May is Mental Health Awareness Month, and I want to take this time to reflect on something we don’t often talk openly about in the security community: mental health. Nearly half of CISOs turn over every two years. Almost 100% of CISOs report feeling stressed at work, with about two-thirds saying stress issues are compromising their ability to protect their organization, and 100% saying they felt they needed more resources to adequately cope with current IT and security challenges.
This is a recipe for burnout: we’re in a stressful field that changes on a daily, sometimes hourly basis. We all have targets on our backs—externally, because of security threats to our organizations, and internally, because of how we shoulder the blame for a challenging security incident. We fight for resources, and are being asked to do more with less, and in the midst of protecting our organizations, defend how we spend our money and show more ROI. To many CISOs, this feels like an untenable situation.
I don’t have an instant remedy for this dilemma—none of us do. But my 30 years of experience in security has taught me that it is vital to prioritize mental health, and that we can no longer stay quiet about the constant threat of burnout and what CISOs—and all security professionals—are up against.
This can’t be just talk. But it’s often difficult to make it more than talk, and to cut through to what’s useful. Here is some practical advice that, from firsthand experience, I can say has worked for me to help foster positive mental health:
- Identify my scope of command and get buy-in from stakeholders. As CISOs, we have to spend our energy on the things we can control, and too many of us waste energy on the things we can’t. So, by proactively identifying the things I can control and influence, I’m also acknowledging the things I can’t. This allows me to dive deeper into solving problems for which I am responsible, while also alleviating the stress and pressure of the things I can’t control. That’s a big difference from saying something “isn’t my responsibility.” It’s a willful acknowledgment of the things that are worth spending time on.
- Check-in regularly with colleagues and professionals within the community. We are stronger when we work together, and when we are able to share some of the issues we’re facing, or struggles we see, we feel less alone. Because we come from such diverse backgrounds, our collective experience can help us solve these problems together.
- Connect to things that foster positivity. Perhaps this sounds abstract, but as you focus in on the daily work and pressures of this field, your scope can narrow down to seeing the world as a place that’s bad. Spending time with friends, family, in nature, focused on a cause larger than you, or on a hobby, can remind us that the good work we do helps secure the things that we find value in. And also helps remind us that there’s a lot of good out there too.
- Build in recharge points. Allow yourself a percentage of time, built into your monthly schedule, to reflect on what’s working well and what needs to be tweaked. This adage is true in many areas of life: if I’m not taking care of myself, I can’t help others.
- When looking for a new role, thoroughly vet company culture. The above four points are only possible to apply if you have a supportive company culture that not only values the work you do, but also values you as an individual. Focus on interviewing a company around their acknowledgement that stress and mental health play a significant role in ability to perform, and having a work/life harmony.
Fostering positive mental health is a focal point at Netskope. We now provide our employees with a dedicated mental health platform, focused on getting employees and their families resources such as therapy, education and other tools needed to foster a healthy mind. We have also chosen a non-profit charity partner, The JED Foundation, which focuses on protecting the emotional health and helping provide tools and resources to prevent suicide in teens and young adults. These are part of our commitment as Netskope to not only raise these issues but demonstrate what we’re meaningfully doing to help with them.
As I reflect not only on Mental Health Awareness Month, but on a whole approach to working on the frontline of an incredibly important, but ever changing field, I challenge you to help break the stigma by talking about this important topic. By coming together as a community, we can help one another, and acknowledge that it’s ok to ask for help. By us speaking about this, we are opening the doors for others to come forth who need help and support in this area, too.
