Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

4/25/2016
04:00 PM
Lysa Myers
Lysa Myers
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Surviving InfoSec: Digital Crime And Emotional Grime

The never ending stream of threats, vulnerabilities, and potential attacks can take its toll on the typical security professional. Here's how to fight back against the pressure.

First in a two-part series about reducing on-the job stress and anxiety.

Over the years I’ve talked a lot about how much I enjoy working in the information security industry. Ours is a very tight-knit community of people who feel a passionate calling to defend our networks and systems. But as security emergencies are an inevitable part of the job, there can also be a fair amount of emotional strain. It’s important to have a cache of tools to help alleviate that.

In InfoSec, the pressures we face are similar to those you would find in other emergency response or physical security jobs. With a never-ending stream of threats, vulnerabilities, and potential attacks, we are constantly exposed to the negative aspects of humanity. As a defender, we act as a filter for that emotional grime, protecting our users from its negative effects.

And because digital crime is a fairly new concept to most people, it might not be treated with the same urgency as physical security threats. When you talk about vulnerabilities in your environment, friends and colleagues may think that you are tilting at windmills. This can lead to feeling underappreciated.

The stress from emotional grime is less personal but more overwhelming because threats seem to be omnipresent. In this case, it may be helpful to find things that make you feel positive about other aspects of your life or that “quiet” your mind. The stress from feeling underappreciated may be more personal, so it may be helpful to try things that change your perspective or improve your communication skills.

Packing your infosec survival kit

What works for one person may be the exact opposite of what works for another, but here are 10 strategies worth considering:

Go outside. Walking in nature can be a great source of comfort. If you can’t get to a forest in a moment of need, gardening or even looking at roadside trees can clear your head and make a difference in your overall emotional health.

Find an animal to pet. The opportunity to interact with animals can be a huge boon to your health. Having to take time to walk your pets gives you a fantastic excuse for getting out of the office, to get exercise, and maybe see those trees.

Image Credit: A. Davey

Image Credit: A. Davey

Get organized. Rather than taking up mental cycles trying to remember all the things you need to get done, write things down. If you’re big on systems, there are a bunch of popular ones out there like Getting Things Done, and the Pomodoro Technique. As long as it’s not a procrastination method, going on cleaning binges can be a great way to relieve stress.

Create Structure. Sticking to a routine as much as possible, whether you’re at home or on the road, can reduce strain on your body and mind.

Soothe yourself. Offices can be overwhelming places, which is especially challenging for people with Sensory Processing Disorders or Sensory Processing Sensitivity. (Given the number of people on the Autism Spectrum in tech, that probably includes many of us!) Get a really good set of headphones, set up a white noise generator like a fan or desktop water feature, or find a secluded place to escape for a few minutes. Outside of the office, take time to do something nice for yourself, like getting a massage, going to a sporting event, taking a hot bath, or taking a trip to a bookstore.

Unplug. If you think that the world will come to a screeching halt if you fail to answer your email within five minutes at any hour of the day and night, it’s especially important to schedule time away from work. Even if you’re not that bound to your work, it’s important to figure out what is a reasonable time to shut down from the daily grind.  

Find a hobby. Take time to pursue interests outside of work: Bonus points for escapist entertainment, meditative crafts, making delicious food or drinks, social gaming, target shooting, taking scenic drives, making or listening to music.

Eat better. Consuming nourishing food and drinking plenty of water can help decrease feelings of anxiety. Eating mindfully can help you identify and avoid problematic foods or emotional eating binges. Speaking to a doctor or dietician can help you identify nutrients you may be deficient in, or foods you might be allergic to which could be decreasing your resilience to stressors.

Do something physical. Given the stereotype of the sedentary computer geek, you might be surprised how many InfoSec folks are enthusiastic athletes. Particularly popular choices are sports that involve meditative movement (such as walking, yoga, tai chi, or qigong), pummeling inanimate objects, lifting heavy things, or just doing something to the point of physical exhaustion. Some enjoy group sports, while others crave the quiet solitude of independent activity.

These are all fairly quick and simple changes that you can incorporate into your daily life to help diminish the worry you bring home from work. In my next post, we’ll discuss things you can do that may take more time, but will make you more resilient to stress overall.

Related Content:

 

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18216
PUBLISHED: 2019-10-20
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access ...
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.