Events Add an event Speakers Talks Collections
 
Duration 40:01
16+
Play
Video

Burnout—The Greatest Threat to Your Organization’s Security

Chloe Messdaghi
Owner; Growth Strategy Consultant at Stand Out In Tech
  • Video
  • Table of contents
  • Video
RSAC 2021
May 20, 2021, Online, USA
RSAC 2021
Request Q&A
RSAC 2021
From the conference
RSAC 2021
Request Q&A
Video
Burnout—The Greatest Threat to Your Organization’s Security
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Add to favorites
64
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speaker

Chloe Messdaghi
Owner; Growth Strategy Consultant at Stand Out In Tech

Chloé Messdaghi is a changemaker who focuses on innovating tech and information security sectors to meet today and tomorrow demands. For over 10 years, she has provided impactful solutions that empower organizations, products, and people to stand out from the crowd. Her work has earned her many distinctions, including being listed as one of the Business Insider’s 50 Power Players of Cybersecurity, a SC Magazine honoree, Cybersecurity Advocate of the Year, and Cybersecurity Women of the Year by Cybersecurity Excellence Awards. Chloé is a trusted source for national and sector reporters and editors, as well as her research, op-eds, and commentary have been featured in numerous outlets, from Forbes and Business Insider to Bloomberg, and TechRepublic. She is a seasoned public speaker at major conferences, conventions, forums, and corporate events organized by industry associations and Fortune 500 companies. She serves or has served on several advisory groups, boards of directors, and nonprofit boards of trustees.

View the profile

About the talk

Chloe Messdaghi, Growth Strategy Consultant, Co-Founder, WoSec and Hacking is NOT a Crime Several trends are now colliding to make burnout among security professionals a greater threat to business continuity than ever before. From alignment of deployment decisions with employee training to judgement-free skills assessments and engaging upskilling, every organization can take common sense-yet-uncommon steps to prevent and address burnout and increase security talent retention.

Share

Higher One, my name is Clarissa and welcome to burn out. Their greatest threat to your organization security. I'm very excited to get this heart because I feel like we could all use this talk-to-text doesn't only just cover about like, how you can prevent burnout $0.02. But this is more about how do we do better for security, and what we need to know about our industry and why we keep having his burned-out cycle happening. I don't know who I am. I am the co-founder of Bosak but also the founder of, we are hackers

about the co-founder of hacking is not a crime. And my day job is basically growing at startups from internally and externally. And a lot of times to see that we don't grow as fast when our teams are feeling unappreciated or feeling unhurt or also because they're burned out and that's something that's very prevalent in our So, very excited for the stock. First things first. Let's go here. Is this damn looks familiar to anyone? Like I said, this was RSA conference. Just last year ago. We were all in that room together.

We were holding hands. Maybe not holding hands, but we were shaking hands. They're doing some elbow bombs. But we also were giving hugs. We are also going to happy hours on the conference floor. We even had to like kind of yell into each other's ear because it's so loud at the social Hangouts, but little did we know what was lying ahead is a couple weeks later. And it's really crazy cuz think about, we actually even attended karaoke force of the blast, but it was a glorious time. As you can remember. This all happened and we're in

2021, but it just felt like it is never stopped. It's like still 2020 and many ways and Where does hoping for things to get better at this point? But the reality is, is that we're now playing catch-up probably at this time. We've been playing catch-up maybe during that time. We felt bird. Here and there throughout the year, but now we're really feeling at a survival guide on how to deal with a pandemic. And let's be real. You're walking on a very fine line of being just barely okay. And terrible. Not

just like, okay and good. It's barely. Okay. And terrible and all this have been dealing with burnout. Well, Maybe not New Zealand looking at you, lucky people, but even let's be real, even in New Zealand and Ed were before 2020. Even with insecurity. We've known about burnout and have been through it before all the chaos fell in 2020. With burnout, we are placing ourselves in organizations at a huge security risk. We will most likely click a link because we are not 100%, but we are launching at the 5% battery charge. No, you cannot function. Well, we there's a reason why we have to drink

