Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

4/25/2016
04:00 PM
Lysa Myers
Lysa Myers
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Surviving InfoSec: Digital Crime And Emotional Grime

The never ending stream of threats, vulnerabilities, and potential attacks can take its toll on the typical security professional. Here's how to fight back against the pressure.

First in a two-part series about reducing on-the job stress and anxiety.

Over the years I’ve talked a lot about how much I enjoy working in the information security industry. Ours is a very tight-knit community of people who feel a passionate calling to defend our networks and systems. But as security emergencies are an inevitable part of the job, there can also be a fair amount of emotional strain. It’s important to have a cache of tools to help alleviate that.

In InfoSec, the pressures we face are similar to those you would find in other emergency response or physical security jobs. With a never-ending stream of threats, vulnerabilities, and potential attacks, we are constantly exposed to the negative aspects of humanity. As a defender, we act as a filter for that emotional grime, protecting our users from its negative effects.

And because digital crime is a fairly new concept to most people, it might not be treated with the same urgency as physical security threats. When you talk about vulnerabilities in your environment, friends and colleagues may think that you are tilting at windmills. This can lead to feeling underappreciated.

The stress from emotional grime is less personal but more overwhelming because threats seem to be omnipresent. In this case, it may be helpful to find things that make you feel positive about other aspects of your life or that “quiet” your mind. The stress from feeling underappreciated may be more personal, so it may be helpful to try things that change your perspective or improve your communication skills.

Packing your infosec survival kit

What works for one person may be the exact opposite of what works for another, but here are 10 strategies worth considering:

Go outside. Walking in nature can be a great source of comfort. If you can’t get to a forest in a moment of need, gardening or even looking at roadside trees can clear your head and make a difference in your overall emotional health.

Find an animal to pet. The opportunity to interact with animals can be a huge boon to your health. Having to take time to walk your pets gives you a fantastic excuse for getting out of the office, to get exercise, and maybe see those trees.

Image Credit: A. Davey

Image Credit: A. Davey

Get organized. Rather than taking up mental cycles trying to remember all the things you need to get done, write things down. If you’re big on systems, there are a bunch of popular ones out there like Getting Things Done, and the Pomodoro Technique. As long as it’s not a procrastination method, going on cleaning binges can be a great way to relieve stress.

Create Structure. Sticking to a routine as much as possible, whether you’re at home or on the road, can reduce strain on your body and mind.

Soothe yourself. Offices can be overwhelming places, which is especially challenging for people with Sensory Processing Disorders or Sensory Processing Sensitivity. (Given the number of people on the Autism Spectrum in tech, that probably includes many of us!) Get a really good set of headphones, set up a white noise generator like a fan or desktop water feature, or find a secluded place to escape for a few minutes. Outside of the office, take time to do something nice for yourself, like getting a massage, going to a sporting event, taking a hot bath, or taking a trip to a bookstore.

Unplug. If you think that the world will come to a screeching halt if you fail to answer your email within five minutes at any hour of the day and night, it’s especially important to schedule time away from work. Even if you’re not that bound to your work, it’s important to figure out what is a reasonable time to shut down from the daily grind.  

Find a hobby. Take time to pursue interests outside of work: Bonus points for escapist entertainment, meditative crafts, making delicious food or drinks, social gaming, target shooting, taking scenic drives, making or listening to music.

Eat better. Consuming nourishing food and drinking plenty of water can help decrease feelings of anxiety. Eating mindfully can help you identify and avoid problematic foods or emotional eating binges. Speaking to a doctor or dietician can help you identify nutrients you may be deficient in, or foods you might be allergic to which could be decreasing your resilience to stressors.

Do something physical. Given the stereotype of the sedentary computer geek, you might be surprised how many InfoSec folks are enthusiastic athletes. Particularly popular choices are sports that involve meditative movement (such as walking, yoga, tai chi, or qigong), pummeling inanimate objects, lifting heavy things, or just doing something to the point of physical exhaustion. Some enjoy group sports, while others crave the quiet solitude of independent activity.

These are all fairly quick and simple changes that you can incorporate into your daily life to help diminish the worry you bring home from work. In my next post, we’ll discuss things you can do that may take more time, but will make you more resilient to stress overall.

Related Content:

 

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27225
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.