Friday, July 19, 2019
Cybersecurity professionals are facing some significant challenges that are stressing them out, according to “The Life and Times of Cybersecurity Professionals” report from Enterprise Security Group (ESG) and the Information Systems Security Association (ISSA). Check out these tips on how to remediate stressful situations at work.
The Cybersecurity Shortage
Thirty-six percent of respondents in ESG and ISSA’s report said one of the most stressful aspects of a cybersecurity career is keeping up with the growing workload. Although any job in the security field can be demanding, the growing workload can be attributed to the cybersecurity skills shortage. In fact, after reviewing dozens of employment figures, Cybersecurity Ventures estimates that there will be 3.5 million cybersecurity job openings by 2021. Universities have begun to invest in undergraduate degrees, and federal retraining programs have begun, but it will take time to see the results.
Rather than stressing out that you can’t find the right person for the job or don’t have enough hands on deck, consider where your own organization could simplify the workload. Is automating your security policy management an option? Networks continue to become more complex, but consistent control and management of security policies can help your team improve efficiency.
Getting the Business on Board
Thirty-seven percent of respondents in ESG and ISSA’s report said one of the most stressful aspects of a cybersecurity career is trying to get the business to understand cyber risks.
Greg Falkowski, systems engineer at Palo Alto Networks and Fuel Chapter Leader, said company leaders are not providing clear directions on how to improve the enterprise’s security posture, which leaves security professionals stressed out since they have to figure it out themselves. He said the lack of clarity is a big stressor in the cybersecurity industry. “I think there is massive confusion around what it means to ‘protect the enterprise,’” he said. “We often hear that security is now a ‘boardroom discussion.’ However, that does not translate to the many individual contributors that are working hard every day to protect the environment.”
To reduce this stress, Falkowski said enterprise leaders should gain more education when it comes to security. “The days of being a business figurehead are over,” he said. “You need to be far more ‘in the weeds’ as a leader in today's security.”
Making Everyone Aware of Risks
Thirty-eight percent of respondents in the ESG and ISSA report said one of the most stressful aspects of a cybersecurity career is making everyone in the company aware of cybersecurity risks, and getting them to change their behavior.
You can’t change everyone’s security behavior unless you warn them about what risks are out there. Charlotte Gibb, co-owner of software company AutoClerk said she makes sure that all employees know that cybersecurity is an issue. “If they're not aware of cybersecurity before we hire them, we'll make them aware," she said in an article on CNET.
So how do you make sure employees are keeping up with proper techniques to stay secure online? Don’t stress out about including every detail in a long email (which most employees will ignore). Keep it short like a marketing campaign, avoid scare tactics, and remember the goal is to build a culture of cyber awareness.
Keeping Everyone Informed
Almost 40% of respondents said one of the most stressful aspects of a cybersecurity career is finding out about IT initiatives or projects started by other teams, without the security team being involved from the start.
You’ve heard it time and time again: Communication is key. Employees starting a new project should reach out to the cybersecurity team to make sure they know what’s going on. Once everyone knows this, make sure you speak in layman’s terms. Employees on the sales team or HR team shouldn’t be expected to be cybersecurity experts. Translate terminology into common terms so team members want to continue reaching out to you for tips and will keep you in the loop about project details.
Other Tips to Reduce Stress
The cybersecurity shortage, keeping everyone up to date with security risks and a lack of clear communication are just a few stressors in the cybersecurity industry. While we gave you some tips on how to alleviate those stressful situations, there are other ways to combat stress, listed in the chart below.
Tips For Reducing Stress
Take a break: Make sure to take short breaks in your workday to relax. Many professionals in the security field are staring at their computer all day. Professionals should be sure to move their bodies throughout the day.
Establish boundaries: The American Psychological Association recommends that all professionals establish work-life boundaries. Everyone has different preferences when it comes to how much they blend work and home life, but create some clear boundaries to reduce stress.
Talk to your boss: Have a conversation about the stressors you’ve identified. The purpose of the discussion is not to lay out a list of complaints. If you know of some solutions to fix the stressors, share them. For example, if you know you can automate some parts of your security operation, talk to your boss about getting that in place.
Have fun: Take time every once in a while to get away from cybersecurity completely and do something you enjoy. It could be going to the movies, reading a book, or having a nice meal. Find the activity that works best for you and make time to do it.
The cybersecurity industry is only growing. Take some time to identify what is stressing you out and get the support you need, so it doesn’t negatively affect your work and future success.
Do you have tips to help reduce stress at work? Share with your fellow Fuel members in a discussion forum thread.
More to Explore
Check out these Fuel blog posts for further reading: