Every industry experiences some level of stress, burnout, and mental health challenges, but there’s one that is outranking all others by a wide margin: cybersecurity.
In a 2019 Symantec study of nearly 3,000 security professionals almost two thirds of cybersecurity professionals reported that they have considered quitting their jobs or leaving the industry because of stress and burnout. This has dangerous implications for every company that relies on these first responders to keep their data and businesses safe.
Join Neal O’Farrell, cybersecurity expert, as he discusses these mental health challenges and maps out a strategy for building “psyber resilience” in your cybersecurity team.
Webinar attendees will learn about:
The impact of stress and burnout on security professionals, and how to manage it
Tools to help cybersecurity professionals cope with these challenges
Organizational improvements and solutions to reduce stress and burnout for these digital first responders
Creating programs to maximize the psyber resilience in the security workforce
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
How to Incorporate "Psyber Resilience" into Your Security Strategy
1. How to Incorporate “Psyber Resilience”
into Your Security Strategy
Neal O’Farrell, Founder, The PsyberResilience Project
2. 40 years in global security
and privacy
50 years struggling with
mental illness
30 years struggling with
chronic stress and
eventually burnout
Now focused on mental
health and wellness
3. Leading the
creation of a
mental health
action cluster to
create standards
for mental health
in future smart
cities
10. Personal Risks
• Mental health – depression, anxiety, worry, anger,
cynicism, despair, suicide
• Physical health – blood pressure, digestive, weight
gain, immune system
• Substance abuse
• Passion for the career
• Relationships
• Seek other employment
• Quit the industry
• Absenteeism and “Presenteeism”
11. Organizational Risks
Unmanaged stress is known to harm
• Cognitive function
• Attention and focus
• Decision making
• Memory
• Engagement
• You’ll lose your best and brightest!
Adversaries recognize security stress as a
significant vulnerability and opportunity
12. A DOZEN MAJOR CAUSES OF PSYBER STRESS
1
Unrealistic Expectations
“Unrealistic and unhealthy
expectations about outcomes
and results, expectations set
both by employers and by the
individual defenders.”
13. 2
No Time To Regroup
Little time to pause or
decompress because of the
relentless waves of attacks,
constant training, vendors,
regulations etc.
A DOZEN MAJOR CAUSES OF PSYBER STRESS
15. 2
Exhausting Schedules
“Always being on the clock, on
the job, at least mentally,
compounded by no real
downtime, long hours, long
weeks, and even long
weekends.”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
16. 2
Change Fatigue
“Trying to keep up with a
constantly changing
environment, from new
threats, tactics, and
technologies, to new laws,
regulations, guidelines,
frameworks, and standards”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
17. 2
Professional Pride
“The constant fear of personal
failure, of being the one who
lets the team and organization
down by missing that one
single threat amongst
thousands”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
18. 2
A Cruel Enemy
“The emotional toll of
constantly fighting and being
exposed to the worst kinds of
criminals, and witnessing the
cruelty they inflict on their
victims”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
19. 2
Growing Cynicism
“An increase in cynicism and a
decrease in trust amongst
security professionals, often
permanent emotional
changes that they bring home
with them”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
20. 2
Not Enough Eyes
“Security teams stretched too
thinly, which results in heavier
workloads, pressure to take
on too many tasks, and not
being allowed to focus on the
most critical or relevant
challenges”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
21. 2
Pre-Existing Conditions
“Many security professionals
come into the industry with
existing mental health issues,
and especially with an
increase in military and law
enforcement dealing with
anxiety and PTSD”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
22. 2
The Exploitation of Stress
“A growing strategy by
attackers to psychologically
wear out the defenders, and
often taunting, threatening,
and even directly targeting
security professionals”
A DOZEN MAJOR CAUSES OF PSYBER STRESS
24. UNDERSTANDINGStress Stress is little more than the way we process “stressors,”
how our brains process the stressful things around us.
If we can better understand how stress works and how
to manage stressors, we can almost eliminate the impact
of stress.
In other words, it’s all literally in our own
minds.
And it’s often a self-inflicted wound.
But -
If we fail to manage stress, it can severely
harm our health and quality of life.
25. Stress and Cortisol
A QUICK PRIMER
Cortisol is an essential part of the body’s core
defense system, the “fight or flight” response.
In order not to become toxic, it recedes to
normal levels after the danger has passed.
When Cortisol remains constantly elevated it
becomes toxic:
• Heart and pulmonary
• Digestive
• Immune system
• Cognitive function
• Sleep
• Dementia/Alzheimer’s
• Reproductive
So what keeps Cortisol at toxic elevated levels? STRESS!
26. “A state of physical or emotional exhaustion
that also involves a sense of reduced
accomplishment and loss of personal
identity.” The Mayo Clinic
Burnout impacts nearly half of all workers, and researchers
at Stanford found that workplace stress costs businesses
nearly $200 billion annually and leads to nearly 120,000
deaths each year.
So where does it come from?