coffee or tea before we do anything. First thing in the morning because we're not awake. And this is a problem because we may not trash ride or be completely overwhelmed by what is need to be patched immediately. But I'll also be very real right now because sometimes we're kind of scene has bought a, not humans, and this is not just us within our industry, but people outside our industry. See us as. But to be honest with you, is that humans were not supposed to be working 24/7 because you have to

think about what we are working all hours and always expected to be on call or responding to slash signal. How do we even bounce off a personal life and a work-life? Because burnout occurs, when we do not practice self-care. And when our work demand more from us and we spend less time with our personal life, The Bouncing is completely gone and stress increases, we start feeling guilty actually and we struggle to sleep because we feel like we are trying so hard not to drown. You may even notice changes on

your team for examples such as employees being withdrawn or fast to become Saturday in Greer seated or delays and email responses or pushing out project deadline. This person probably with your high achiever, right? You would respond to an email within 10 minutes of receiving it now they don't respond to it for a whole day or 2 days. These are signs and this is something that it doesn't. You don't need to be in the office to recognize even when we remote we can see that it's looking at the time delays, but also seen what is going on with our Personnel. Now, I should be said that there's

with a smiley face, every single moment. They might not be. Okay. So it's really important for you to understand. It's not to judge on the outside because you don't know what's going on behind the scenes. A right now, working from home and remotely has increased the number of hours work. That means like increase expectation and has a really increase a blurriness of wartime and limits. And some people have quit because they cannot handle the juggling, a work and personal life because their companies failed dumb and we understand that

that the company failed them because they weren't able to be more flexible and they don't practice inclusion and equity, and you might be wondering, why am I bringing up inclusion Equity. Because Dei diversity. Equity inclusion. The reason why we see such a high turnaround, a women or those are marginalized in this community is because the inability to have flexibility. And we have seen this really hit our economy, very hard and this is because the employer is not doing enough

to support the employee. Because they are not respecting boundaries or they're not trying to hold responsibility of having a life and work-life balance. And we need to have a very blank conversation too because we haven't had a nine-to-five job for ages in infosec. And this is the contributing factor of employers pushing employees when they comes to like the working from 9 to 5, but nice a nine-to-five but yet they still send emails, black you at all hours, even text message you call you after work hours. And this really does

you and your team at illusion situation because they feel obligated to respond. And this is why the burnout cycle continues is because there is no battery used to be walking in office. And when we left office, then we felt like we had some control over life and there was a sharp contrast of after-hours but now or after hours. Our office is in the same home. Same space and this makes it very, very difficult. And by the way, more than 40% of employers, send

messages to their employees during their after hours. Don't feed those people. And for those are not aware of really what burnout is and what it starts to reform and look like it can be that it used to take a few minutes to respond to an email and now it takes an hour or so. Are you may feel exhausted and trash or sometimes people feel empty. You push yourself to a breaking point where you no longer come up with new ideas, your name in Creative anymore, but rather like taking meds to help with it, such as tension, headaches, or

taking meds, to help with upset stomach, or sleeping mess than you can sleep throughout the night. The whole thing is that, we are becoming so overly anxious over events and deadlines. And this is, this is the turning point, right? Because when you start getting anxious over events and Daylight's you easily cry or get angry faster than usual, you may not even respond to your friends or family when they call or text her sometime and then the guilt start entering because he Not being able to be there for them and your personal life starts slipping. Now, your life is now your your work

and you start to feel unappreciated for your work at work. And then this is one reason for this comes in and then from being resentful at your work. This is when you start hating and dreading your job cuz you don't feel appreciated for giving up all these things in your personal life, to be there, to help out this company. And this is the moment where people end up walking away or quitting. Because what we have been doing is putting employees at a huge health risk by staying in a burnout environment.

