You're reading from Resilient Cybersecurity Reconstruct your defense strategy in an evolving cyber world

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781835462515

Length 752 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Mark Dunkerley

View More author details

Table of Contents (19) Chapters

Preface

1. Current State FREE CHAPTER

2. Setting the Foundations

3. Building Your Roadmap

4. Solidifying Your Strategy

5. Cybersecurity Architecture

6. Identity and Access Management

7. Cybersecurity Operations

8. Vulnerability Management

9. User Awareness, Training, and Testing

10. Vendor Risk Management

11. Proactive Services

12. Operational Technology and the Internet of Things

13. Governance Oversight

14. Managing Risk

15. Regulatory and Compliance

16. Some Final Thoughts

17. Other Books You May Enjoy

18. Index

Prioritizing Well-Being

It would be remiss not to touch upon one extremely important topic we continue to hear more about; a topic that we tend to put secondary to everything else in life, and more specifically work. It is that of our own well-being, and the well-being of those who work for us and around us. We have come to live in a world where there’s a mindset that has been instilled that we live to work, when the reality is we should be working to live. As leaders, we need to ensure that we have the health and wellness of those who work for us and those around us at the forefront of our priorities. Cybersecurity can be an extremely demanding field to work in and burnout and mental health are real issues we need to manage head-on as leaders. One topic in particular that needs addressing more is that of mental health, not just in cybersecurity, but in general. There has always been a stigma around mental health, making it difficult for anyone to be open. At the end of the day, the brain is an organ that requires the same care and attention as any other organ within our body. If there is an issue you are struggling with mentally, it should be addressed like any other organ without feeling uncomfortable. Unfortunately, we are hearing more mental health concerns and an increase in mental health issues within the cybersecurity field. Or, we may just be becoming more aware of the situation and others are beginning to speak up. Either way, data is beginning to show that we have an issue that needs addressing.

Data on Well-Being and Burnout

On the flip side, we are beginning to see more data on well-being, mental health, and burnout issues, which allows us to better understand what we are dealing with. As leaders, this allows us to take immediate action to ensure we provide the support and resources needed. To better understand how real the situation is, a simple Google search (or question to ChatGPT) for mental health articles in cybersecurity will return countless articles and research to provide a clearer picture of what we are dealing with. I highly encourage all cybersecurity leaders to do this, so you have a better understanding of what challenges we face on this critical topic.

Statistics on Mental Health in Cybersecurity

Let’s look at some of the data available.

A study from over 1,000 cybersecurity professionals by Tines in 2022 provided the following:

27% say their mental health has declined over the past year.
Only 54% say their workplace prioritizes mental health.
63% say their stress levels have risen over the past year.
64% say their work impacts their mental health.
51% of respondents have been prescribed medication for their mental health.

Source: https://www.tines.com/reports/state-of-mental-health-in-cybersecurity

The 2021 Global Incident Response Threat Report from VMware found:

During the past 12 months, 51 % of respondents experienced extreme stress or burnout.
Of the 51 %, 65 % said they have considered leaving their job because of it.

Source: https://blogs.vmware.com/security/2021/08/combating-cybersecurity-burnout-through-self-care-empathy-and-empowerment.html

Some other article headlines include Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025, 25% of Cybersecurity Leaders Will Pursue Different Roles Entirely Due to Workplace Stress from a Gartner press release (https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybersecurity-leaders-will-change-jobs-by-2025), Concern for cybersecurity workforce mental health is rising from an article on Healthcare IT News (https://www.healthcareitnews.com/news/concern-cybersecurity-workforce-mental-health-rising), and Ransomware’s Relentless Rise Strains Security Teams from a Mimecast blog.

Strategies for Promoting Well-Being

It is important that we take this data seriously and begin to influence change that provides a positive and healthy work environment for everyone. Of course, there will always be times of stress and the need to work longer hours than normal. But we cannot allow this type of environment to be sustained as it will catch up with us and the burnout will be real. For example, some of the more relevant areas where burnout is more prevalent and that require closer attention include SOCs with a 24x7 operation, vulnerability management with the potential of thousands of vulnerabilities to review each month, and incident response where there is pressure to mitigate and understand if any exfiltration activities have occurred. However, no specific function within cybersecurity is immune to burnout.

Some thoughts to help you prioritize the health and well-being of those on your team and around you include:

Better understanding the burden of your team.
Taking responsibility to ensure your employees are well supported.
Spending extra time checking in on your employees. Maybe schedule weekly touchpoints.
Ask them how they are doing often and if they need any support.
Always make yourself available to them and make sure they know about this.
Respect your employees personal time and be flexible with their schedules by providing compensation time when earned, time away for family events and appointments, allowing remote work options, etc.
Remind them to take time off and ensure they are not working off-hours.
Make sure your employees are aware of any HR-related well-being programs or company-sponsored mental health resources and encourage them to take advantage of them.
Ensure your team is staffed to support each other. Your employees should not always be overworking. If they are, you need to address the resource issue ASAP.
Provide a safe space for employees to express concerns about workload before burnout occurs.
Celebrate small wins and show regular appreciation, which will make them feel good and worthy for the company.
Organize team-building activities to strengthen social connections and enhance team cohesion.
Lead by example.

Strategies for Individuals and Leaders

Most importantly, you must take care of your own health first. If you are not at your best and taking care of yourself, then you can’t be the best for your employees. You need to build good habits for your employees to observe and follow. Some basics of self-care include:

Getting enough sleep.
Be active by moving around or getting exercise daily.
Get into nature.
Eat a healthy diet.
Engage in social activities and stay connected.
Meditation or other mindfulness practices to cultivate mental clarity.
Learning to say “no” to non-essential requests.
Activities that bring joy and relaxation, separate from work.
Manage your stress.
Have FUN!!!

Make sure your employees are aware that you have their well-being at the front of your mind and share and encourage the items mentioned above. Also, make sure there is a comfortable space for your employees to discuss well-being and encourage the conversations to happen.

A simple phrase to help remind yourself and others:

Step Away > Disconnect > Refresh