Hello and welcome to this Road to Cyberrevolution webinar which is part of a series of webinars to introduce you to some of the key topics and speakers at this year's Cyberrevolution Cybersecurity Conference taking place in December in Frankfurt, Germany. I'm Warwick Ashford, an analyst at KuppingerCole Analysts covering mainly cybersecurity topics and I will be joined shortly by Sarb Sembhi and Kashyap Thimmaraju of the Mental Health in Cybersecurity Foundation for a discussion on Overcoming Stress and Building Resilience in a High-Stakes Environment.
Because in today's hyper-connected world, cybersecurity professionals constantly need to protect organizations from increasingly complex threats but this work often takes a mental toll. As you can see, mental health in cybersecurity is a key topic at this year's Cyberrevolution Conference at which we will also be discussing in depth other important topics related to cybersecurity from the 3rd to the 5th of December such as AI in cybersecurity, cyber resilience, cloud security and the economic impact of global cyber conflicts.
To find out more about these and other important topics, please register to join us in Frankfurt or online. I would now like to open up the floor to today's speakers. Welcome gentlemen, please introduce yourselves and tell us a little bit about your background in cybersecurity and then how you became involved in the topic of mental health in cybersecurity starting with you Sarb. Thank you very much Warwick and thank you for having me here and at the Cyberrevolution event in a couple weeks time. My background in cyber, I've been in cyber for 23-24 years, around about there.
I've covered all sorts of issues around cyber. I've been a CISO as well but I came into this topic around mental health and cybersecurity about two years ago in October 22 where I was chairing an event and the topic was around pressures and stress in the job and at the end of it basically what happened was we decided we'd write something and we ended up writing a report last year. In 23 we produced a report and released it in May 23 during Mental Health Awareness Week. So our journey started there and October last year we formed the Mental Health and Cybersecurity Foundation.
I'll leave the rest of the details until Kash has introduced himself but that's my background. Thank you.
Great, thanks. Hi, my name is Kaship Timaraju as Warwick mentioned and it's a pleasure to be here and my background is, so I did my PhD in computer science in particular in cloud security and network security and towards the end of my PhD I sort of felt this need to have a more human element to my work and to my research and I also experienced through my research years a lot of stress and anxiety and I tried to figure something out on how could I cope with the stressors and anxiety that I was facing through my research and I came across a lot of research.
I read books, listened to podcasts like something like this and one thing led to the other and I ended up going quite deep into productivity and well-being and sort of after that I started looking into positive psychology in particular flow states and I actually got trained by the Flow Research Collective and the final part of that training involved what's called the Magnum Opus which was a research project where we could look at anything we wanted that had to do with flow and so I actually looked up mental health in cyber security because that was my background and so I thought what's the scene over here and when I actually looked this up there was actually a lot of reports on people experiencing stress, burnout, fatigue, boredom, isolation in cyber security and that got me really interested because it's sort of my purpose to help people improve their lives and if I can do this in a meaningful way that sort of got me hooked into this area and through my research of mental health in cyber security in particular I was looking at stress and burnout I came across the report that Sarb was talking about last year and you know we had a discussion they had open calls and one thing led to another and I actually was invited to join the foundation and lead the research group over there so that's a bit of my background and my journey to actually being here today.
Great thanks and I'm so pleased that you could join us here today because you've got just the background to be able to talk really authoritatively about this topic which is fantastic. We'll talk more in detail about the mental health and cyber security foundation later but for now I just wanted to say that mental health is not really a topic you often see on the agendas of cyber security conferences so please tell us why you think it's an important and relevant topic in this context and you can carry on with that please Kasia.
Yeah so it's actually something really important and I think what you mentioned Warwick that you know mental health not really being a topic in conferences is quite true.
I would say in the past let's say a year or so there is some traction people are talking about it but it's not been this sort of main stage kind of or giving a keynote in this aspect although I think there was something at RSA maybe a few years back or something like that but it is so important because we've been focusing so much on the technology and in some sense controlling systems and computers is way easier than working with humans and mental health comes under the human aspect of cyber security and even if we look at you know human aspects or human factors in cyber security it's usually putting the human down by saying oh the humans make mistakes and therefore let's try to remove humans from the picture which I don't fully agree with.
Of course humans make mistakes but if we try to think about it also why are humans making mistakes they might not understand something but it might also be because of the environment they're working in you know stress fatigue all of these play a huge role in the way we are in the way our brain works you know so decision making is impacted our cognitive performance is impacted and it is I think we are headed in a direction where people are valuing and see that seeing that this is actually an issue I mean I think the the pandemic was is a really great example of people actually prioritizing you know mental health and well-being and I think now that we have some momentum I think it's really important that we sort of get this get this message out there and actually do something about it.
