25 June 2024
Key themes:
CREST International has announced new Community Supporters that it will be working closely with on initiatives to encourage better diversity and inclusion and improved mental health in the cyber security industry. This is part of CREST’s ongoing commitment to championing the foundations of a strong cyber workforce.
The new Community Supporters include: Cybermindz, an organisation that helps reduce stress and burnout and improve mental health and wellbeing in the cyber industry; NeuroCyber, a community interest company (CIC) with the mission to improve career outcomes for neurodivergent individuals and positively impact the cyber skills gap; and Stott and May Consulting, who have developed training and accreditation services to provide businesses with the support and resources required to become an inclusive employer.
CREST’s Community Supporter initiative aims to bring people together to find tangible, realistic and sustainable solutions to solve cyber’s biggest problems, such as the skills shortage, and make the digital world a safer place. In other words, combining forces with complementary services provides a better outcome than operating in silos.
Of course, the skills shortage is real and encouraging more diverse talent into the industry is essential, however, there is also a great deal of evidence that having more diverse teams drives innovation and better problem solving. By bringing together people with diverse backgrounds, experiences and ways of thinking, security teams will be better placed to counter new and evolving cyber threats.
It is impossible to sustainably increase diversity without collaborating to ensure that the cyber industry is an inclusive place to work and that it looks after the wellbeing of the people who work in it.
We need people to stay in the industry and for them to thrive. The industry needs people to thrive so they can have a real impact on cyber resilience. That means making reasonable adjustments in working and recruitment practices to accommodate and bring the best out in everyone.
Even small adjustments such as providing interview questions in advance or providing genuinely flexible working, can have a huge difference. It also means making mental health and wellbeing of cyber security professionals a priority.
The good news is that working to make the cyber industry a healthier and better place to work, is good for everyone who works in it.
It is no surprise what with a shortage of people, cyber security has an issue with stress and burnout. But it is not just about there not being enough people to do the work, adding additional strain. While cyber security can be an incredibly rewarding place to work it also comes with its own unique set of issues. Even in fully formed teams, cyber security professionals will face heavy workloads because of the increasing demands and complexity of always protecting data. They are sometimes overwhelmed by the burden of responsibility or get alert fatigue. Many roles have long working hours and even on-call requirements so there is very little down time – for example responding to critical incidents and 24/7 monitoring. Add to all of that the stress of dealing with an ever-changing threat landscape and it is clear to see why there is a problem with mental health.
The scale of the stress and burnout problem in cyber is huge and growing as the threats get more sophisticated. In Enterprise Strategy Group and ISSA’s 6th annual “The Life and Times of Cybersecurity Professionals”, published in September 2023, 50% of security professionals said that it is highly likely, likely, or somewhat likely they will leave their current job this year. It also reported that almost two thirds of cyber professionals thought their jobs had become more stressful over the last two years.
In addition, many people in cyber are neurodiverse and lack the support they need, which adds to the scale of the stress and burnout problem. Neurodivergent individuals are more susceptible to stress and burnout. So, although neurodivergent individuals will often have skills that align exceptionally well with a career in cybersecurity, when it comes to ensuring they thrive, understanding neurodiversity and adapting is crucial.
Many people who are neurodivergent experience considerable additional stress in their working life. For example, they may struggle with a working environment that doesn’t fit their thinking style, or they may have high sensitivity to noise, light of other external stimuli, which will cause anxiety. They may even just feel like they don’t fit in. All of this has an impact on both wellbeing and productivity.
Tips for reducing stress and burnout in cyber professionals
Organisations like Cybermindz can provide training, guidance and a range of tools to help reduce stress and burnout and get the best from the cyber workforce. For example, its Cybermindz RapidReset program supports the psychological well-being of cybersecurity teams both during and after major cyber breaches: Cybermindz
There is little doubt that cyber security is an industry where neurodivergent individuals can, and do, thrive. For example, many neurodiverse traits align well with the demands of cybersecurity. These include, but are certainly not limited to, logical thinking, attention to detail and pattern recognition.
More does need to be done to attract more neurodivergent people to the industry and to adapt the working environment to give them the opportunity to succeed in the job.
Tips for neuro inclusive recruitment
Tips for adapting the working environment
For organisations who need more advice and guidance on neurodiversity in cyber, NeuroCyber is there to help. Reach out to them or check out the resources on the website. NeuroCyber helps improve career outcomes for neurodivergent people, to enrich the sector and positively impact the cyber skills gap: Cyber Neurodiversity Group | Cyber Security | United Kingdom (neurocyber.uk)
Organisations that would like to have some training on neuro inclusive recruitment and how to become and demonstrate they are a neuro inclusive employer can employ an organization like Stott and May to help: Neurodiversity Training | Stott and May Consulting
Being more neuroinclusive and ensuring the mental wellbeing of employees, is not only the right thing to do but when it comes to cyber security, organisations that embrace good practice will also thrive. For those who would like to learn more about the importance of diversity and inclusion and its positive impact, CREST’s report can help: GATES-Inclusion-and-Diversity-Guide_FINAL.pdf (crest-approved.org)