Addressing Burn Out in Cybersecurity Teams

The year 2020 was hard for everyone. So far, 2021 hasn’t been much better. It’s safe to say the phrase “burnt out” doesn’t even begin to scratch the surface of most folks’ current psyche. As the world pivoted to remote work during a global pandemic, the cybersecurity industry braced and held their breath. Risk and vulnerabilities quadrupled, new threat vectors came from left and right, malicious actors started targeting healthcare at an increasingly alarming rate, insider threats became more of a concern, teaching remote cyber-hygiene became a priority, and the list goes on. Working in the cybersecurity field can be a thankless job. It often feels like you are the little Dutch boy, putting your finger in the dam to stop a leak, only to find another hole almost immediately. Burn out within teams working in cybersecurity was already high, but with a global pandemic piled on top, the rate continues to rise. How do you combat this burn out within your teams?

Working Towards a Common Goal

It is vitally important to make sure team members know their contributions are working towards a higher-level goal or strategy. If a task seems menial, it’s important to highlight how this small piece plays into the larger picture and security strategy of the organization. If the teammate understands the larger context, they’re more likely to be enthusiastic about how their part plays into protecting the organization. It’s also critical to reiterate this; regular affirmations go a long way to creating a positive environment for teams to flourish in.

Celebrate Wins

Working in cybersecurity sometimes feels like you never make progress. You can solve one issue, only to find 10 more in the process. It’s critical to celebrate wins, no matter how small. A great resource and Ted Talk on focusing on the positive, can be found by Shawn Achor “The Happiness Advantage.”

The team I manage (Elissa), employs a number of these tactics to remind everyone that progress is being made. In our weekly team huddles, I call out the “rockstar” of the week and highlight someone on the team who has done something stellar the week previous. On Fridays I also post in our Team Channel “Three Good Things” to highlight wins of the week, and encourage my team to also post any they experienced. Although these can seem corny, the psychology behind it really does help the morale of the team and showcase that the hard work being done is making a difference.

Unplug

One of the reasons cybersecurity professionals experience pervasive burn out is being on the job 24/7. As technology professionals, we are guilty of answering emails at night, on weekends, and essentially being on-call (whether or not you actually are), all the time. I have a mandate for my team, that when they take PTO (which is encouraged regularly – even if it’s just a Friday off), they actually unplug. I’ve been known to have their access revoked when they begin answering emails on PTO.

Unplugging from work is a necessity to come back feeling refreshed. I’ve also encouraged my team to change the verbiage on their out of office email replies to “I’ll respond when I return,” modeling the European mindset instead of the slippery slope indicating “I’ll will respond when I can.”

As we continue with the remote work model, it’s also important to set boundaries. There is a plethora of articles out there on how to effectively work from home. But it’s important to set boundaries for yourself like not checking work email past a certain time, or totally unplugging on Saturdays.

Acknowledge & Validate

Another great way to help your staff cope with stress and burn out is simply to let them express their frustrations and acknowledge it. Cybersecurity work can be incredible frustrating, sometimes a 1:1 session to vent these frustrations will go a long way. Being heard and acknowledged has real value in any relationship including your work relationships. Once you acknowledge the stress, it is healthy to redirect the frustration into a constructive conversation on how to improve the process, tool or team that is vexing them. This can spur innovation and efficiency leading to optimization and to that team member feeling like a valued member of the organization. This doesn’t always happen, but it can be a silver lining to what otherwise would be a gripe session—which is sometimes all someone needs too!

Summary

We’ve all had a tough two years, so it’s important to remind ourselves that we are not the only ones having a tough year. Make sure you ask your teammates how they are doing and remind them to unplug. Having someone on your team that is not engaged can spread amongst others quickly. It’s especially important because it will be difficult to find and train someone while we are all burdened with the stress of the past year and the work in front of us in addition to the continuing cybersecurity skills gap.

What’s Hot on Infosecurity Magazine?