Take a look at this fight. This is what happens to your body according to the CDC, when you're dealing with burnout no matter how much sleep you get, you just feel exhausted and you feel emotionally deplete what can mimic depression and you may even struggle asleep, such as trouble, falling asleep or staying asleep and we're stressed out courcel increases and it gets hard to shut down or mine which causes us to toss and turn reduce deep sleep or even get enough RAM. And when we don't get proper sleep, stress levels increase and mental state can start

shifting to anxiety and depression symptoms. And when we are overly anxious or experience depression symptoms, we start to get sick way more often, you know, when you have employees that start calling in sick all the time. They're probably burnt out and they're too sensitive to share that they're burned out, or something's going on in their own home life. But you don't seem to understand that when that starts happening. That means that you made me to reevaluate your team and see if we're at your micromanaging. Cuz actually a lot of times when people start being sick all the time is because

they're feeling micromanaged a bat or they feel overwhelmed with to my demands and pressures. Now. The other thing to note is that when we start getting sick often, these are usually like that from personal issues, headaches infections cold, flu is cold sores rashes, or irritated skin, lower immune system, and when our immune system is low and stress is high leader, not your joints and muscles actually get stuff because your body isn't Survival Guide thinking that there's some perceived threat in the environment and he can even try to muscle weakness and fatigue. If left untreated

prolonged stress increases high blood pressure, heart attacks and strokes because there's too much adrenaline and cortisol over an extended. Clearly burnout is not a joke. It's extremely serious. And we have a real problem in our industry that is leading our colleagues ourselves into this, really, really terrible situation. Let's look at the reality of our industry. So these are some facts that were collected from dark reading, but I want to say that these facts and

figures. This research was not really connected until like even in the middle of the pandemic. So please help tidy statistics actually are probably much higher. So bear with me. But 21% of CC has said that they have taken a leave of absence job-related stress. And 41% of those took this significant step, even though many report being afraid to take sick days and 35% neglected to take all their allotted time off the 48% of sisters that there were stressed, had impacted their mental health. While 35% said, it was impacted their

physical house that 40% of those, about their work stress has impacted their relationships with their families or children at their 2%. Said, it had impacted their relationships with spouses or romantic Partners at 32%. Did the relationship with their friends? And 23% said that they're using medication or alcohol to manage stress. Like I said, please note that they satistics are probably much higher now because of what has happened during the pandemic. Now, the other thing is to understand that all that you're probably wondering

why are sisters so overwhelmed, just like, every other security member, it's the demand. But also, there was a reason for why she says they're getting burn out and you know why, since there's actually end up not having that position for a long time, besides always being the responsible party, if there's a breach but 94% of American cheeses and 95% of new cases, reported working more than their contracted hours on average, 10 hours more. In addition, 83% of American Seafood execs and 73% of UK, execs confirm that they do, indeed, expect security teams to work longer

hours. In other words, we as Security Professionals and scissors are expected to work Beyond normal hours. It is the norm. There's no other. Other type of rule out there that you are maybe sales, but Think about that has 20%. That's in the middle of the night to and see if there's as a manager and leader, dealing with all this. And you have to understand the amount of stress. It is to be a say, so if you get burned out so so fast because of the demands

and this could become something very, very dangerous for employers. Also for employees, because security risk and increasing possibilities. And managerial issues are very true and coping with such as if you made to themself Medicaid on the job as we've learned. And also walking a very thin line of what is appropriate. But once again, this is not a csis fault. I want you to understand that this has nothing to do with the sister's fault of why this is like this. It's because we have a system that is very broken and Industry that is isn't sufficient in the long run.

It is this industry that continues to Fallas and runs on people being burned out. Of course, it is not trying to do that, but it is it's set up for us to get burned out. I would take a moment there. We have a foundation that doesn't Empower us. We have a foundation that this empowers Us in every single way. And there's no wonder we have a rotating door and a mental health crisis in our industry. And I'm about to show you why it's like this. Why are we firing down the first place? I think you guys have ideas already.

