Slashdot Mirror
Cybersecurity's Insidious New Threat: Workforce Stress (technologyreview.com)
This week's Black Hat event will highlight job-related stress and mental health issues in the cyber workforce. From a report: The thousands of cybersecurity professionals gathering at Black Hat, a massive conference held in the blistering heat of Las Vegas every summer, are encountering a different type of session this year. A new "community" track is offering talks on a range of workplace issues facing defenders battling to protect the world from a hacking onslaught. With titles like "Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community" and "Holding on for Tonight: Addiction in Infosec," several of the sessions will address pressures on security teams and the negative impact these can have on workers' wellbeing.
"A lot of people in this space feel strongly about wanting to protect their users," says Jamie Tomasello of Duo Security, who is one of the speakers. "Where this becomes challenging is when people are under sustained high stress. That increases the risk of depression and mental illness." The impact on cyber defenders' lives is deeply concerning, as are the broader implications for security. In spite of a push for greater automation, many tasks in cyber defense are still labor intensive. Workers experiencing mental health issues are more likely to make mistakes and to have performance issues that require colleagues to pick up the slack, increasing the likelihood they will make errors too.
"A lot of people in this space feel strongly about wanting to protect their users," says Jamie Tomasello of Duo Security, who is one of the speakers. "Where this becomes challenging is when people are under sustained high stress. That increases the risk of depression and mental illness." The impact on cyber defenders' lives is deeply concerning, as are the broader implications for security. In spite of a push for greater automation, many tasks in cyber defense are still labor intensive. Workers experiencing mental health issues are more likely to make mistakes and to have performance issues that require colleagues to pick up the slack, increasing the likelihood they will make errors too.
what color hair do the xers leading these talks have
disclosure: I left infosec for the relatively calmer career path of system administration.
infosec is under enormous pressure to deliver a product that cant be hacked, and take the blame for when products are hacked. Developers routinely leapfrog infosec for exceptions to upgrades or coding standards and when theyre caught with their pants around their ankles theres no accountability, only blame. 'IS director' is a revolving door of burnouts that are exhausted from the constant assault and bettery from sales insisting every credit card is a good credit card, and managers insisting you need to stand down from every product meeting or just not attend at all because it somehow negatively affects 'agility.'
I became so jaded eventually that my job morphed from protecting users from malicious actors, to just keeping a running CYA log of poor leadership decisions and whom to attribute them to when the shit hit the fan. no hardened binaries? no standardized two factor? no problem. Just dont expect me to sit quietly in the meeting.
Good people go to bed earlier.