The headlines were alarming.
A data breach exposes the personal information of nearly 20 million patients.1 Hackers infiltrate a rewards database, intending to sell information on the Dark Web.2 Cyber criminals compromised a server containing the data of 3.1 million people.3
These real-life cybersecurity intrusions from 2019 not only captured media attention but are examples of the high-stress environments that cybersecurity professionals often face defending commercial and governmental databases from attack. Experts at the University of Phoenix say that protecting an organization’s infrastructure or safeguarding the personal information of millions of people can take a toll on the mental health of these tech-minded professionals and leadership must take responsibility for managing their stress.
Dr. Samantha Dutton, LCSW, an associate dean at University of Phoenix, is the president of a cybersecurity consultancy, where her husband, Andrew, serves as the consultancy’s principle cybersecurity architect. She has a background in counseling and said that they have discussed the mental wellness of cybersecurity professionals at the dinner table on multiple occasions.
Dr. Dutton said that these conversations with her husband have provided insight into the psychological stressors they face and how their mental well-being is often overlooked.
“Cybersecurity professionals are under constant attack with no obvious finish line. The stress, fatigue and pressure is drowning the workforce,” Dutton said. She cites a Symantec report, which found that 64 percent of cybersecurity professionals have considered quitting their job as a result of this stress.
“There is no downtime. It’s nonstop. Every day is a battle,” she added.
Those insights — among others — were shared by Dr. Dutton and her husband at SecureWorld conferences in Seattle and Atlanta. They presented the topic, “Preparing for the Human Factor in Our Cyber Future,” which focused on the impact of stress on cybersecurity professionals and the importance of self-care.
“Cybersecurity professionals are always on the front line,” Dr. Dutton said. “People don’t care about them… until they do.”
So how do cybersecurity professionals improve mental health? Dr. Dutton champions that these professionals must feel that they are in control, have value and are supported by the organizations they protect. To do this, organizations must take steps to support the mental health of the professionals on the frontlines of today’s cyber war.
Dr. Dutton said that support and best practices must come from the top – from chief information security officers. She noted that these leaders are not immune to high levels of stress and the potential mental health complications that go along with it. The same Symantec report found that a quarter of CISOs worldwide suffer from physical or mental health issues due to stress and a third fear for their jobs.
"We have to be right on defense all the time. Hackers only have to be right once."
— Larry Schwarberg
CISSP, vice president of information security at University of Phoenix.
Larry Schwarberg, CISSP, serves as vice president of information security at University of Phoenix. He said that that this topic is a social reality that UOPX experts have addressed through thought leadership and how the University’s own information security team approaches mental health. He recognizes the level of stress associated with the role and has taken steps to provide the necessary support.
“We have to be right on defense all the time,” Schwarberg said. “Hackers only have to be right once.”
For Schwarberg, it starts with a human connection. At University of Phoenix, he has made efforts to manage those stress levels internally and by being more available to his team.
Initially, he scheduled two hours a week as open office hours, where his team could come in and talk about anything: personal, sports-related, professional or IT specific. This was meant to be a time to address business problems and challenges, or simply blow off some steam. No one showed up.
In September, Schwarberg changed tactics. He abandoned his office and moved into a cubicle to sit amongst his team members, as he felt disconnected within his office walls. The result? Schwarberg has seen an increase in activity among team members and others, who have stopped by his cubicle for questions, concerns or conversation. His own team also has access to his calendar to schedule appointments as needed.
So how does this communication factor into mental health?
It’s about creating open communication and connectivity when pressures mount. It’s about making sound management decisions that may mean decreasing meeting requirements and delegating tasks in an effort to find time for learning. It’s about giving employees the comfort and freedom to say no, when saying yes could be detrimental.
“Don’t be afraid to say no if the workload is too much or you’re feeling stressed,” Schwarberg told his employees. “If you do it well, I’ll come to you again and again. Say no if it is too much.”