Cybersecurity is an infinite game being played by teams and multi-team systems of individuals with finite capacity. Alongside this, the unpredictable nature of the cyber industry leaves many things outside of the defenders’ control. While leaders readily invest in technology to maximise human capacity, we have to remember that the use of technology is still a human task. New technology can be useful, however we must put more emphasis on human capital. Businesses should be investing more time into their people, their development, and well-being, or else they risk their cybersecurity professionals burning out and quitting the so-called “infinite game.”
MultiTeam Solutions conducted research into stress and burnout amongst nearly 175 cybersecurity professionals, where burnout was generally defined as “no longer having the motivation to do one’s job effectively.” The research found that over 50% of individuals believe they will burn out in the next year, with 35% of this group admitting they anticipate burning out within the next 6 months. Another 25% accept that it will happen in the next 2-3 years. Not only does this show that 80% of respondents acknowledge they will be less effective in the foreseeable future (and some very soon), but also that burnout and stress are a known and expected part of working in cybersecurity.
Stress and burnout, in many respects, are challenges that present themselves at an individual level. All too often, though, the bureaucratic nature of cybersecurity operations maintains its focus on general performance rather than the individuals involved. Naturally, for high-level strategic decisions, there is merit in taking a generalised perspective, particularly in larger organisations. This approach is not sufficient for addressing stress and burnout.
While leaders are leading teams, multi-team systems, and entire organisations, they—and especially direct supervisors—must pay attention to the individuals who compose those larger groups. If not addressed at an individual level, then stress and burnout will undermine motivation and affect cohesion across cybersecurity ecosystems—contributing to a vicious cycle of unaddressed issues and lower morale. Hence, the principles guiding any new leader-driven initiative aiming to improve mental health and well-being in cybersecurity needs to be rooted in the individual’s experience.
There are various practical strategies that leaders can take to help reduce the attack surface of stress and burnout for the people they lead. An important framework to incorporate in any new initiative addressing this issue is the “ABC” framework for motivating individuals: Autonomy, Belonging, & Competence. Motivation serves as one of the best adversaries for stress and burnout.
Autonomy
Leaders can look for opportunities to provide those they lead with a sense of autonomy through ownership and choice. Often, ownership and choice are viewed at a macro level, where a person oversees a task or project simply because it aligns with their role or title—while this contributes to autonomy, it can limit the number of opportunities. By taking a more nuanced perspective, leaders can readily provide and recognise more of these types of opportunities.
At a more micro-level view, leaders can home in on specific tasks or projects that align with an individual’s strengths or areas interests, where ownership will come more naturally. For example, if there is a team member with a strong interest and skillset in network security and traffic analysis, the leader can assign this individual the task of enhancing the organisation’s Intrusion Detection System (IDS).
This gives the individual a sense of ownership and allows them to manage decisions across various processes including strategically upgrading rules, optimising alerts, and reducing false positives. In this scenario, the leader provides a range of decision-making opportunities, cultivates ownership, and leverages the team member’s expertise, which also builds on a sense of competence.
Belonging
Cybersecurity culture often fosters a sense of individualism that lends itself to operating in isolation—individual interest in areas of cybersecurity lead to individually-driven projects, individual certifications, etc. That being said, being siloed is not a sustainable mode of operation. For most cyber professionals, the challenges are too complex to resolve individually and negative experiences (failure, shame, guilt, embarrassment, etc.), when experienced alone, are likely to take an even greater toll than when those experiences are shared with others.
Leaders can find opportunities to build connectivity through initiatives at multiple levels–the individual, team, multi-team system, and across the organisation. For example, helping to connect goals across these levels can help people understand that they are part of something bigger than themselves. Helping individuals see how their goals fit into those of the team and setting wider objectives that envelope individual aims are all relatively straightforward ways to create a sense of belonging in a professional setting. Similarly, guiding teams to see how their goals fit into the multi-team system, contributes to a sense of belonging at the next tier up of what is known as the goal hierarchy.
Another possibility is supporting employees to start formal groups (e.g., affinity groups) within an organisation in order to bring together individuals with shared identities, interests, or experiences. One example of this would be standing up a “women in cybersecurity” group for the purpose of regularly gathering, sharing experiences, and supporting each other’s career advancement. Successfully organising or contributing to such groups can also build on one’s sense of autonomy and competence.
Competence
In order to boost a sense of competence at the individual level, leaders need to create a learning-oriented environment that provides opportunities for individuals to explore, gather, and practice applying new information. There are specific strategies to build or strengthen these aspects of the work environment.
For example, leaders can support individuals by providing both time and financial resources for professional development opportunities, such as new certifications. An added layer of precision that will further build motivation is identifying how these opportunities support not only their role in the organisation, but also their specific area(s) of interest. Not to mention that the opportunity for individuals to choose to gain expertise in a specific area of interest builds one’s sense of autonomy, and if that area fits within their team’s work, then an increase in sense of belonging (via future contributions) can be part of the outcome, too.
Leaders can also embrace a growth-mindset culture whereby mistakes do not equate to failures; rather, mistakes are repositioned as learning opportunities to develop and grow. This allows individuals to safely explore and practice various aspects of their work. It’s important to note that this approach also requires a shift toward more developmental, rather than punitive or evaluative, feedback.
A necessity, not a nicety
As cybersecurity continues to increase both in complexity and pressure, prioritising the mental health and well-being of professionals is essential to protecting the workforce. By taking a human-centered approach to combating stress and burnout at the individual level, leaders will overcome a common deficiency of large organisations and bureaucracies. Leaders who invest in the ABCs of motivation—and especially use this model to motivate direct supervisors to support individual team members—will cultivate a productive and adaptive workforce that is more resilient individually and collectively.
About the Author
Dr. Daniel Shore is an expert in Workplace Psychology. He focuses on teams, multi-team systems, and leadership with a human-centered approach to fostering connections within and between teams. He is the Co-Founder of the Integr8 training program, which is built on 5 years of US- and European-government funded research.
Daniel can be reached online on LinkedIN and at our company website MultiTeam Solutions | Leadership & Effective Teamwork Strategies.
