Culture / Cyber security burnout: risks and remedies
Cyber security burnout: risks and remedies
12 June 2019
Craig Hinkley, CEO, WhiteHat Security considers how can we all balance the demands of the job with personal well-being to achieve long and fulfilling careers.
Many of us working in cyber security will know of one or more people who have, quite understandably, struggled with the pressures of the job. And we all know that chronic, high levels of stress are extremely unhealthy and can lead to eventual burnout at severe personal cost.
While our industry is far from unique, cyber security roles often carry a level of responsibility and constant pressure not seen elsewhere. For us, a mistake can have implications far wider and more dangerous than our immediate role.
But it’s vital work and we’re lucky to be in an industry where there are so many highly committed people keeping businesses and individuals safe from cybercrime in all its forms.
Part of the problem is that cyber security skills and experience are in massive demand. Relentless cybercrime activity coupled with a global skills shortage is putting immense strain on the industry. As Cybersecurity Ventures has reported, by 2021 there will be an estimated 3.5 million unfilled security jobs. I believe stress and burnout is playing an increasing role in this alarming disparity.
We are, therefore, at an important time in the development of our profession. How can employers and professionals identify, manage and mitigate the risks of stress and burnout? How can we all balance the demands of the job with personal well-being to achieve long and fulfilling careers?
Also of interest: Could veterans be the answer to the cyber skills shortage problem?
Burnout – spotting the signs
The inherent difficulty in watching out for colleagues under stress, or when we are in the situation ourselves, is that the problems don’t just happen overnight. We have to learn to recognise the signs that stress may be building to unhealthy levels.
If you’re in a leadership role, pay special attention to your team and look for warning signs that can include an increasing number of sick days, a decline in performance or perhaps more disagreements among colleagues.
But for all of us, co-workers under stress may seem more tired than normal, disengaged or physically ill. All of us have to be more mindful of the well-being of colleagues and be in a position to help each other so that issues can be effectively addressed.
Also of interest: Mental health and cyber security: do we have a problem?
Building a culture of workplace well-being
No-one can promise to eliminate the inherent pressures of a job that frequently relies on ‘hyper-vigilance’, so what can leaders do to help their teams? It can be tempting to rely on employee assistance programmes, but these issues need more than a standard, ‘one size fits all’ approach.
While assistance programmes can be helpful, it’s really important that leadership demonstrates genuine empathy for the pressures of the various cyber security roles and invests its time in protecting the well-being of colleagues. Try to avoid automatically handing stressed people off to assistance programmes – formal, structured help can be vital, but it’s just part of the solution.
In many walks of life, preparation is better than cure and initiatives like resilience training can arm team members with the tools they need to handle stress when it begins to rise. There’s also a role for social events and team bonding in helping people open up to each other and talk about issues with colleagues who really understand their point of view.
But for everyone, having the skills and patience to listen is invaluable. Ideally, everyone will understand that they are free to discuss stress and be reminded that amid the challenges of the job, their work is valued.
Also of interest: Taking an alternative approach to cyber security in 2019
It’s a team effort
If you have the responsibility of leading a project, or are the main point of contact, it’s quite easy for the pressure burden to build to an unhealthy level. So, ideally, team leaders should try to avoid the classic ‘hub and spoke’ way of organising resources and adopt a more collaborative way of working where responsibilities and achievements can be shared.
Working collaboratively is a familiar working pattern for many of us, and by sharing the workload, responsibilities and communication channels, the old adage ‘many hands make light work’ can make a difference.
If you want to explore collaboration even further, security strategy can be integrated throughout the DevOps process to create a ‘DevSecOps’ system. It’s an approach which is becoming increasingly used across teams to improve communication and integrate the worlds of software development, information security and IT operations.
Identifying and eliminating security vulnerabilities earlier in the development process can offer enormous advantages. Ask any cyber security professional about the idea – most will welcome the chance to reduce the instances where unexpected problems suddenly have to be dealt with, or where security is only added on when an application or service is well into its development.
Also of interest: The neurodiversity opportunity in cyber security
Personal well-being and workload management
Multitasking can go a long way to help manage workloads throughout a cyber security team, but managers must guard against delays and interruptions to avoid negative effects. For instance, there could be projects competing for resources, planning can become ambiguous or communication can get bogged down. The role of managers is to keep people on the right track and avoid unnecessary stress.
Similarly, monotasking has a role to play. By focusing squarely on a specific task and avoiding interruptions, individuals and teams can stay focused and build towards an important goal, without getting side-tracked.
Using these approaches to streamline the work of cyber security teams can help mitigate some of the daily pressures they face. Managers and teams need to choose the most appropriate method for each task on their to-do lists.
It’s worth the effort. Burnout is not always avoidable, but there is much that businesses, management and we as individuals can do to address many of its worst effects. By bringing well-being and stress management into organisational culture, we can more effectively balance pressure and productivity, and that’s something to benefit everyone.