Since most of you were probably already in this an issue for some time, or maybe you've been in this issue for one year and you recognized really, really fast that we have some issues. By being in security, we are monitoring and operating 24/7 since I've been worse throughout the night. And sometimes we cannot sleep well, because we're always at the edge of her knowing that when it comes to security. Attackers bait at any hour and sometimes it usually is the weekend is or in the middle of the night or if the holiday

season, because those are usually times where there is less Personnel working and attackers know this. So this makes it even more stressful when you're trying to enjoy your weekend because you know, the possibility is very much real and because of that fear of always that a breach may occur because it will occur and believe it or not. If you think you will never have a bruise in your whole entire life, you are definitely not understanding. However, seconds riding right now, reaches our current all the time. It's just a matter of time when it is going to happen. But the

thing is that the reason why we're even more worried about a brace to happen is because, I know if there's a breed, it will be most likely an ad-hoc style to fix it. Don't believe me. According to the ponemon Institute response, pain is slowly improving. The vast majority of organizations surveyed about 74% are still reporting. Other plans are either ad-hoc applied inconsistently or that they have no plans at all, additionally more than half, 52% of those with security response plan said that they would never reviewed it or have no set

time. For reviewing. Our testing has plans and with covid-19 right now and working from home, how many of those plans have been updated? Think about that. Yeah, this is one of the reasons why there's a 400% increase of successful braces right now. So what do we do about it? Which holy forget the human element when it comes to Planet instead. We we just like tools. That's a problem. So instead of better planning on having less disruption, we start schools, because it's so much easier for us to throw our tools, then to have an

understanding of the human element rule that plays here. I spoiler alert. We actually are making the situation much worse by doing. So because then we had to guess what it's not in the plan in court and the other music relations office. Every time you add a new tool to it is not updated in your plant. If you have a plant and the coronation could be completely off and these third-party tools. We don't really know how secure they really are. And this is really stressful. Are you stressed yet? If you're listening to this property or course all levels

know, well, that I was imagining a situation. I want you to imagine you're part of a crew and you just found out your ship is sinking, but you found out after 4 sometime because you weren't alerted by your system because you didn't update it. So I didn't help with notifications. Tell your customers are bored and trusting you for their safety. Your team is scared and so are paralyzed by the fear of failing that, you know, if they did practice of how did, you know, Xscape safely that they might be

freaking out because they're now in a panic mode and they don't actually know how to function in a panic. And this is actually why it's really important to constantly practice while because the more you have a memory of what you're supposed to do this reduces that stress, that panic mode, but also, you don't know how you're going to react when you're in one of these, type of situations, going back to sing. You have your crew, they're scared. They're paralyzed with fear, but your customers are also trusting you for their safety. You are notified a little too late when it comes

to your ship is sinking. So now you're really trying to get everything together really really fast, but There's a catch here. Your entire team hasn't slept well and is seasick. So they're not exactly a hundred percent the state of mine. Usually, if anything, you could kind of see it. But their function at the same rate as in scope as someone who's actually burned out. Okay. So now you have the best right now. I want you to imagine your captain, pulled out a safety, binder to know. What is the protocol? Thank God. There is a safety binder on there, where the protocol, right? So the

captain takes out, but unfortunately, the binder that you have was not the updated one on this ship and no one knows what they're supposed to be doing. Then you're using an old procedure, but had new features to this ship. Are you stressed out now? Because this is what it's like when dealing with bad plans and when the human element is taken out. It leaves you with a wreckage. And the truth is Bad, actors are everywhere. And at all hours your days drop often and we hardly need to be up-to-date. What the Bad actors are are using, and it takes

time, and energy. And this is why we're struggling. We're part of the crew and will we don't function well, or communicate while it becomes a really scary situation. The reason we're in security is because we know how incredibly important it is to be secure. But we also need to come to terms that if we work around the clock, all hours and don't practice self-care or even promote employee Wellness. What's the point? Because there can be a danger to the organization as well as we are, running a low battery and not feeling well. And this is why burnout

matters. This is why we keep turning to tools and not find a plan or timing to prep. Practice of self-care. We become that security team that stinks. We won't be able to fix a breach fast. And this is scary. And please don't turn around and blame your employees if they're not performing as well. And because the majority of you, that is what happens you. Let the team ever go without checking to see what you have done. That is reduced their performance because chances are burnt out and feeling very much

alone. And especially for micromanaging. Just don't do that. This is like Romeo has never worked ever. So maybe you need to check in on your management skills to because this is the moment that you need to look at yourself. If you are a manager or a leader. What are you doing? That's making the situation worse or better? Because right now with covid-19 we are taking care of family members. We're on camera daily. We're unable to leave her home. We can't see her friends and family and some and some list off some really important events in our

