Content

Events
About

Creating resilience & promoting strong mental health in cyber security teams

Peter Oliver | 02/06/2024

It’s fair to say that the last five years have brought some interesting challenges on a global scale. The pandemic, global conflicts, fractures in societies around the world, widening gaps between rich and poor – this has undoubtedly created heightened levels of anxiety in most people generally.

On top of the increased stress level security professionals are exposed to, additional stresses include more highly motivated and effective threat actors utilizing more methods to do damage, extort money or impact reputations. Well-rehearsed and highly effective methods are used to monetize attacks with low entry barriers and can be highly destructive and costly for those on the receiving end. It is accepted by most security professionals that it is no longer a case of whether an attack will be successful but rather when and how to respond.

Against a backdrop of rampant inflation pushing up the cost of operating security services and tooling, downward pressure on operating costs and resource/skills shortages driving wage inflation, many organizations are under enormous pressure.

Left unchecked, it could develop into a national or global mental health crisis in cyber security that leaves teams depleted, impacting large numbers of cyber security professionals. The impact on lives and the resulting losses to the profession could increase organizational risk and potential loss – so we ALL need to pay attention to this.

READ: The importance of mental health in cyber security

Responding to change

As cyber security professionals and leaders, we have a responsibility to the business and our people. The sooner we act, the better the likely outcome could be. We need to be bold and focus on some of the wider and more impactful aspects affecting our teams, and we need to work with our organization leaders to develop the capabilities to reduce the impact of these corroding influences. This can be done by developing the following attributes.

Commitment

Ensure clear strategic commitment at an organizational level to creating resilient and effective cyber security capabilities with mental wellbeing a prominent and recognized consideration. Demonstrating board level buy-in to creating strong, well-trained and resilient teams, investing in talent creation and providing clear focus these objectives can be achieved and shows top-down commitment. Signing up to the Mental Health in Cyber Security Charter prepared by MHinCS Foundation would be a clear demonstration of intent – it makes business sense.

Prioritization

Recognizing the importance of providing clear priorities and focusing on the things that are truly important by using what we know to make good decisions based on data to ensure we invest valuable resources, where needed. Be clear on the outcomes expected. Get input to test priority decisions and seek buy-in from those closest to the problem in how best to solve it. Once priorities have been set, stay true to them unless something materially changes, and if a pivot is needed, do so mindfully as this will have an impact on people.

Awareness

Be aware of early and subtle indications of stress – unexpected errors, changes in behavior, breakdown of relationships, alcohol consumption, exercise, sleep, tiredness for longer periods and many more. We need to be sensitive to signs that things are not OK. Reasons could be excessive work overload, issues at home, lack of sense of value or inclusion, lack of skills or inability to vocalize concerns for fear of reprisals or loss of reputation, status or credibility. Take the time to understand what is happening, why it is happening and work out ways to address the root cause and make good damage done to date.

Inclusion

Use the skills and knowledge of the leadership team, mangers and team members to contribute to addressing the root causes of issues placing the mental health of the team at risk. A solution built on input from different perspectives is much more likely to be an effective solution than one you have come up with yourself. It is often difficult to do this as a leader as you feel you should have all the answers. However, the benefit of collective ownership is that the solution is much more likely to be effective and is also more likely to be adopted. We work in a complex and ever-changing environment, and nobody has all the answers. As leaders our responsibility it to bring the ideas together and facilitate and support solutions.

Empowerment

Enabling people to come together and find solutions will empower them to bring their skills and capabilities to bear. This gives ownership, a sense of value and being part of the community and improves recognition, which builds skills and confidence. Being empowered also requires responsibility to be shared and as leaders we need to be able to trust those around us to support us in our accountability.

Capacity

Be aware of the capacity you have and what can be achieved, ensuring teams are not overburdened and can support each other, develop skills and maintain a strong work-life balance. Ensure everyone has the capacity to surge in the event of an incident or crisis.

Communication

This is probably one of the hardest areas to get right, it is however also one of the most important. By ensuring an open and honest, respectful culture of communication we can get to understand the issues more quickly. We can take more proactive action to address issues and we can communicate solutions and outcomes more effectively. We can create a positive experience and demonstrate the value of good communication.

We all have differing experiences, skills and expertise, and by working together as part of a community we can share good practice and learn from each other. We should all look to support each other, our teams, colleagues and the organizations we are part of. By being aware of the issues and committing to addressing them, we can be agents for change. Collectively we can make a difference – let’s make it our mission to do something about it.

Actionable takeaways

  1. Publish and promote strategic objectives – town hall/team meetings/personal objectives should be aligned.
  2. Review priorities and publish guidance – make sure everyone is clear on why the priorities have been set and what they mean.
  3. Create opportunities to speak to people – skip level meetings/open forums/team days.
  4. Create a team charter/social contract with the team and find ways to embed it into everyday life.
  5. Reduce meetings, and where meetings are needed, make them 25 or 50 minutes long, with a comfort breaks before the meeting starts and end on the hour/half hour.
  6. Have fun, get together and take time to celebrate success and learn from failure and talk.
  7. Create trust by treating people with respect and expect the same in return in everyday conversations.

Whatever you do in your organizations, it must be with consultation with the teams, because what works in one organization will be different from another. Further, do adopt the Mental Health in Cyber Security Foundation Charter mentioned above.

Upcoming Events


Digital Identity Week

09 - 10 September, 2025
Sydney, Australia
Register Now | View Agenda | Learn More

MORE EVENTS