VMware is proud to be a 2021 Champion for Cybersecurity Awareness Month, a collaborative effort among the public and private sector to increase resiliency and raise awareness about cybersecurity. The initiative is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. As one of 15 members of CISA’s Joint Cyber Defense Collaborative (JCDC) and a Champion of Cybersecurity Awareness Month, VMware is committed to protecting our customers from cyberattacks and furthering collaboration across the private and public sector to better defend against evolving threats.
This month, we are taking the opportunity to bring attention to a critical issue impacting today’s defenders. With a surge in destructive attacks and a massive cybersecurity talent shortage, burnout is being felt by many in the industry. In a survey of incident responders and security leaders, VMware found that more than half experienced extreme stress or burnout during the last 12 months. Of that group, 65% considered leaving their job because of it.
“Being in cybersecurity is like being an air traffic controller; you’re constantly watching the radar and have to be ready at a moment’s notice to act,” said Chad Skipper, global security technologist at VMware. “Thing is, there are many more incidents in cyberspace than in the airspace, especially in the past year. With stakes this high, it’s no surprise professionals are experiencing burnout.”
To protect the defenders who are constantly working to stay one step ahead of attackers, the industry must combat burnout across security teams by prioritizing their well-being. For cybersecurity leaders, the focus must remain on building resilient, cyber-vigilant teams.
“Burnout is a huge issue with incident response teams, who are handling a spike in engagements in what is still a largely remote environment,” said Rick McElroy, principal cybersecurity strategist at VMware. “It only further underscores the need for leaders to build resilient teams, whether that means considering rotations of work, empowering individuals to take mental health days, or any number of other initiatives aimed at nurturing personal growth and development.”
There are several best practices that infosec managers and cybersecurity professionals can implement to help each other stay healthy in this high-stress occupation. For infosec managers, consider adopting resilience-building techniques, and wherever possible, improve workflow and workload by embracing automation. For cybersecurity professionals, recognize the warning signals of burnout and find the practices that help you reset. For more best practices, check out the infographic at the end of this post.
Empowering Security Leaders
Burnout has become a systemic problem, so there must be a focus on empowering security teams to work smarter and more efficiently. This starts with improving processes, leveraging automation, and ensuring empowerment starts at the top with the CISO.
“By empowering CISOs, we can help relieve some of the burnout felt by their security teams,” said Tom Kellermann, head of cybersecurity strategy at VMware. “Elevating the CISO’s role within an organization will help to better ensure cybersecurity measures are appropriately prioritized and that the team leading those measures has the necessary resources and support to combat burnout and build resilience.”
Driving home the understanding that security is the responsibility of all employees, rather than just infosec practitioners, is another important shift that will help ease the feeling of burnout. A new study by Forrester Consulting commissioned by VMware stressed that security should no longer be a specialization within an organization. Instead, security tasks need to be embedded across people, processes and technologies, rather than owned by a given few. Treating security as a team sport will ultimately help take the pressure off and alleviate burnout.
Hacking Burnout: Resources and Get Involved
- Join the conversation about how to effectively address and prevent burnout as a security professional. Amanda Berlin, CEO of Mental Health Hackers and Lead Incident Detection Engineer for Blumira, will join VMware’s Rick McElroy and Karen Worstell for an honest conversation about burnout on LinkedIn on October 14 at 2:00 p.m. ET and on Twitter on October 28 at 2:00 p.m. ET.
- Support the Mental Health Hackers mission to educate security professionals about the unique mental health risks faced by those in the cybersecurity field, provide guidance and support services. VMware employees can donate to Mental Health Hackers and secure a 100% match from the VMware Foundation on BrightFunds.
- Explain how you maintain resilience in your cybersecurity career. Join @StaySafeOnline and @CISAgov for the #CyberCareerChat on Twitter on October 19 at 2:00 p.m. ET to inspire and promote the exploration of cybersecurity careers.
- Read Karen Worstell’s latest blog post about combating cybersecurity burnout through self-care, empathy and empowerment and watch her interview on the Cyber Insecurity stream about her personal experience dealing with burnout.
- Download VMware’s 2021 Global Incident Response Threat Report to read the latest on emerging threats that are leading to the burnout of the security professionals tasked to defend against them.
- VMware employees can visit the Well-Being site for solutions that reflect our EPIC2 values and range from the annual well-being stipend to emotional well-being support.
To join the Cybersecurity Awareness Month conversation, use the hashtags #BeCyberSmart and #CybersecurityAwarenessMonth, and don’t forget to tag @vmw_carbonblack.