Home » Blog » CREST strengthens its support for tangible action in mental health, diversity and inclusion
CREST strengthens its support for tangible action in mental health, diversity and inclusion
25 June 2024
Key themes:
The pressure on the cyber workforce is mounting
Mental wellbeing issues and burnout are real
Diversity and inclusivity brings huge value to organizations, but mental wellbeing support needs to be tailored to the need
There are some fantastic organisations out there ready to help
CREST International has announced new Community Supporters that it will be working closely with on initiatives to encourage better diversity and inclusion and improved mental health in the cyber security industry. This is part of CREST’s ongoing commitment to championing the foundations of a strong cyber workforce.
The new Community Supporters include: Cybermindz, an organisation that helps reduce stress and burnout and improve mental health and wellbeing in the cyber industry; NeuroCyber, a community interest company (CIC) with the mission to improve career outcomes for neurodivergent individuals and positively impact the cyber skills gap; and Stott and May Consulting, who have developed training and accreditation services to provide businesses with the support and resources required to become an inclusive employer.
CREST’s Community Supporter initiative aims to bring people together to find tangible, realistic and sustainable solutions to solve cyber’s biggest problems, such as the skills shortage, and make the digital world a safer place. In other words, combining forces with complementary services provides a better outcome than operating in silos.
Not just about numbers
Of course, the skills shortage is real and encouraging more diverse talent into the industry is essential, however, there is also a great deal of evidence that having more diverse teams drives innovation and better problem solving. By bringing together people with diverse backgrounds, experiences and ways of thinking, security teams will be better placed to counter new and evolving cyber threats.
So, what can we do?
It is impossible to sustainably increase diversity without collaborating to ensure that the cyber industry is an inclusive place to work and that it looks after the wellbeing of the people who work in it.
We need people to stay in the industry and for them to thrive. The industry needs people to thrive so they can have a real impact on cyber resilience. That means making reasonable adjustments in working and recruitment practices to accommodate and bring the best out in everyone.
Even small adjustments such as providing interview questions in advance or providing genuinely flexible working, can have a huge difference. It also means making mental health and wellbeing of cyber security professionals a priority.
The good news is that working to make the cyber industry a healthier and better place to work, is good for everyone who works in it.
Reduce stress and burnout
It is no surprise what with a shortage of people, cyber security has an issue with stress and burnout. But it is not just about there not being enough people to do the work, adding additional strain. While cyber security can be an incredibly rewarding place to work it also comes with its own unique set of issues. Even in fully formed teams, cyber security professionals will face heavy workloads because of the increasing demands and complexity of always protecting data. They are sometimes overwhelmed by the burden of responsibility or get alert fatigue. Many roles have long working hours and even on-call requirements so there is very little down time – for example responding to critical incidents and 24/7 monitoring. Add to all of that the stress of dealing with an ever-changing threat landscape and it is clear to see why there is a problem with mental health.
The scale of the stress and burnout problem in cyber is huge and growing as the threats get more sophisticated. In Enterprise Strategy Group and ISSA’s 6th annual “The Life and Times of Cybersecurity Professionals”, published in September 2023, 50% of security professionals said that it is highly likely, likely, or somewhat likely they will leave their current job this year. It also reported that almost two thirds of cyber professionals thought their jobs had become more stressful over the last two years.
In addition, many people in cyber are neurodiverse and lack the support they need, which adds to the scale of the stress and burnout problem. Neurodivergent individuals are more susceptible to stress and burnout. So, although neurodivergent individuals will often have skills that align exceptionally well with a career in cybersecurity, when it comes to ensuring they thrive, understanding neurodiversity and adapting is crucial.
Many people who are neurodivergent experience considerable additional stress in their working life. For example, they may struggle with a working environment that doesn’t fit their thinking style, or they may have high sensitivity to noise, light of other external stimuli, which will cause anxiety. They may even just feel like they don’t fit in. All of this has an impact on both wellbeing and productivity.
Tips for reducing stress and burnout in cyber professionals
Encourage employees to think about and establish clear work-life boundaries.
Provide regular training to help stay up to date with latest developments
Ensure you provide the tools people need to do their jobs
Always acknowledge achievements and celebrate milestones.
Do not set unrealistic goals
Acknowledge there is a problem and talk about it.
Promote selfcare, wellbeing practices and downtime
Remember one size doesn’t fit all and adapt for diverse individual needs
Organisations like Cybermindz can provide training, guidance and a range of tools to help reduce stress and burnout and get the best from the cyber workforce. For example, its Cybermindz RapidReset program supports the psychological well-being of cybersecurity teams both during and after major cyber breaches: Cybermindz
Be more neuro inclusive
There is little doubt that cyber security is an industry where neurodivergent individuals can, and do, thrive. For example, many neurodiverse traits align well with the demands of cybersecurity. These include, but are certainly not limited to, logical thinking, attention to detail and pattern recognition.
More does need to be done to attract more neurodivergent people to the industry and to adapt the working environment to give them the opportunity to succeed in the job.
Tips for neuro inclusive recruitment
Keep job adverts concise and easy to read
Use clear and inclusive language
Focus on essential skills
Inform candidates about the expected application duration and the different steps.
Ensure online forms can be read aloud using text-to-speech software.
Ensure you have a comfortable interview setting that takes sensory factors into account
Offer flexible options (in-person or virtual interviews)
Tips for adapting the working environment
Offer flexible work hours – Not everyone thrives in a traditional 9-to-5 setting
Create quiet areas for focused work – some people are overstimulated by sound
Embrace hybrid work models that allow employees to balance remote and in-office work.
Recognize that social norms vary – respect differences and manage expectations
Understand that neurodiverse individuals have unique skills and tap into them
For organisations who need more advice and guidance on neurodiversity in cyber, NeuroCyber is there to help. Reach out to them or check out the resources on the website. NeuroCyber helps improve career outcomes for neurodivergent people, to enrich the sector and positively impact the cyber skills gap: Cyber Neurodiversity Group | Cyber Security | United Kingdom (neurocyber.uk)
Organisations that would like to have some training on neuro inclusive recruitment and how to become and demonstrate they are a neuro inclusive employer can employ an organization like Stott and May to help: Neurodiversity Training | Stott and May Consulting
Being more neuroinclusive and ensuring the mental wellbeing of employees, is not only the right thing to do but when it comes to cyber security, organisations that embrace good practice will also thrive. For those who would like to learn more about the importance of diversity and inclusion and its positive impact, CREST’s report can help: GATES-Inclusion-and-Diversity-Guide_FINAL.pdf (crest-approved.org)
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
