Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

4/25/2016
04:00 PM
Lysa Myers
Lysa Myers
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Surviving InfoSec: Digital Crime And Emotional Grime

The never ending stream of threats, vulnerabilities, and potential attacks can take its toll on the typical security professional. Here's how to fight back against the pressure.

First in a two-part series about reducing on-the job stress and anxiety.

Over the years I’ve talked a lot about how much I enjoy working in the information security industry. Ours is a very tight-knit community of people who feel a passionate calling to defend our networks and systems. But as security emergencies are an inevitable part of the job, there can also be a fair amount of emotional strain. It’s important to have a cache of tools to help alleviate that.

In InfoSec, the pressures we face are similar to those you would find in other emergency response or physical security jobs. With a never-ending stream of threats, vulnerabilities, and potential attacks, we are constantly exposed to the negative aspects of humanity. As a defender, we act as a filter for that emotional grime, protecting our users from its negative effects.

And because digital crime is a fairly new concept to most people, it might not be treated with the same urgency as physical security threats. When you talk about vulnerabilities in your environment, friends and colleagues may think that you are tilting at windmills. This can lead to feeling underappreciated.

The stress from emotional grime is less personal but more overwhelming because threats seem to be omnipresent. In this case, it may be helpful to find things that make you feel positive about other aspects of your life or that “quiet” your mind. The stress from feeling underappreciated may be more personal, so it may be helpful to try things that change your perspective or improve your communication skills.

Packing your infosec survival kit

What works for one person may be the exact opposite of what works for another, but here are 10 strategies worth considering:

Go outside. Walking in nature can be a great source of comfort. If you can’t get to a forest in a moment of need, gardening or even looking at roadside trees can clear your head and make a difference in your overall emotional health.

Find an animal to pet. The opportunity to interact with animals can be a huge boon to your health. Having to take time to walk your pets gives you a fantastic excuse for getting out of the office, to get exercise, and maybe see those trees.

Get organized. Rather than taking up mental cycles trying to remember all the things you need to get done, write things down. If you’re big on systems, there are a bunch of popular ones out there like Getting Things Done, and the Pomodoro Technique. As long as it’s not a procrastination method, going on cleaning binges can be a great way to relieve stress.

Create Structure. Sticking to a routine as much as possible, whether you’re at home or on the road, can reduce strain on your body and mind.

Soothe yourself. Offices can be overwhelming places, which is especially challenging for people with Sensory Processing Disorders or Sensory Processing Sensitivity. (Given the number of people on the Autism Spectrum in tech, that probably includes many of us!) Get a really good set of headphones, set up a white noise generator like a fan or desktop water feature, or find a secluded place to escape for a few minutes. Outside of the office, take time to do something nice for yourself, like getting a massage, going to a sporting event, taking a hot bath, or taking a trip to a bookstore.

Unplug. If you think that the world will come to a screeching halt if you fail to answer your email within five minutes at any hour of the day and night, it’s especially important to schedule time away from work. Even if you’re not that bound to your work, it’s important to figure out what is a reasonable time to shut down from the daily grind.  

Find a hobby. Take time to pursue interests outside of work: Bonus points for escapist entertainment, meditative crafts, making delicious food or drinks, social gaming, target shooting, taking scenic drives, making or listening to music.

Eat better. Consuming nourishing food and drinking plenty of water can help decrease feelings of anxiety. Eating mindfully can help you identify and avoid problematic foods or emotional eating binges. Speaking to a doctor or dietician can help you identify nutrients you may be deficient in, or foods you might be allergic to which could be decreasing your resilience to stressors.

Do something physical. Given the stereotype of the sedentary computer geek, you might be surprised how many InfoSec folks are enthusiastic athletes. Particularly popular choices are sports that involve meditative movement (such as walking, yoga, tai chi, or qigong), pummeling inanimate objects, lifting heavy things, or just doing something to the point of physical exhaustion. Some enjoy group sports, while others crave the quiet solitude of independent activity.

These are all fairly quick and simple changes that you can incorporate into your daily life to help diminish the worry you bring home from work. In my next post, we’ll discuss things you can do that may take more time, but will make you more resilient to stress overall.

Related Content:

 

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.