

By Adam Stone
gsoc security

monsitj / iStock / Getty Images Plus / via Getty Images

global security

Brett Wentworth, Senior Director of Global Security, Lumen Technologies. Image courtesy of Wentworth

gsoc security
global security
April 1, 2022
✕
Image in modal.

At the beginning of the COVID-19 pandemic, Brett Wentworth learned the value of enabling remote access for security operations. As Senior Director of Global Security for Lumen Technologies, Wentworth oversees 170 employees at eight global security operations centers, supporting 4,000 managed security customers. “We transitioned to full remote at the start of the pandemic in March of 2020, and we haven’t really looked back since,” he says.

“When you think about a global security operations center [GSOC], normally you think about a room with people looking at screens and swivel-chairing to help each other with issues. Now we have had people all working from home for the better part of two years, and I’m happy to say that that transition was seamless,” Wentworth adds.

Like Wentworth, many security professionals and teams have learned that, given the nature of a GSOC’s work, virtual access not only has benefits — it also makes sense. Traditionally, the GSOC is thought of as a physical space, but recent events have helped security professionals to see the value in remote security teams. With the right tools and some thoughtful planning, it’s possible to deploy a “virtual” GSOC, delivering security effectively from anywhere at any time.

“In 2019, we opened the doors to the GSOC as a completely physical team,” says Robert Gummer, the National Football League (NFL)’s Director of Intelligence Operations. “Then, in March 2020, everyone was sent home,” he says.

Fortunately, before the pandemic, Gummer had already designed the GSOC and security operations to function remotely. Even as the situation on the ground became more perilous, the team was able to deliver. “In May and June 2020, when all the civil unrest broke out across the United States, we had our entire team supporting that effort from home,” Gummer says. “They were giving situational awareness to our clubs and our stadium partners across the country, all from their homes.”


*Click the image for greater detail



Why Remote?

Gummer says that the idea behind remote access for security operations is continuity regardless of circumstances.

“Bottom line, you don’t know when your facility could be shut down. If you cannot operate outside of that facility, then you are non-mission capable; you can’t support the mission or bring value,” Gummer says. “For us, that means the entire team requires some level of remote access to operate in the same capacity as they would in the physical space.”

Remote access makes his team more responsive. “An issue can happen at any time. You get a call late at night, and you need to be able to respond in real time. You can’t do that if you’re transiting 30 minutes to an hour into an office environment,” he says. “You have to be able to access your tools and capabilities from wherever you’re operating.”


Tools and Strategies

So, how can organizations ensure that their GSOC is equipped to handle remote operations? Experts say it takes a combination of technology investments and thoughtful strategic planning — and communication is key to making it all work, particularly as analysts need to share and discuss information constantly.

Analysts, operators and other stakeholders need ready access not just to each other, but also to the data feeds that are the heart of the GSOC value proposition. Therefore, in planning for a virtual GSOC, security leaders need to think about how security staff and others will access that information.

Wentworth, for example, enables direct access to all the GSOC’s operational elements for those working remotely. “We connect to our tools via two-factor authentication and remote access VPN. From there, we are able to fire up all of the standard tools that somebody would have within the SOC environment, tools such as a security information and event management [SIEM] system to look at alarms for any security events,” he says.

“People can also access the ticketing system, which is very important for any operational team that’s customer-supporting,” Gummer says. “The ability to VPN into the network and have virtual access to all those tools has really helped us.”

In terms of strategy, developing a virtual GSOC requires some added consideration beyond what goes into building a physical operation.

“Building a SOC with remote work in mind has to start with a cost and benefits analysis,” says John Dummett, Senior Project Manager at security consultancy Guidepost Solutions. Security leaders should ask themselves if there is a benefit to having remote employees. If the answer is yes, “then there is a decided business case for remote or mobile capability, and the practical considerations should be reviewed,” he says.

Once security organizations have made a business case for remote operations, “the baseline consideration becomes, ‘How can we duplicate the platform centralization monitoring capabilities and communications capabilities seen in a traditional SOC into a virtual environment, and how can we manage a remote staff enacting those functions?’” Dummett says.

To connect those dots, organizations must then drill down further by considering the platforms already in use for intelligence and security operations. It’s important to understand what resources will be needed to support remote access to any platform, as this will offer insight into how to organize virtual access cost effectively.

“For example, live viewing of many video surveillance streams is both computing-hardware intensive and bandwidth intensive,” Dummett says. “Enabling these functions to operate optimally requires hardware that is capable of decoding high-resolution streams effectively and quickly, as well as distributing those in a low bandwidth manner.”

