It’s been known for years that industry-wide stress hinders the security workforce. Now with the added pressures brought on by COVID-19, employee burnout is an even greater issue looming over security leaders. This ongoing stress is detrimental to the motivation and overall happiness of employees – making them more likely to leave the industry altogether.
It is certainly important to bring awareness to the industry-wide stress that hinders our security workforce, but in order to tackle this issue head on, leaders must make employee wellbeing the priority. Even throughout this complicated, stress-inducing year, security professionals can still achieve what I have termed Cyberlandia: the optimal state of cyber readiness, with happy employees who feel empowered to face whatever threats they encounter. During the current pandemic, cybersecurity teams may be feeling like Cyberlandia is an unattainable goal. However, changes made during these times will have lasting beneficial effects on employees and the industry no matter where their career takes them.
Create structures of empowerment
Many security departments have operated in silos for far too long, which ultimately hinders employee growth, increases workloads and leads to employees feeling unhappy in their positions. Monotony is a catastrophic issue that slowly creeps into a workplace over time. Even if all operations are running smoothly, boredom and sameness can lead to burnout. Currently, according to a Ponemon Institute study, 65% of Security Operation Center employees have thought about leaving their career due to stress, while 68% of security employees feel they lack guidance in their career path.
Leaders can combat these feelings by putting their employees first and arming their cyber professionals with mentors spanning various disciplines to encourage continuous learning and demonstrate career paths that are dynamic and empowering.
As a more day-to-day solution, organizations must grant cyber teams flexibility in their work week, especially when working from home. Because cyber threats can attack at any hour of the day, it’s especially hard to stick to a traditional 40-hour work week. While working from home, it becomes even harder to step away from computer screens and shut off work. In fact, a Nominet study found 88% of CISOs admit they work beyond traditional business hours, including weekends. A way to promote a healthy work-life balance during the workday is to bring back the uninterrupted lunch hour. Encourage employees to make themselves unavailable for an hour during the work day in order to have a mental break, and come back with a full stomach and energized to tackle the next opportunity.
Initiate effective communication
Cybersecurity is sensitive work, filled with frequent high-stress and high-risk discussions. A good leader will strategically disclose important information to those who need to hear it, knowing that misplaced information could cause undue stress throughout the team. It’s important to filter sensitive information and share the details that keep teams well informed and motivated to do their jobs.
There are simple ways to implement and encourage effective communication:
- Snack-Sized Meetings: Effective communication starts with trust. Schedule regular team and individual snack size check-ins, less than 15 minutes, to share information in smaller settings. As these meeting continue over time, bi-directional communication will improve as both parties are investing time to build the relationship.
- Purpose-Driven Communications: The purpose behind the information given also needs to be communicated. It’s important for the team to see the full picture to foster motivation, but not be overwhelmed by the looming issues.
- Be Interested: Don’t make every interaction only about work. Start meetings with an icebreaker such as what you did last weekend, favorite streaming series or how long you would survive in a zombie apocalypse and why. It really helps you get to know people, and they will recognize you’re genuinely interested in getting to know them.
- See Each Other: Host video chats to keep morale up and provide a space for employees to connect through non-work related discussion – they can even be happy hours or other creative get-togethers.
Exemplify Sound Decision-Making
The next cybersecurity concern is just around the corner, and when the eventual breach occurs, everyone will ask: “Who is to blame?” This is where cybersecurity leaders must take on the role of decision-maker. Cybersecurity leaders must make strategic decisions driven by solutions, not blame. More importantly, they must stand firm in their decisions driven by data. It’s essential to understand that good leaders lead by example. By staying level-headed and strategic, leaders are eliminating unnecessary stress within the workplace. Employees will take note.
Another decision that must come from top-down to eliminate stress is deciding how roles and responsibilities will be divided among team members and making sure everyone on the team knows their goals. It’s important to be clear to prevent unclear expectations and stress. Finally, while it’s crucial for leaders to exemplify sound cybersecurity decisions, it’s also important to lead by example. Your employees will take note and follow your lead in making sound personal wellbeing decisions.
Employees will not speak up about their stress until it’s too late. While it is important to recognize the stress employees are facing, especially this year, it’s on the leader’s shoulders to combat the issue of burnout effectively ahead of the pandemic’s lasting effects. Be proactive and implement practices that can be demonstrated and encouraged at all professional levels. The initiatives enacted today around employee wellbeing, or “Cyberlandia,” will shape the workforce of tomorrow.