The biggest cybersecurity crisis?

Study after study shows burnout and stress among cybersecurity teams to be disproportionately  high. A sense of isolation, the extreme pressure, and a lack of support and community are the key driving factors. 

I’ve had the privilege to know some ridiculously talented and lovely security folks over my career in tech and consistently they’ve confirmed that these themes hold true. They speak about working in environments where hero culture and fear-based leadership is celebrated, and the value of honest communication and vulnerability is missing. These environments lead to increased feelings of anxiety, insecurity, and self-doubt. 

Despite the seemingly obvious drawbacks of this kind of workplace,  a surprising amount of companies are built on this framework because it protects those already in power to continue with ivory tower judgment and ego preservation. While these businesses might be successful to start, this type of culture isn't sustainable nor does it lead to sustainable revenue over time. It's simply not worth the cost. 

Studies have repeatedly shown the value of psychological safety in the workplace. Employees who feel safe in their work environment are more likely to contribute their unique perspective, to engage as their whole selves, and stay with the company longer, all of which can lead to improved business outcomes and increased revenue. Psychological safety is good for business and people. They are not mutually exclusive.

Zero Trust is for Systems, not Teams

Psychological safety is built on trust, just like cybersecurity safety. High trust teams (compared to low trust teams) exhibit 74% less stress, 106% more energy at work, 50% higher productivity, and 40% less burnout. Yet a recent McKinsey study reported that only 26% of leaders create psychological safety for their teams. We have to do better.

When team members are psychologically safe, they are more likely to flag when they're burned out, ask for help, admit a mistake, and share that they are experiencing stress. We need to allow our colleagues and friends in cybersecurity a safe space to share and work. When people ask for more help, make a mistake and need time off, we need to listen, provide support and give them what they need to feel safe and healthy. 

Taking Care of Ourselves and Each Other

Just like cybersecurity, we can all share some of the responsibility for creating psychologically safe workplaces. There are many resources to begin assessing or building psychological safety into your workplace, some linked throughout this blog and below. Nonprofits such as Cybermindz also support cybersecurity professional’s mental health and there are many more. We can also take steps outside of work. I see a therapist regularly to center myself. No shame here. Mental health is part of our whole health. Period.

So this Cybersecurity Awareness Month, let’s share tips and tricks about how to protect our tech and data, but let’s also spend time becoming aware of how we can support the people that make all of this possible.

Because at the end of the day, isn’t cybersecurity as an industry here to protect…each other?

Resources