Yes I'm quite excited about the inclusion in the cyber revolution agenda because I think you know often in the past if the mental I mean I think if the human element was addressed at all it was from sort of the victim side of things or just kind of manipulation side of things and from the attacker point of view but not really looking at it from the cyber security professional point of view what's your take on that sir?
Yeah you're absolutely right and and I think it's interesting when I had seen the topic before admittedly it was never that interesting for me and I think the first few CISOs that spoke about it and I wrongly and I admit this sort of not quite ignored it because at that time it was one of those things where we thought it's not real it doesn't happen to many people and you felt that the speakers who were speaking on it were speaking as they're the only ones that have experienced it because it wasn't talked about and that's going back about five years because I think the first time I heard about it at a conference was about five years ago and it was a CISO speaking about it and you thought well yeah it's possible and it started from there but really it came to a head as I said for me two years ago chairing an event where we discussed we were discussing it and we were talking about the whole range of changes within our profession and within the industry and within our jobs and if we look at it and something that cash mentioned earlier when the way that we work um humans are geared up towards finding ways to figure out the quickest way to do things it's a bit like driving a car when you learn to drive a car everything takes all your attention and because it takes all your attention you focus on it and then what you do after you've passed your test and been a few years you experience it's second nature you can you can drive you can do anything you want to while you're doing other things yeah muscle memory absolutely that muscle memory now now in our jobs our jobs have um changed so much that there's so many things that we do today that it's not possible to have a muscle memory for all the things that we do and all of those different things are part of what's um causing stress in you know in what we're doing every day and how we're doing it in everyday life that you know there's that book um thinking fast and thinking slow again it's about muscle memory it's about a whole range of connected things and i think we're in a world now especially uh in our industry in cyber security where those that are in it are being bombarded with so many new and different things and it from a from one perspective it's interesting because you're you're getting the sort of experience you would have spent a year trying to learn at one time but nowadays you're under so much pressure that you're learning new things all the time because there's new things that are happening and i think that's the difficulty that we have in our industry yeah that kind of touches on one of the questions that i had in mind was is you know i was going to ask you that you know would you say that this kind of rapid pace of technological change is is definitely having an impact on the mental well-being of cyber security teams just having to keep up with the technology alone yeah it's it's interesting that you know we we work in technology and you talk and we talk about technology and the pace of changing technology um is vast and it absolutely is and it's strange that what i'm going to explain next and what i'm going to describe really cannot describe it enough and some of the changes i remember um going to big events like infosec where you had the year of email security you had the year of mobile devices cloud and this and that so there's lots of new things that have been coming up but many of these new things what once they've they've come about the difficulty is anything related to that group of technologies we never really um take into account the rapid changes so the the the mobile devices we were talking about 14 years ago is nowhere same as the mobile device we're talking about today they are two complete different animals the cloud that we were talking about 10 12 years ago is not the cloud that we're talking about today the digital transformation that we were talking about four or five years ago it's completely different from what it is today and all of these things yes they're technologies but within those technologies the pace of improvement change um has been phenomenal and and coping with um the implications of all of that it's been it's been quite vast and i think quite heavy going for a lot of our roles that we are dealing with um in everyday life and it has a knock-on effect completely on everything that we do because of that connectivity that we have yeah because we often in cyber security we talk about the expanding attack surface so i i guess this is what we're really talking about now is that the attack surface is expanding exponentially and and and professionals are having to come to grips with this but i just like to backtrack a bit with you cash up is you mentioned some of the things you know mentioned mentioned that burnout and that kind of thing you know we if we could get a little bit more specific about the mental health challenges that are being faced by cyber security professionals and what are the kind of most common consequences yeah so before that i wanted to actually mention that some of the research um on burnout was done also in i think 2015 or 2017 i'm not sure where they actually took an anthropological approach to studying burnout and um they actually made some interesting findings over there um so before we go maybe into the consequences it's also excuse me it's also really important to understand what causes what are the causes for um burnout like what uh sarb was just mentioning you know the the the the complex supply chain is definitely an issue and everything's changing um and the evolving uh threat landscape um some of the issues are um also lack of autonomy you know um there's lack of autonomy there's um increasing workload um there's um changing priorities and there's simply a lack of time to um upskill so these are some of the actual issues that um cyber security some cyber security some cyber security professionals um experience and if these aren't addressed then that sort of leads to the burnout and so okay speaking of burnout what um how does sort of burnout play out so one of the common um so one of the uh common experiences of burnout is uh emotional exhaustion emotional and physical exhaustion um we conducted a survey uh recently among a number of CISOs and many of them reported being um emotionally and physically exhausted but it's not just that there's also cynicism and inefficacy