Cybersecurity during Stress Awareness Month

Hi there ?? Welcome to the world of a millennial technologist in the boardroom. Our world is changing. From AI and Cybersecurity to ClimateTech and Education, rapid advances in all fields have made today a different world than yesterday. Here are my stories about the things that change and don't in the boardroom and the world.

Things that Change and Will Stay

Change: Burnout Rates in IT and Cybersecurity are Increasing

The increasing number of cyberattacks and toxic culture have contributed to a significant?rise?in stress and burnout for IT employees in general and cybersecurity professionals in particular. For this Stress Awareness Month, join me in examining the contributing factors.

First, there is a?divide?between most companies and their IT departments. Many companies treat their IT department as a mere service provider. They provide IT as a service to the company and don't contribute anything significant to its bottom line.

Second, accusations dominate many post-incident analyses, and rather than learning from an incident and finding ways to improve the responses, blame gets shifted around.

Third, the?ultra-short tenures?of many cybersecurity leaders impact the departments. Eighteen months aren't enough to impact and positively influence their team's direction. Further, the experience restricts the mentoring the leaders provide their team members and the mentorships available to them.

Original Thought:

Stay: Blame Games Enables Subsequent Cyberattacks

A few years ago, one of my clients had a cybersecurity incident. At the very end, after the company had paid the criminals not to share the data, the criminal sent a thank you note to the assistant who had opened the door. Why would a criminal do that??

They invoked shame in her by sending a thank you note to the assistant responsible. She started to associate the whole incident with her shame. Yet the initial e-mail, pretending to be from her boss asking her to reset a password, didn't make her feel ashamed. It made her feel good. It made her feel important. It made her feel like an asset.

Thus, she will not think of cybersecurity the next time someone sends an e-mail asking her to break protocol. After all, she feels good being helpful, not shameful.

Consequently, we lower their resilience by punishing incidents, punishing employees with remedial training, and telling them they have detention. We remove cybersecurity from their minds. No one wants to feel ashamed or remember a time they felt embarrassed.

Original Thought:

Change: Gamification in Cybersecurity

With all the stress and the little results to show, it is clear that we need new approaches to cybersecurity. Let us look at the development of healthy lifestyle choices over the past decade. Michelle Obama spent a significant amount of her time encouraging young people to live healthy lives.

Yet, most of her efforts didn't noticeably change our choices. In 2016, however, a?statistically significant number of young people?suddenly decided to go for walks. Pokemon Go caused a substantial behavior change because walking around suddenly became a fun game.

We should apply the same principle to cybersecurity. Giving employees and users points for secure behavior, such as choosing safe passwords and reporting spam, will have more impact than any additional lecture.

Even if your employer does not offer a program, open-source software like?Habitica?efficiently helps you train cybersecurity habits and other routines. Every action gives you a point, which players can turn into rewards like in-game items.

Original Thought:

Around the Net and World

Constructor University Foundation Reunion

I'll be in Boston this weekend for the Constructor University Foundation of America Reunion. If you want to help support students to study in Germany, you can learn more about the foundation on our website.

About Kevin

Kevin is a board member and IT innovation and growth strategist with a proven track record of harnessing commercial acumen and finance expertise to deliver large-scale digital transformation programs with a strong focus on identity management and open-source IT infrastructure solutions.