Driving Business Growth in Turbulent Times from CISO’s Perspective: Part I

Insights into How SOC Prime Achieved 100% YoY Growth While Withstanding the Challenges of War and Economic Recession

Since russia’s full-scale invasion of Ukraine, SOC Prime has been on the frontline of war helping Ukraine and our customers defend themselves from the aggressor’s malicious activity in the cyber domain. Regardless of the challenges, we keep executing on our mission to transform threat detection and supercharge collective cyber defense powered by the Sigma language and MITRE ATT&CK® framework. In this initial part of the interview with SOC Prime’s CISO, Vlad Garaschenko, we’ll gain insights into SOC Prime’s BCP (Business Continuity Plan) and how it transformed during the period of 2020-2022 in response to the COVID-19 pandemic and the wartime challenges to enable the company’s growth during these turbulent times. 

1. What is a BCP and why should organizations implement one?

A Business Continuity Plan is a tool that enables companies to ensure steady service delivery and stable functioning of their business in spite of any disruptions, unpredicted events, or disastrous environment changes. The BCP provides a strategy and framework to maintain the company’s resilience, thereby delivering qualified services to its customers no matter the natural disasters, power outages, cyber attacks, or any other possible major challenges for business continuity. 

At SOC Prime, before the war, our Business Continuity Plan primarily focused on how to provide working conditions for personnel in the event of fire, power outages, loss of Internet connection, potential cybersecurity risks, and other hurdles that could hinder daily operations. We channeled our efforts into mitigating those risks through performing such regular tasks as recurring data backups, validating and testing the recovery of those backups, etc. Our efforts were largely focused on how to address physical, infrastructure, or cybersecurity risks ensuring a secure and stable work environment for SOC Prime team members. 

2. When did SOC Prime introduce its first BCP?

In 2019, SOC Prime started working on a basic version of its Business Continuity Plan as part of the company’s preparation for the SOC II Type I auditing procedure, which was one of its requirements. Still, even before the BCP’s initial version, the company was concerned about a business continuity strategy and took measures to prevent the company from potential risks. For instance, SOC Prime offices were always provided with two high-speed communication channels from different Internet providers, main and redundant ones, and we also had an alternative Internet connection via 3G modems to enable our SOC team to get in touch with the company’s customers when two high-speed channels were unavailable. 

3. What are the main BCP requirements for peacetime?

The Business Continuity Plan should cover potential critical risks that can significantly impact the operation of the business and prevent it from stable functioning. During our initial business impact analysis, we identified potential risks such as environmental, financial, reputational, and other statutory hazards that might impact business continuity and company growth.  

For example, of particular concern to us was the risk of communication interruption, platform/application availability, and cybersecurity risks. More specifically:

• The availability of backup power systems and redundant communication channels
• Resource distribution across multiple availability zones in the cloud rather than running on the same physical server
• Following security best practices and redundancy requirements related to secure internet gateway services, Zscaler in our case, to make sure it cannot be a single point of failure for our communication
• The location of internal GitHub/GitLab repositories in different cloud environments enabling continuous access to them even if one of the cloud providers is unavailable
• The availability of data recovery sources with backups continuously tested and checked for their reliability

4. How does SOC Prime prevent the risks of data loss, and where are the backups located?

When we implemented the Business Continuity Plan, we chose a strategy focused on achieving two primary objectives — providing a safe and productive work environment for our people while scaling the infrastructure to drive business growth. This involved avoiding the security risks related to the physical location of the Data Center (like ensuring a reliable power supply and stable Internet connection, anti-flood and fire protection, etc.). To achieve both goals, we made a decision to transition to the cloud to mitigate all physical security risks and be ready to scale fast and distribute our services across the globe. Our entire infrastructure is currently distributed across various cloud providers and cloud-based data centers in Europe, Australia, and America. 

To boost team creativity and productivity, we arranged the workplace environment like an “Internet cafe style”, where people could work in a comfortable setting provided with secure and stable Internet access, backup communication channels, and conference rooms secured by keycard access controls, equipped with coffee machines, and stocked with unlimited snacks. And it worked wonders for our business until the pandemic…

5. How did SOC Prime’s BCP transform to address the risks of the COVID-19 pandemic and its impact on business operations?

At the turn of 2020, when the world was on the brink of the massive pandemic and had to face all the challenges it posed, SOC Prime, like most global businesses, was looking for ways to tackle COVID-related hurdles. First, the updated strategy had to consider operational risks related to business continuity if a significant number of teammates took sick leaves simultaneously. To address such risks, SOC Prime implemented strict restrictions for office attendance with a limited number of people in one room and requirements for wearing masks and keeping the distance between teammates to at least 1.5 meters. The office premises were supplied with disinfectants and sanitizers as preventive measures against the disease. The company provided its personnel with all the necessities for their home office and introduced online activities to maintain team communication and protect the people’s well-being. This experience in building a fully-remote working culture was a real-life test of resilience for the team displaying how SOC Prime can adapt to unexpected and major changes in the business environment.