Chronic burnout is usually the end result of years of
unchecked and unmanaged chronic stress.
UNDERSTANDING
Burnout
27. • Constantly cynical or critical at work
• Having trouble getting up and getting
started
• Irritable or impatient with co-workers,
customers or clients
• Lack the energy to be consistently
productive, or “presenteeism”
• Find it hard to concentrate, focus, engage,
make decisions
SPOTTING THE SIGNS
Of Burnout
28. • Lack of satisfaction from achievements
• Feeling disillusioned about the job and
mission
• Using food, drugs, or alcohol to feel better
- or to simply not feel
• Changes in sleeping habits
• Unexplained headaches, stomach or bowel
problems, or other physical complaints
SPOTTING THE SIGNS
Of Burnout
A WORD OF CAUTION!
Symptoms of burnout can often mimic those of serious mental
health issues like depression.
29. The most important rule of all?
“Recognize that it’s all in your
head. Literally”
Which means you have enormous
control.
30. Manage it like a threat
Create a list of all the “things” – the
stressors – that are causing your
stress.
Address them individually
31. “There is no stress in security!”
Understand the difference between
“stressors” and “stress.”
They’re not the same and the difference
is crucial
37. Mindfulness is proven to be one of the most
powerful stress management tools.
Exercise and fresh air
A better social life/social network
Better eating habits
38. Teach yourself to be happier
Practice gratitude
Laugh and smile more
Kitty videos are scientifically “great”
39. Learn To Be A Brain Alchemist
Understand how cortisol, serotonin, and
dopamine work, how they interact with each
other, and how to control them through your
thoughts and actions.
40. DAM
Dismiss – Not real or
really worth worrying
about.
Accept – Real but you can
deal with them.
Manage – Real,
potentially harmful, and
need to be managed.
41. CISO, Heal Thyself
Chances are you’re dealing with the same issues,
maybe worse, probably for longer.
Go through your own self-assessment first, identify
the most destructive stressors.
Use what you learn to (a) start healing yourself and
(b) inspire your security team.
Note to self – Your biggest stressors might
come from above, management and board.
So the strategy might be different.
42. Learn
The differences and the relationships between
stress, burnout, and mental illness:
• Chronic stress = unmanaged long-term stress
• Burnout = unmanaged chronic stress
• Unmanaged stress can become depression
• Or – burnout is unrecognized depression
Caution – you’re in the realm of mental
illness. Always seek professional advice
43. Know Your Team
“My guys are all OK. I know they’ll tell me if
they’re struggling”
No they won’t. It’s rarely the case.
Spend as much personal time with your team, all of
them. And not isolated.
Talk about these issues all the time. That’s the best
way to build the trust that will free the truth.
Talk to them separately and privately too. It’s a
delicate subject.
Note to self – Your biggest stressors might
come from above, management and board.
So the strategy might be different.
44. Study The Stressors
The more you understand about what’s stressing
your security team, the easier it will be to manage or
neutralize them. Remember BAD?
Recognize that you might be one or the greatest
sources of stress.
If the pressures on your team are coming from above
you, let them know that, that it’s not because of
your indifference.
Survey your team on stressors.
Mental health is not unlike security. Use the “shared struggle”
to encourage more understanding and empathy
45. Let Them Speak
Create an anonymous way for your security team to:
• Vent
• Criticize
• Point fingers
• Suggest
A powerful way to gather the most honest and
useful insights
Make sure it’s truly anonymous or you risk additional risks
46. If you can’t fix...
...at least speak openly about:
• Why you don’t have enough manpower
• Why you don’t have other critical resources
• Why you’re just as frustrated with management
as they are
• Why you’re constantly putting out fires
• Why you’re just as frustrated with vendors, tools
and technologies, compliance, endless new
regulations and frameworks, relentless training,
too many distractions
47. Give them a break
Work/life balance is critically important in
managing stress and mental health:
• More time off – come in later, leave earlier, longer
breaks, longer weekends
• More downtime with the team
• Longer/more frequent vacations
• “Off” also means off the clock and off the job
• Allow for/encourage more remote work
48. One Rotten Apple
Toxic/Rockstar personalities can make an entire
workplace toxic:
• The know-all, expert of all experts
• Condescending, arrogant, dismissive, controlling,
attention seeking
• Bullying is increasingly commonplace
• One single toxic personality can cripple an entire
team
• Try to cure rather than amputate
Recognize that toxic behavior might just be poor
coping skills or unaddressed issues
49. Beyond Stress
The security industry has long attracted those
already struggling with mental illnesses:
• 1 in 5 Americans struggle with mental illness, and
often more than one
• Anxiety and depression are the most common
• Anxiety and depression also come in many
varieties
• Bipolar and Schizophrenia are growing
• PTSD very common amongst transitions from
military and law enforcement
Learn the differences, recognize the signs, know how to approach,
embrace, support, and champion
50. Create An Escape Room
A comfortable
and nearby
place to escape,
decompress,
disengage,
refresh, vent,
and start all
over