Creating resilience & promoting strong mental health in cyber security teams

2 months ago AndyC

It’s fair to say that the last five years have brought some interesting challenges on a global scale.

<div>Creating resilience & promoting strong mental health in cyber security teams</div>

It’s fair to say that the last five years have brought some interesting challenges on a global scale. The pandemic, global conflicts, fractures in societies around the world, widening gaps between rich and poor – this has undoubtedly created heightened levels of anxiety in most people generally.

On top of the increased stress level security professionals are exposed to, additional stresses include more highly motivated and effective threat actors utilizing more methods to do damage, extort money or impact reputations. Well-rehearsed and highly effective methods are used to monetize attacks with low entry barriers and can be highly destructive and costly for those on the receiving end. It is accepted by most security professionals that it is no longer a case of whether an attack will be successful but rather when and how to respond.

Against a backdrop of rampant inflation pushing up the cost of operating security services and tooling, downward pressure on operating costs and resource/skills shortages driving wage inflation, many organizations are under enormous pressure.

Left unchecked, it could develop into a national or global mental health crisis in cyber security that leaves teams depleted, impacting large numbers of cyber security professionals. The impact on lives and the resulting losses to the profession could increase organizational risk and potential loss – so we ALL need to pay attention to this.

READ: The importance of mental health in cyber security

Responding to change

As cyber security professionals and leaders, we have a responsibility to the business and our people. The sooner we act, the better the likely outcome could be. We need to be bold and focus on some of the wider and more impactful aspects affecting our teams, and we need to work with our organization leaders to develop the capabilities to reduce the impact of these corroding influences. This can be done by developing the following attributes.

Commitment

Ensure clear strategic commitment at an organizational level to creating resilient and effective cyber security capabilities with mental wellbeing a prominent and recognized consideration. Demonstrating board level buy-in to creating strong, well-trained and resilient teams, investing in talent creation and providing clear focus these objectives can be achieved and shows top-down commitment. Signing up to the Mental Health in Cyber Security Charter prepared by MHinCS Foundation would be a clear demonstration of intent – it makes business sense.

Prioritization

Recognizing the importance of providing clear priorities and focusing on the things that are truly important by using what we know to make good decisions based on data to ensure we invest valuable resources, where needed. Be clear on the outcomes expected. Get input to test priority decisions and seek buy-in from those closest to the problem in how best to solve it. Once priorities have been set, stay true to them unless something materially changes, and if a pivot is needed, do so mindfully as this will have an impact on people.

Awareness

Be aware of early and subtle indications of stress – unexpected errors, changes in behavior, breakdown of relationships, alcohol consumption, exercise, sleep, tiredness for longer periods and many more. We need to be sensitive to signs that things are not OK. Reasons could be excessive work overload, issues at home, lack of sense of value or inclusion, lack of skills or inability to vocalize concerns for fear of reprisals or loss of reputation, status or credibility. Take the time to understand what is happening, why it is happening and work out ways to address the root cause and make good damage done to date.

Inclusion

Use the skills and knowledge of the leadership team, mangers and team members to contribute to addressing the root causes of issues placing the mental health of the team at risk. A solution built on input from different perspectives is much more likely to be an effective solution than one you have come up with yourself. It is often difficult to do this as a leader as you feel you should have all the answers. However, the benefit of collective ownership is that the solution is much more likely to be effective and is also more likely to be adopted. We work in a complex and ever-changing environment, and nobody has all the answers. As leaders our responsibility it to bring the ideas together and facilitate and support solutions.

Empowerment

Enabling people to come together and find solutions will empower them to bring their skills and capabilities to bear. This gives ownership, a sense of value and being part of the community and improves recognition, which builds skills and confidence. Being empowered also requires responsibility to be shared and as leaders we need to be able to trust those around us to support us in our accountability.

Capacity

Be aware of the capacity you have and what can be achieved, ensuring teams are not overburdened and can support each other, develop skills and maintain a strong work-life balance. Ensure everyone has the capacity to surge in the event of an incident or crisis.

Communication

This is probably one of the hardest areas to get right, it is however also one of the most important. By ensuring an open and honest, respectful culture of communication we can get to understand the issues more quickly. We can take more proactive action to address issues and we can communicate solutions and outcomes more effectively. We can create a positive experience and demonstrate the value of good communication.

We all have differing experiences, skills and expertise, and by working together as part of a community we can share good practice and learn from each other. We should all look to support each other, our teams, colleagues and the organizations we are part of. By being aware of the issues and committing to addressing them, we can be agents for change. Collectively we can make a difference – let’s make it our mission to do something about it.

Actionable takeaways

  1. Publish and promote strategic objectives – town hall/team meetings/personal objectives should be aligned.

  2. Review priorities and publish guidance – make sure everyone is clear on why the priorities have been set and what they mean.

  3. Create opportunities to speak to people – skip level meetings/open forums/team days.

  4. Create a team charter/social contract with the team and find ways to embed it into everyday life.

  5. Reduce meetings, and where meetings are needed, make them 25 or 50 minutes long, with a comfort breaks before the meeting starts and end on the hour/half hour.

  6. Have fun, get together and take time to celebrate success and learn from failure and talk.

  7. Create trust by treating people with respect and expect the same in return in everyday conversations.

Whatever you do in your organizations, it must be with consultation with the teams, because what works in one organization will be different from another. Further, do adopt the Mental Health in Cyber Security Foundation Charter mentioned above.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Building a robust cyber security workforce

Building a robust cyber security workforce

2 months ago AndyC
Leveraging automation for enhanced cyber security operations

Leveraging automation for enhanced cyber security operations

2 months ago AndyC
Cyber security – where toothbrushes, drones and gnomes collide

Cyber security – where toothbrushes, drones and gnomes collide

2 months ago AndyC
IOTW: Victoria Court recordings exposed in suspected ransomware attack

IOTW: Victoria Court recordings exposed in suspected ransomware attack

3 months ago AndyC
IOTW: Russia-linked cyber attack targets Ukraine’s biggest phone operator

IOTW: Russia-linked cyber attack targets Ukraine’s biggest phone operator

3 months ago AndyC
How ransomware extortion is evolving

How ransomware extortion is evolving

3 months ago AndyC

You may have missed

Hackers may have accessed thousands of accounts on California state welfare platform

Hackers may have accessed thousands of accounts on California state welfare platform

47 mins ago AndyC

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

4 hours ago AndyC
Brokewell supports an extensive set of Device Takeover capabilities

Brokewell supports an extensive set of Device Takeover capabilities

7 hours ago AndyC
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

7 hours ago AndyC
Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

13 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.