6. What was the turning point when SOC Prime realized that its original BCP of peacetime should undergo substantial changes?

SOC Prime regularly arranges meetups of the Risk Committee to analyze global challenges that can affect the business and how to mitigate such risks. In the summer of 2021, in response to the escalating conflict between russia and Ukraine, SOC Prime kept its finger on the pulse of all the events in the global political arena to assess and be ready to tackle all potential business hazards. Right before a full-fledged war broke out, SOC Prime began to adjust changes to its BCP to reflect these escalating war-related risks. 

Throughout January and up until mid-February 2022, before russia’s full-scale invasion of Ukraine, SOC Prime launched a BCP training initiative to mitigate war-related risks and validate how the business would operate in a new setting. As part of this initiative, most SOC Primers from Ukraine moved to Malaga, Spain, where another company office was located. This training was designed to test how the company’s team was ready to quickly switch locations with their families, smoothly adapt to the cultural changes, and how these changes might affect the business processes. Even still, we could hardly imagine that the conflict on the information frontline could turn into a full-blown war. 

7. What other changes were added to the BCP under wartime circumstances? 

Since the onset of the full-scale war in Ukraine, our primary goal has been to ensure the physical safety of our people and enable them to continue working in a safe environment. This required us to assist them and their families to relocate to a safe place, help address health and safety concerns and overcome daily living challenges. Our original and even updated BCP did not anticipate some of the new terrors of this war, including three-day-long energy blackouts, the bombing of residential areas and hospitals, and the russian’s desire to just torment Ukrainians with attacks on things we all take for granted, like running water and sewer systems.

In addition, we took measures to ensure control of the key company systems, no matter the escalating situation in Ukraine. SOC Prime configured break glass accounts that can be accessed and managed from the U.S. and Germany to ensure business continuity.

8. How did the BCP transform throughout the first 10 months of the ongoing full-scale war in Ukraine?

SOC Primers were ready to respond quickly to situations involving risks to their lives, always having first aid kits and other necessities at hand. These arrangements helped reduce anxiety in the case of an emergency. Since the first days of the outbreak of war, the company has helped teammates located in Kyiv to move to other safer places because the capital of Ukraine was a potential target for military aggression. When it was unsafe to move due to severe traffic jams on Ukrainian roads, people began working from bomb shelters. The company fostered knowledge sharing amongst each other through digital channels, allowing the teammates to learn necessary practical skills from one another while constantly monitoring each other’s location and well-being so we could respond quickly and help anyone in need. Still, not everyone could move to safer locations — for example, we had some people whose wives were about to give birth, and we tailored our BCP to consider such cases. Although the official BCP documentation did not cover such personal cases, the company did its best to support all SOC Primers and their families. What we learned from the first 10 months is that you must remain flexible and adapt to the constantly changing landscape of the war. In addition, no matter how hard we tried to anticipate risks to the business, we always had to think about worst-case scenarios, which in itself, created new anxieties that we hadn’t anticipated.

9. How did SOC Prime address business continuity while keeping the physical safety of its Ukraine-based team as a top priority?

We realized early on that there could be significant risks to the business productivity of our Ukrainian team members. For example, people could be offline if they and their families were hiding in a bomb shelter or relocating to a safer place in the country. To account for this, we divided the workload up amongst colleagues located around the world to support each other during these trying times. Many of our Ukrainian teammates that had already moved to safer locations also took over the tasks of their teammates to ensure business continuity. 

We applied the KISS (or Keep It Simple, Stupid) principle to enable anyone to handle challenging situations in the fastest and most efficient way. For instance, to easily keep track of the team capacity, we implemented a practice of indicating work availability through Slack statuses with the following color coding:

• Green dot — fully available
• Yellow dot — partly available
• Red dot — unavailable

This simple practice allowed us to smoothly coordinate our actions since we could see at a glance who was ready to work and could be responsible for the operations of the specific team. HR and DevOps teams continuously tracked these color-coded Slack statuses and were ready to take immediate action if they noticed a red dot in Slack. For instance, the DevOps team was ultra-responsive to shipping certain equipment, like a WIFI router or headphones for people who needed them for work. While the HR team introduced a telemedicine initiative that enabled anyone to meet online with healthcare providers and instantly address their health issues. 

As one might expect during these difficult times, we have had to continually adjust to the new “normal” to meet the needs of our customers and teammates. This is nothing new for us, as we have never had a regular 9-to-5 work schedule since the ”startup-like culture” always required more flexibility. Since the outbreak of the full-scale war in Ukraine, people started adapting their work schedules to the new circumstances and worked when available at their full capacity and peak performance.

Although the work schedule became even more flexible, it didn’t negatively affect business operations. Instead, the SOC Prime team works with more enthusiasm and inspiration than ever before, united by one common goal. I’m proud to admit that since February 24, 2022, there haven’t been any delays in the business processes and no performance hurdles, thanks to the incredible worth ethic and dedication to our cause that our teammates possess.