Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

#BHUSA: Reality of Infosec Mental Health Issues Detailed

In a session exploring Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community at the Black Hat conference in Las Vegas, the problems that employees can typically face were detailed, along with solutions that employees and employers can turn to.

Christian Dameff, clinical informatics fellow at the University of California, San Diego where he is also a security researcher, detailed instances where he was led to feel burned out. The other speaker, Jay Radcliffe, cyber security researcher at Boston Scientific, highlighted the common symptoms of burnout including “feeling cynical, no satisfaction from accomplishments, dreading going to work and no work life balance” which he said were “prevalent in the information security community.”

Radcliffe said: “I’ve seen friends leave and find new jobs after a year as they are burned out and tired of the rigmarole, and only working and traveling.” 

The two speakers said that there are lots of options to resolve issues, including counselors, clinicians, therapists and psychologists, with the latter “trained and providing therapy for mental health conditions,” according to Dameff. He recommended using the C-SSRS screening tool, while self tests are available to diagnose depression.

Speaking to Infosecurity about what businesses can do, Radcliffe said he felt that small things can make a difference, such as making sure employees take their vacation time and ensuring they are encouraged if they are over-burdened all of the time.

He said: “If you think your employees have a lot of burnout, then do a burnout survey and actually measure your employees. Have them fill it out on a quarterly basis and if they show symptoms of burnout then you can make changes so that they are aware of that burnout and do something about it, like make vacation mandatory or change their work schedules.”

Radcliffe acknowledged a “hero complex” in information security of taking on work regardless, but this is not healthy.

Dameff added that there are often privacy concerns on burnout surveys, and people are often worried about confidentiality. They can create a “feeling that if my score was really high, I’m forced to go on vacation and my colleagues have to pick up the slack, so therefore I am depressed: you’ve got to be really careful about stuff like that,” Dameff said.

“But Jay is right, you’ve got to be able to see the trends and anticipate them and indicate how bad it is going to be, and figure out alternative strategies so you can keep people healthy and happy and sane.”

What’s Hot on Infosecurity Magazine?