life. And some of us have lost people And our colleagues are struggling. And we're worried about you being at job because it's not just the pandemic, we're dealing with, we're also dealing with an economic crisis to add a mental health crisis. But were all so worried about 40 life that we have and we're worried, we have covid. And we're also worried if we may not make it through covid. I think we need to come to a point that we're not a machine here. We're human. And they came and Emily created security, and runs on security, and we're all

struggling with staying. Okay, before code and during covid. Except New Zealand. Okay, New Zealand. And I'm so jealous. So jealous, I can tell you there's a lot of people jealous right now. But one thing I can take away from New Zealand out is that the Prime Minister did a phenomenal job. Think about it. She worked with people and plan and when you plan, there's less disruption. So, how can we lead like this prime minister? Can I give you four ways, how you can invest in your team right now at this moment? Investment number one, listened

and take action together. Be strong, be kind as to retain what they need. They're just listen, actually take action when we listen to each other and strategize together on how to improve Gene, and or Department. It reduces the stress. Because stress happens when we're not being listened to, or feel uncomfortable to speak up your colleagues, may share that starts with aren't needed or there's a tool that does five things. That one does that is much better and they make sure what is missing on this game or perhaps what minions are needed and by working together on what are the

issues we can actually collaborate together and find ways how to reduce the issues are completely resolved. Investment number to plan together, strategize together, with collaboration and listening working together with a team to make strategies and revisit your security response plan. Make it up to date, and if you don't have one make one, this is the time to do. So, revisit the plans that you have though, and every time a new tool is removed or added or new team member change or environment changes, that they're working remotely. And so on,

that needs to be updated by creating making solid plans and running through over and over to prep. It helps speed up the recovery and reduces the stress. When a breach occurs that there's a plan to follow up, that's up-to-date. Just remember that example of that cruise ship. It helps that our plan is up to date. You owe it to yourself. You're calling your orange, your customers. Because it means that you acknowledge. The human element is in, is there because we don't know how we're going to react when we're in a disaster until we're in a disaster. So it's better to prep as much as

possible. So then we can actually sleep a little bit better at night and we know that if we're called, we know that we have a plan that's up-to-date that we can run through. I mean look at New Zealand land. And covid-19. I mean look at it. They had 25 desk. You know how many we have in the US. We have over five hundred sixty-three thousand us and this is because something didn't plan or take actions or listen to their team investment. Number 3, acres self-care Studies have shown that when dealing with burnout taking

one week off away from work or anything related to work in his turn off your device has to provide recovery for burn out. If an employee is burnout, make sure they feel supported to take time off and also encourage it off into the team are something. You should know that company. Is that say you have unlimited paid time off. Chances are people are not going to take all that time off. Actually lost. I should have had if you give that option, they're going to take less time off because there's this sense of iPhone carpal taking time off or I feel uncomfortable asking for

time off. And this is a promise that majority of employees and security are afraid to take time off because I feel guilty for not being there to help their team and they're giving more to their college or coming back to a dumpster fire. If you can't, give everyone one day off a month for a mental health break, and always try to do Monday or Friday. It becomes a really nice thing to do to your employees. Are one likes a 3-day weekend last night. Make sure you have one day per week, dedicated to not having any mediums whatsoever. That means no more Disney for one day.

It's all right with your college. Do you catch up on any item for project? But also to get through their emails, investment number for be kind and respect. Banners. Please be kind to one another because from what we have learned when we work together and understand how we impact others. We start practicing empathy and empathy is Sterling missing at times in our industry, but by listening and being there for one another, it reminds us that there's people who care for each other because we cannot assume as Don is doing by the. How do they look or by their performance? We

do not know what each other is going through. So instead of going at 7 reframe to get that back refrain, I think before you speak or act because you really don't know. How that will impact the other person. So as a New Zealand States be kind because that's the element. We need to stick together to protect the world from the darkness, but also know that being kind is responding work battery, such as 60 of a distance and wear masks. And I'm going to tell you what you can do right at this moment

