Preventing PTSD and Burnout for Cybersecurity Professionals

The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.

Craig Hinkley, CEO, WhiteHat Security

September 16, 2019

5 Min Read
Dark Reading logo in a gray background | Dark Reading

June — Post-Traumatic Stress Disorder (PTSD) Awareness Month — has come and gone, but mental health is a topic that needs to be continuously talked about throughout the year. The condition is often associated by the public with veterans and first responders, but it can afflict someone from any walk of life.

PTSD can occur when someone experiences or witnesses a traumatic event, and its symptoms include acute anxiety, flashbacks, and intrusive thoughts. This condition isn't always understood properly by the medical community or general population, and it is important to raise awareness about the issues that individuals face when struggling with PTSD. Throughout the entire year, we need to help raise awareness about the many different forms of the disorder and help seek treatment options for those affected.

Cybersecurity PTSD and Burnout
While not as serious as PTSD for the likes of veterans recovering from war, cybersecurity professionals can face a different type of PTSD. Many are firsthand witnesses to cyberattacks that leave lasting damage to the organizations they help protect and can carry over into their work in the future as a reminder of the worst that can happen. Panic can set in when security pros see signs that remind them of past incidents. It's's best to deal with these issues and stress before they become lasting problems that keep them from doing their best work.

Cybersecurity burnout and job fatigue are both a reality, and they are a growing, troubling problem that our industry faces on a daily basis. When compounded with the current cybersecurity skills shortage and the constantly growing threat landscape, burnout is amplified.

As the CEO of a major cybersecurity organization myself, it's important for me to face these issues head-on by creating a culture of individual well-being and self-care. It's imperative to have a close relationship with my team members to help evaluate their state of mind and provide them with support. Support must come from many different areas, such as implementing counseling and stress-relief programs.

Organizational leadership starts with the CEO, and it is my goal to consistently show team members that we care about them and empathize with their daily struggles by constantly making an effort to invest in their well-being. This doesn't always need to come in the form of hands-on training and team building; it sometimes can mean simply listening to the team members to make sure they understand that their contribution is valued and that their work has a purpose.

Cybersecurity Mental Health
Possible issues like depression and anxiety aren't new in cybersecurity, and stress is often rampant. Infosec professionals work long hours and are under constant pressure to protect critical networks from the latest in digital threats.          

As the pace of cybercrime continues to grow, demand is outpacing the supply of security professionals who can help combat the ever-increasing threats. Cybersecurity Ventures estimates the total of unfilled security jobs will reach 3.5 million by 2021. With these global staffing shortages, some departments may only have 10 staffers when the number to adequately do their jobs should really be teams of 15 or 20, directly leading to increased stress levels.

The Effect on Us
The skill shortages represent a widespread threat to the security of all of us. Not having enough trained workers for the organizations that we trust to protect our data leaves us all vulnerable in one way or another. Furthermore, the organizations that are adequately equipped with enough cybersecurity professionals tend to still be overworked, highly stressed, and prone to burnout.

Anecdotal evidence also suggests a high prevalence of mental health concerns in the cybersecurity community, perhaps heightened by the hacker subculture attracting people from a variety of backgrounds, some of which may involve pre-existing mental health conditions.

This topic is extremely personal to me as well. As a teenager, my son suffered a horrific event that left him struggling with PTSD for two years. I saw the effects PTSD had not just on my son but his friends and family, including myself. PTSD is very real with the impacts reaching far and wide. With treatment there is hope, and with compassion and understanding we can help someone affected by PTSD get on a path to recovery.

What to Do Next
Burnout in cybersecurity will likely never completely go away, but it's currently causing our industry to lose out on too many hardworking professionals. Thankfully, by becoming more cognizant of the mental health struggles the industry faces, and with a little more attention to detail, we'll fight back against burnout. Please join me in talking to cybersecurity professionals, whether you are a CEO of a leading organization or simply a friend or family member of someone who works in the industry. The safety of our digital lives is at stake, and we all need to do our part in raising awareness of these issues.

If you or someone you know needs help, contact ADAA, a nonprofit national organization committed to the prevention, treatment, and cure of anxiety and mood disorders, including PTSD.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Escaping Email: Unlocking Message Security for SMS, WhatsApp."

About the Author

Craig Hinkley

CEO, WhiteHat Security

Craig Hinkley joined WhiteHat Security as CEO in early 2015, bringing more than 20 years of executive leadership in the technology sector to this role. Craig is driving a customer-centric focus throughout the company and has broadened WhiteHat's global brand and visibility beyond the application security space and security buyer to the world of the development organization and a DevSecOps approach to application development.

Prior to joining WhiteHat Security, Craig served as vice president and general manager of the LogLogic business unit for TIBCO Software. In that role, he was responsible for global field sales and operations, client technical services, engineering, research and development, product design, and product management. Before TIBCO, he served as the general manager at Hewlett-Packard for the HP networking business in the Americas. Earlier in his career, Craig held positions at Cisco Systems Inc. and Bank of America. He earned a bachelor's degree in Information Technology from the Swinburne University of Technology in Australia.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights