Combatting Industry Burnout by Building Resilient Security Teams

By Rick McElroy, Principal Cybersecurity Strategist, VMware

We have reached a pivotal point in the history of cybersecurity. Catalyzed by the shift to an anywhere-work environment during COVID-19, attack surfaces expanded and cybercriminals became more sophisticated, creating looming threats for security teams. As a result, stress and burnout within the security industry is rising in lockstep. Defenders are stretched thin countering complex attacks, gaining visibility into new environments and constantly being on alert.

Expanding threat landscape increases stress for defenders

Following the rush to the cloud amid the pandemic, cybercriminals have continued to exploit these environments to deliver integrity and destructive attacks, leading to a spike in incident response engagements and alerts. According to VMware’s recent Global Incident Response Threat Report, nearly half of security professionals said that more than one-third of attacks were targeted at cloud workloads and nearly half targeted victims via island hopping.

The shift to an anywhere-work environment also resulted in adversaries increasingly leveraging business communication platforms such as Microsoft Teams, Skype, Slack, Google Chat to move around a given environment and launch sophisticated attacks.  Our research found that 32 percent of cybersecurity professionals observed attackers using business communication platforms to facilitate lateral movement. These business communication platforms are the perfect delivery mechanism for attacks because organizations and users implicitly trust them and they operate in a known environment.

As the work environment evolves digitally, it creates more vulnerabilities in the threat landscape, leaving enterprises more susceptible to attacks and putting increased pressure on security teams.

Combating burnout on security teams 

Recently, the Information Systems Security Association found that the cybersecurity skills crisis has not only continued, but worsened over the past five years. With cybersecurity skills already in short supply, the prospect of losing additional workforce is troubling, especially in the context of the Great Resignation. Despite their best efforts, defenders are struggling to counter the growing attacks and gain visibility into new environments, such as the cloud, containers, and business communication applications.

This level of stress is impacting their well-being, which carries significant implications for the industry. Over the past 12 months, 51 percent of security professionals experienced extreme stress or burnout, and 65 percent said they have considered leaving their job because of it. To help decrease the mounting pressure security professionals face, business leaders must prioritize building resilient teams and creating a supportive work environment.

Here are six best practices leaders can implement:

• Consider rotations of work. It is essential that teams feel like they are developing and progressing professionally and they may not be able to do that after being in the same high-stress environment year after year. This will not only allow for new perspectives and generate creative ideas but it will also give people room to recharge.
• Empower individuals to take mental health days. An “always on” mentality is not only dangerous to the people involved, but can lead to poor and reactive decision making. Forcing people to interact with others under already stressful conditions is a recipe for disaster. Allow teams space to work and empower them to know when they need to step away.
• Encourage non-standard activities like meetings outside, walking meetings, and  mindfulness training. Mindfulness training is designed to help people deal with stress so encourage teams to take classes and take periodic breaks to reset their mind and come back refreshed.
• Invest in solutions that empower defenders to detect and stop attacks. Legacy security systems are no longer sufficient for protecting against the sophisticated cyberattacks of today. What’s more, these systems require a good amount of manual work and analysis by security teams.  Look to invest in tools that automate time-consuming, manual processes and ones that empower defenders to implement security stacks built for a cloud-first world. When a new tool is introduced, give teams time to adjust to the technology before deploying another new tool.
• Schedule 1-on-1s that are focused on employees. 1-on-1s are a great way to connect with team members however they must be used correctly.  Instead of discussing a specific project, use the time to honestly check-in with team members. Let them set the agenda and allow them to speak about what they need.
• Give defenders a real break after a high stress event. Breaches and compromises can be extremely stressful on teams, especially when incidents last multiple days. Teams are rarely given time off after these incidents which ultimately leads to burnout and unhappy team members.

The anywhere-work environment is here to stay, so leaders need to devise a roadmap to proactively protect the well-being of their security teams. That should start with arming security professionals with the tools and resources needed to do their job while maintaining a healthy mindset.

About the Author

Rick McElroy is a Principal Cybersecurity Strategist at VMware. He has 24 years of information security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. Previously, he held security positions with the U.S. Department of Defense, and in several industries including retail, insurance, entertainment, cloud computing, and higher education. Rick can be reached online at @InfoSecRick and at our company website.