right now, take a screenshot of this or write it down. Whatever. Makes it easier for you is these are things that you can do right now, which will only take only a few minutes of your time, one set a weekly 101 for 50 minutes with each employee. This allows you to go over their project and you know, what to do for that Ann and you should be able same page. I want to prioritize. This is not meant to micromanage. Please note that by having his weekly. What is that means? That you don't have any more 101, but that means once a week, 15 minutes and you don't have to take a

whole 15 minutes. Just a quick check in to know how each person is doing make Monday or Fridays and no meetings day. This is really important because we need a day where there's no stamp. Set up a meeting with a team to explore ways to improve together. You could be a monthly Arrangement. This could be a biweekly arrangement, to figure out how you can work together to improve things. And I also create a note on my survey. So when someone does to make some recommendations is not traced back to them because this is one of the reasons why people don't fill out a survey. So if you're going to take

a survey, you better make that Anonymous. Don't have a tracker on it. We need to make sure that people can share their real thoughts and feelings without having to worry about their job being on the line by doing so, A last name. Remember when we work together and listen to each other? Magic does happen. If people get personal time off without steering of taking time away or becoming collaborative. When we collaborate, we reduce the stress ball items that hold back the team from driving only focus on balancing work and personal

life for everyone that we no longer have a dumpster fire burn hot as a security concern. No more. Because we know we are human and the human element rule. The world that we live in. And whenever in doubt just remember, If New Zealand can plan. Well, so can you? Because in all of us, there's a Fredo within us, he was on the journey to get rid of them. Malicious threat. So quick overview to reduce burnout. Note 3 on places, you and your team as a security risk, not just security risk, personal health risk to. So it's important that we collaborate

to form strategies to improve the team. Don't just go at it on your own work together. You have a team of people. Every single person has a different background and they're going to have different ideas and if they cool to test them out, too, it's just important for us to really communicate better on this right. Now. The other thing is start making plans and revisit that your response times, if you don't have a security response plan, You should take a moment there and make that a priority at this very moment. We need security response. Plans. It's so important that we

have them and Heather up-to-date because it helps our team feel less weight on their shoulders. But also, it makes you guys have a better idea, what to expect when you run through it, and remember to promote self-care and being kind and respectful to batteries. That means no employee should have to think that they need to come into work or respond to this black message or an email after work hours. You going to send an email? That's okay. If you want to send an email, that's okay. But the reality is is that a lot of employees, feel when they get

something, they get a slack message. They have to respond. And I have to be like 10 at night. I could be in the middle of their dinner with her family and that's not. Okay anymore. We need to understand that people have a life outside of work. Our work and our lives are yes, they play a role with each other. But the reality is that we have a life outside of work and our work should not be our life. And that's the one thing. I definitely can't take away from this pandemic is don't let your work, become your life because you missed out on all the beautiful things around you

because of it. And so that's why we need to do better when it be great. If we had such a balance industry work. We can love our work. Our job, but also love our personal life that we have a person, but we need to be practicing more today. I want to say thank you guys so much for attending the talk. I'm going to answer any questions with you guys. Now live in the chat, and if you feel a little bit shy or anything like that. Feel free to DM me. My dams are always open on Twitter, Instagram and Linkedin at Klamath. Sorry,

and thank you guys so much for existing and thank you. Really? Really? I do mean that thank you for attending this talk because I really hope that we can come together and come up with more solutions to make our industry a little bit better and safer and it's so important that we do. So, so thank you, everyone and stay safe and I'm happy to answer any questions that you have.

Cackle comments for the website

Buy this talk

Access to the talk “Burnout—The Greatest Threat to Your Organization’s Security”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Ticket

Get access to all videos “RSAC 2021”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Ticket

Similar talks

Glauco Sampaio
Information Security at Cielo
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Stuart Schechter
Founder at DiceKeys, LLC
+ 1 speaker
David Ng
Privacy Program Manager, Product at Instagram
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Theresa Payton
CEO at Fortalice Solutions, LLC
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk “Burnout—The Greatest Threat to Your Organization’s Security”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
816 conferences
32658 speakers
12329 hours of content