By comparison, monitoring functions that are primarily alarm-related are not as resource-intensive and require less technology to support virtualization, according to Dummett.

Aside from ensuring operational platforms can be accessed remotely, security leaders need to think about the actual tools that bring remote connectivity to life.

“Perhaps the most important is a robust KVM — keyboard, video and mouse — over IP solution to transport all GSOC control, video and audio content across a wide area network securely, reliably and with limited latency,” Dummett says.

At cybersecurity consultancy ABS Group, the Head of Industrial Cybersecurity Services Development Dennis Hackney points to other key hardware needs, such as laptops, mobile devices, virtual private network (VPN) routers, monitors, printers and other technologies necessary for analysts and security staff to perform their core functions.

For security reasons, he says, all equipment should be company-owned. “I do not recommend employing a bring your own device policy. All remote working devices should be company provided and controlled,” he says.

And then, with all of the data coming into a SOC, data storage and management is a prime consideration for any organization considering remote accessibility. At the NFL, for example, Gummer leverages the robust computer and storage capabilities of the cloud to ensure data is readily available. “Our video analytics and camera systems are up in AWS [Amazon’s cloud service],” he says.

Of course, in any GSOC, remote or on-premise, consolidated viewing of data is critical for efficiency and intelligence — particularly if GSOC operators view and act on data from remote locations. In Gummer’s case, this means that team members can use their individual logins, protected by two-factor authentication, to connect to a range of GSOC capabilities in an easy-to-access format. To that end, Gummer has implemented a “virtual command center” solution that allows team members to collate the data they receive.

“It’s a dashboard that reports all our data holdings, subsequently increasing the value of each platform,” he says. “That means that when an incident happens, not only is it populated in our incident management system, but you can also see it on the map. All of our alerts, even our emergency notification system — we have one place to see where everything’s transpiring.”


Staying Connected

Some security professionals hesitate about the operational impact of transferring a GSOC to a remote environment. Security monitoring is a team sport, and for those used to being in physical proximity, the idea of working from disparate sites may be worrisome.

Security leaders who have made the transition say that a thoughtful approach to communications can help alleviate those concerns. “Without good communication, things fall apart,” Wentworth says. “We have been using Microsoft Teams to help facilitate this large, geographically diverse set of people working in different states, on different continents. You need something that incorporates a group chat feature, instant messaging, phone integration, document sharing, all of those things combined into one platform.”

Wentworth says that the operations team checks in frequently via team meetings, instant messages and one-on-one audio or video calls. These are all critical tools in a remote environment to validate that the front lines are consistent in their approach, he says.

In addition to communications tools, scheduling is also a critical component of a remote GSOC scenario. Wentworth overlaps shift handoffs to ensure people are coordinating with one another. “Right now, we’re running six 10-hour shifts to maintain 24/7 coverage, which allows for two hours of overlap between the shifts. That gives you the time you need to say: This was the major event that happened, we need you to carry it forward. That happens three times a day, every day,” he says.

Gummer says that just as important as emphasizing communication among staff is emphasizing communication and collaboration between the GSOC and its third-party vendors.

“We meet almost weekly with most of our vendors, talking through requirements, talking with them about our expectations and issues that we’re identifying,” Gummer says. “Having partners who are open to collaboration with others is critical.”

And, when all is said and done, an emphasis on training, leveraging mentorships and side-by-side work opportunities (even virtual) are important to ensure those working from outside the physical GSOC are prepared to fulfill their roles. In other words, a heavy focus on the human element is the ultimate key to success.

“The biggest thing underneath it all is to have trust in your staff and have good communication strategies,” Gummer says. “If you don’t have those two things in place, everything else falls apart. That’s true when they’re in a physical space, and it’s true in the virtual space as well.”

KEYWORDS: business continuity Global Security Operations Center (GSOC) risk management security leadership security management security operations

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Adam Stone is a contributing writer for Security magazine. He has covered IT issues in the public and private sectors for more than 20 years. In addition to following security trends, he writes on military technology, education-tech, government IT and diverse others issues.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0419-recruit-feat-slide1_900px

    How to Find Talent in a Tough Job Market

    See More
  • Crowd of people entering a large event

    Big events, bigger risks: How teams keep large events safe

    See More
  • collage

    Leveraging non-traditional experience to drive your security career

    See More

Events

View AllSubmit An Event
  • April 16, 2025

    Modernizing GSOC Operations: Ensuring Full Control and Complete Situational Awareness

    ON DEMAND: For many organizations, physical security management can be a daunting task. Threats are on the rise and risks are becoming increasingly diverse. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing