By: Greg McDonough

 

Given all of the passionate discussions and thought provoking presentations at RSA Conference 2024, it can be easy to forget some of the daily stresses that plague the cybersecurity industry. The job can be near thankless in that when it is being performed well, it is invisible and it is impossible to determine just how many attacks have been averted or how much time and money has been saved. Despite the lack of recognition, cybersecurity teams are successfully defending their organizations and allowing businesses to run smoothly and without interruption. However, this success comes at the cost of living in a constant state of vigilance that can be exhausting both mentally and physically.

The cybersecurity industry is currently seeing levels of burnout last seen during the COVID epidemic in 2021, when the world was in flux and teams everywhere were forced to accommodate an almost overnight shift to a remote workforce and the nightmare of a significantly expanded attack surface. The silver lining in this issue is that the industry has recognized this crisis and is taking action. By embracing the diversity that makes the industry stronger, harnessing the power of mindfulness and restorative practices, and capitalizing on the opportunities for joy, the cybersecurity community is turning the tide against burnout.

In Wednesday’s Harnessing the Strengths of Neurodivergent Staff for Cybersecurity presentation by Rick Doten, he explored the role of neurodivergent workers in the cybersecurity industry and how organizations should begin to view what are often seen as weaknesses, as the strengths that they are. Specifically, he referred to issues such as ADD, depression, autism, and dyslexia. He cited examples such as the fact that the neurodivergent always wants to know the why behind things which makes them particularly well suited to work in an industry that is constantly examining its practices and looking for new, different, and better ways to accomplish goals. 

In addition, neurodivergent individuals often exhibit tendencies such as passionate interest, an ability to hyperfocus, and close attention to detail that lend themselves readily to work in cybersecurity. Doten went on to explain that, “A behavior problem is a gap between the demands placed on an individual and their coping skills,” and suggested a number of strategies for neurodivergent workers to adjust more readily to the stresses of the workplace. Chief among these recommendations was “give yourself grace,” by accepting the things that you struggle with and focusing on all of the positives. “People work best when they can be themselves,” he concluded.

On Monday, Balancing Employee Sentiment and Metrics for Successful Business Impact with Moderator Lynn Dohm and panelists Kristen DeanFran Katsoudas, and Malcolm Palmore, also focused on the need for diversity and inclusion in the cybersecurity space. They recognized that this work needs to be a top down initiative and each discussed all of the innovative work being done in the industry to embrace the differences that make the cybersecurity community so strong.

By focusing on inclusion and celebrating the things that make everyone different and valuable, the industry has already taken great strides towards reducing burnout. Tuesday’s Burnout in Cyber: The Intersection of Neuroscience, Gender, and Wellbeing by Peter Coroneos and Kayla Wiliams focused on hacking the ultimate computing system: the human brain. Coroneos and Williams began by delving into the daily stresses that are placed upon the defenders in the cybersecurity industry and how they are leading to steadily rising levels of burnout before transitioning to an explanation of the damaging effects that living in this constant state of fight or flight can have on the neuroplasticity of the brain.

Coroneos, CEO of Cybermindz, an organization that looks to address and improve the mental health of cybersecurity professionals, led the audience through a small exercise designed to lower the heart-rate, increase dopamine levels, and temporarily restore a sense of calm that can help those suffering from burnout. George Kamide, Co-founder and Executive Director at Mind Over Cyber explains the value of mindfulness in saying, “Mindfulness is not a panacea, but by way of metaphor ideally it helps you notice the blinking light on the dashboard instead of continuing to drive through the trouble until you reach the crisis moment of being stuck on the side of the road with an overheated and incapacitated engine.

During Security’s Social Problem presentation on Wednesday, Michele Chubirka spoke to the issue of burnout and connected it to a steady rise in incidents across the cybersecurity industry. However, she explained, the problem is not technological, but social. There is currently a vicious cycle of shame that exists within the industry. As Chubirka said during her presentation, “sanctions and fear appeals correlate to reduced voluntary security behaviors, apathy, and resistance” and she is “tired of seeing people use the same technology hammer on human nails.” She went on to explain that in order to break the cycle of shame that exists in the cybersecurity industry it is necessary to embrace the practice of restorative justice. Restorative justice looks to replace shame with guilt, which can evolve into acceptance and healing. This outlook should be fundamental in building a culture of people that step in and speak up when they see a problem. Restorative justice is the foundation for a community that “works with people instead of doing things to them,” according to Chubirka. She also urges organizations to use the healing power of restorative justice circles to foster a sense of equality and transform negative affect into positive. Although she used the terms restorative justice and restorative practice interchangeably, she prefers using practice because, as she says, “you are not going to get better unless you practice.”

While many of the presentations this week addressed the issue of burnout, few seemed to bring as much sheer joy as A Conversation with Actor, Comedian and Writer, Jason Sudeikis with Hugh Thompson. It would have been near impossible to be unaffected by Thompson’s enthusiasm when interviewing Jason Sudeikis and asking about his role as Ted Lasso, a character that embodies much of what the cybersecurity industry is doing to address burnout. As Sudeikis explains, Lasso believes “everyone is worthy of your attention.” Lasso is also famous for quoting Whitman when he says, “be curious, not judgmental.” At RSAC 2024, the cybersecurity industry has shown that it is ready to embrace its inner Ted Lasso by being curious about the community and working to make sure that everyone feels seen, heard, and appreciated.

 

Read more HERE