|CISOs should do more to ensure staff do not burn-out – including increasing diversity.
Over half (54%) of IT security professionals had left a job because of overwork or burnout, or worked with someone who had, observed the latest Chartered Institute of Information Security (CIISec)’s The Security Profession’s 2019-2020 report.
The survey reveals the need for management to deal with this growing crisis.
This report showed both potential causes & consequences. It outlined that security budgets are not ‘keeping-up’ with the rising threat level, & when security teams are stretched during holidays / busy periods, 64% commented their businesses merely ‘hope to cope’ with less resources when necessary, while just over half would drop routine / non-critical tasks.
“Unless the industry can learn how to do more with less while also addressing issues of diversity & burnout, risks will rise and organisations will suffer,” she maintained.
“To avoid this, we need the right people with the right skills, giving them the help they need to reach their full potential.
This doesn’t only apply to technical skills, but to the people skills that will be essential to giving organisations a security-focused culture that can cope with the growing pressure ahead.”
Stress & Burnout
Irfahn Khimji, Country Manager, Canada at Tripwire explained that the current COVID-19 crisis had raised both stress & burnout, because new projects focused on secure remote-work became the priority.
“The expectation was that the existing critical projects would not drop. Teams that were already stretched thin ended up getting even further stretched with the additional workload,” he commented.
Stretch – then impose limits
Khimji also added that CISOs can focus on helping the mental health of their people by encouraging a limit on working hours, & encouraging their teams to take some time off.
“When working from home, the line between work & home gets blurred resulting in a much longer work-day. Encouraging the team to disconnect after a certain amount of time allows rest, spend dedicated time with their families & refresh for the next workday,” he observed.
Ekaterina Khrustaleva, CEO at ImmuniWeb, explained that most of the burnout incidents stems from bad co-ordination & flawed planning.
“If you thoroughly design your task load & establish ambitious but feasible KPIs with attractive incentives for the best performers, you will likely reduce conflicts, stress & toxic atmosphere to zero. You’ll apportion the workload in a transparent, efficient and effective manner enabling your team to unlock hidden capabilities,” she further explained.
Diverse thinking & fresher minds
Although men & women were equally represented regarding age & level of education received, women were paid significantly less on average or were in lower paying roles with 37% of women earning less than £50k pa, compared with 21% of men. The report also found that 15% of women earned more than £75,000 per year, as opposed to 39% of men.
“Addressing a lack of diversity in the industry isn’t only a matter of fairness,” stated Finch. “It also unlocks the skills & talents of a whole range of people who could collectively rejuvenate the industry & help reduce the huge pressure many security teams are under.”
She further said that there is a need to attract a more diverse range of people to a career in security. “Understanding why people join & why they leave is the beginning of building a resilient workforce that can face the challenges ahead.”
Mike O’Malley, VP of Carrier Services at Radware, explained that diversity in the workplace should start at the top by creating a workplace that actively encourages diversity.
“One of the ways is to stop following commonly established social stereotypes. As organisations continue to grow, educating employees on the importance of diversity by providing real life scenarios can help demonstrate the positive impact it can bring to the business & individuals,” he further commented.
“Promoting flexibility in choosing the right careers & providing a supportive environment for up-skilling & progression can also go a long way in setting up organisational success. It all leads to a healthy workplace.”
4 points to reduce stress
With serious problems emerging as cyber-criminals & nation-state attackers both target the healthcare sector, Microsoft very generously, is ensuring that its ’AccountGuard’ threat notification service