Episode 11

Confronting Burnout on the Frontlines of Cyber Defense

Published on: 24th October, 2023

On this episode of The Smart IT Podcast, I welcomed Daniel Waters, a Cyber Risk Advisor, to the show. We talked about professionals on the frontlines of cyber defense and the role of strategy. Cyber threats are at the forefront of news for business leaders. They have more expectations of their security teams to keep pace with the evolving threat landscape. That has led to a lot of pressures to stop the adversaries from breaching and disrupting the business. This has at times led to burn out for those on the frontlines. Our discussion talked about the need for the right business context and strategy to settle in for the long haul. We discussed several insightful areas, including:

  • The perpetuity of cyber threats.
  • Organizations are led by people, not robots.
  • The challenges of prioritization.
  • Need for balance as resources are finite and some amount of risk will always be present.
  • Opportunities that complexity of our systems has provided for the adversaries.
  • Strategic importance for understanding your risk environment so you can scale as need to manage.
  • Importance of talent retention as the fatigue of ongoing battle is exhaustive.
  • Leaders setting the right tone for their teams.
  • Cold War analogy for the infinite nature of cyber risk.
  • Psychology, brain chemistry from OHSA, # of mistakes/hr, more pressure --more mistakes/decreased performance, effects of time pressure.
  • A solution? Maybe, at end of the day, too much solo duty (isolationist), need more team synergy, team of teams.
  • With the loss of cohesion, operational friction, isolations, human factors, and culture to take into consideration, we need a specific approach to how we manage our time.
  • Approaching solving any problem, must ask right question, importance of listening to understand problem.
  • How does strategy help with all this.
  • Drive scale with strategy. Driving tribal knowledge across your teams, keep up with pace of changes in threat environment and the business .
  • Ability to focus on the fundamentals, there are lot of voices from many external voices.
  • Fundaments security of vulnerability, configuration, asset management, identity & privilege, manage good hygiene, Cloud control surface.
  • We need to simplify the complex.
  • OSI model reference in another context.
  • Need to have continuous monitoring and capability.
  • Background on Risk Management, with the perspective of managing risk not stopping all attacks.
  • The need to understand what is likely to happen, where should we focus.
  • Risk management allows the business to be informed.
  • Defense in Depth is part of strategy (we will not be able to stop everything with every control).
  • With resiliency, we can contain and control and continue the business.
  • Not realistic to have no incidents. 
  • Analyzing threat landscape, capabilities, objectives.
  • More and more adversaries leveraging robots/tech (vulnerability identification).
  • Key themes for top attacks, focus on those stages of kill chain.
  • Deception technologies, more forward looking approaches, forward-leading capabilities.
  • Common misconfigurations that are exploited, you can avoid adversaries radars by making it more difficult (they need to invest more effort on their side).
  • Acknowledge that we are doing ok enough to force adversaries to adjust their TTPs. We can effect their effort level.
  • In this fields, have curiosity, a passion, complementary skillsets around you.
  • Importance of Computer Science fundamentals.
  • Newcomers in cyber need to know the technological fundamentals. Technology 101. Computer architecture.
  • Need fundamentals in how businesses work.
  • Fundamentals of how applications works. i.e. programming languages, expression of logical concepts, expressed different.

We wrapped up by discussing what Daniel would tell his younger self. The benefits of listening to what is be said and having clarity of mind to improve your ability to solve problems. It's ok to get a ladder to go over a brick wall to achieve your goals. Be patient and ask good questions. Work is not everything and find a good mentor. Remember to take care of your work colleagues. Everyone has something going on, so be emphatic. Bring human empathy to your work. And we have to find ways to thrive in high stress environments.

Hashtags

#cybersecurity #strategy #burnout

Show Notes

Daniel Waters on LinkedIn: https://www.linkedin.com/in/daniel-w-a34204ba/

William D. Reed on LinkedIn: https://www.linkedin.com/in/cciewill/

Smart IT info: https://www.williamreed.info

Podcast on YouTube: https://www.youtube.com/@thesmartitpodcast

Podcast Homepage: https://the-smart-it-podcast.captivate.fm/

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for The Smart IT Podcast

About the Podcast

The Smart IT Podcast
Where IT explores what's next...
The Smart IT Podcast, where IT professionals can assemble and hear from each other, industry leaders, thought leaders, and those in adjacent fields to collaborate and learn from each other and explore what’s next for IT.

The Smart IT Podcast explores what’s next for IT as it continues to find ways to get the important things done for our organizations.
Preparing for the next decade, we need to think differently about how we approach our work to continue to thrive into the future.

Smart IT is an approach, conceptual framework, and development model to getting the important things done by transforming the way traditional IT thinks, works, and leads. It supports the disruption of the status quo, simplifies the complex, reduces uncertainty, and improves risk mitigation.

There has never been more pressure to deliver for our organizations; but I know IT is up to the challenge.

That will require IT to lead by working smarter. Let’s do it together.

About your host

Profile picture for William Reed

William Reed

I am an advisor of technology for business use, have seen the possibilities, the challenges, the constraints, and the risks. I have seen firsthand the technical debt, silos, broken communication, despair of IT, and business frustrations. And, I have seen the possibilities, the hopes, and the opportunities while working in the trenches of IT.

As someone that has analyzed, designed, built, and supported technology infrastructure for many businesses over the years, and followed the technology trends and cyber threats, I see the opportunities for our organizations and for the professionals of IT as a fulfilling and thriving career.

I believe we have been blessed with great opportunities to continue to improve ourselves and organizations. If it’s possible, there is no reason enterprise IT cannot reach new heights and help our businesses thrive in age of disruption, complexity, and risk.

I have a passion is bringing a fresh perspective to the challenges in front of IT and help inspire a team to tackle and win. And to help individuals and organizations make better decisions to improve outcomes and experiences.

I advise on matters of technology use for organizational benefits. He has over 20 years’ experience in the Information Technology field. He has worked for multiple technology value added resellers, representing the major vendors and technologies in the industry. He has consulted across the major industries, including banking, health care, retail, oil & gas, education, government, finance, and legal.