Not only this, but in an industry as tight-knit as cybersecurity, news of large data breaches, and the professionals who oversaw them, travels “at the speed of the wire”. Schueler added: “The minute something happens, your personal reputation, not the company’s, is now on the line.”
As one might expect, constantly being braced for ruin, and the feeling that this ruin will instantly become very public, will put knots in the stomachs of even the most zen of people. This is why, Schueler argues, burnout and stress overload are endemic in the cybersecurity industry.
Bad for everyone
Nobody wins when employees are stressed beyond belief. It’s bad for the workers themselves, of course, but Schueler argues that it is disastrous for employers and managers, too. “The scariest thing [an employer] can have is a cybersecurity team that is burnt out, because now they’re so overwhelmed, [they] can’t care any more. That’s your worst-case scenario.” If a cybersecurity team has become despondent, the “dwell time” – in other words, how long it takes for a cybersecurity threat to be detected and then neutralised – can stretch beyond a year.
While Schueler contends that cybersecurity is, in some ways, inherently high-stress, that is not to say that the situation can’t be allayed somewhat. Schueler stresses that cybersecurity teams need to be the right size, though adds that the ever-growing skills gap can make expanding teams pretty difficult. In lieu of that, managers can ensure that employees aren’t faced with a workload that increases their stress levels.
The working schedule should be peppered with appropriate breaks and managed so that the most intense elements of the job don’t fall too consistently on any one employee. If need be, Schueler suggests, outsource elements of the cybersecurity strategy as a way of calling in extra reinforcements to address threats.
Industry: Cyber Security News