this is when we speak about Maslach's uh model of burnout and um cynicism is also sort of distancing people distancing yourself from people so so people just sort of don't look at people as people but they sort of tend to look at them as objects in some sense and sort of they distance them from what's really happening and then the final play out of this is inefficacy so they actually lose meaning and purpose in their work and they don't feel like they're actually working well um so this is actually quite quite a complex problem to solve and this is something that has also really been studied it's it's not just that people in cyber security experience burnout this is a phenomenon that can occur that can occur to almost anybody in any profession it's just that a lot of it has been studied in you know the human services sector and um first responders and we're now starting to see what the impact is with respect to cyber security professionals um there's actually if we think of it a lot of research has gone into understanding what maybe causes burnout but we actually don't know what the real impact is on businesses and the team um for various reasons i mean there's probably there's not real there's no real research out there and second is um even if there is i think many companies don't share such information and there's also a risk to sharing such information because people might attackers could use such information to perhaps social engineer their way into some kind of system um so i hope i hope that sort of answers your question in some sense yes i i think now we we've kind of established that there is a direct link between mental well-being and cyber security effectiveness so perhaps we should look start now looking at some of the key strategies for managing stress and preventing burnout in these high pressure security roles first i'd like to look from the point of view of the individual professional and then kind of a more management point of view so starting with the individual so what can cyber security professionals themselves do to manage and improve their mental health maybe you start with you saw at this time yeah thanks very much for that and i think the key thing really that we're trying to as a foundation do is we're trying to make sure that we don't prescribe things that are not evidence-based and in doing that we are undertaking research with a variety of different organizations and we have pulled together a case study and that case study is with an insurance company in the uk called admiral admiral insurance and that case study will be released next week and we will be making it public we have been working with admiral admiral has been doing work on its itself and investing in in this over the last five years so some of the work that they've done is evidence-based and we're going to be releasing that and versions of that over the next few weeks so i'm keen not to spoil things before we release but we have looked at a whole range of things with them and again we're trying to make sure that we don't try and advocate one rule that helps everyone because it's not going to help everyone it's dependent on people's personalities needs culture and a whole range of things but some of the things that is quite interesting that you can look at and i can say without exposing too much is if we look at the way that individually how we use technologies and how we can we talk about when we talk about this topic the topic how technologies have impacted us badly but individually we can use technologies that will help us release some of that stress and or at least make not make sure that that stress doesn't get any worse and some of the simple things that admiral have done and things that i do and that we can all sort of participate in is how we use our tools that we have when i've got smart watch my watch tells me every hour i need to get up and move and it's a reminder and before i got the watch during covid like many people i used to sit there for hours never get up and i do get up and i do get my steps in so that's one use of technology that actually has helped me and i do get uh at least 10 000 steps per day as a result of this technology other things in terms of technology on my desktop and the way i work um i keep all the things that might cause stress like email and messages that might interrupt with my work on a completely different screen that i don't look at every now and again when i feel i want to as opposed to having outlook alert me i've got another email i've got another email if i've had 70 emails and one of them was useful i haven't wasted my time on 70 when i take a break and look at it i will look at it then that's another use of technology other uses of even organizing your time at an individual level and one of the things that admiral did for example is that they don't have one hour meetings anymore they have 50 minute meetings they don't have 30 minute meetings they have 25 minute meetings and there are things that you can do as an individual in the way that you're working where you're making sure that the pressure and the stress doesn't get on top of you and that you're having breaks regularly so there are a whole range of things that you can do using technology that actually help you manage your time that suits you rather than one hour after an hour after an hour and before you realize it 10 hours later you've had 10 hours of meetings non-stop without break so there are things that we can do and as i said earlier on we're trying to make sure that everything we advocate is backed up by evidence and the case study that comes out next week is a really good one it covers individual and team and a couple of others later on i'm hoping that we get to discuss the higher than the enterprise level of what can be done there as well but i'll leave it for now thank you yeah okay i'd like to get your uh perspective on this kashyap because of the way you came to mental health and cyber security so would you agree in principle for for start with that it's kind of the individual does also have a responsibility to themselves if no one else to to kind of get this sorted and then so what would you consider to sort of be best practice when it comes to maintaining a healthy work-life balance yeah sure um so i think i i agree with a lot of what serb said i mean using technology as a way to um gain control over our time and our attention and focus and to be able to prioritize the work that we do is really really important um i think i would um say that best practice and something that's really really important is active recovery and this would be um first thing is sleep a lot of research has shown that people don't prioritize sleep and that is something that we really um should be putting on the top of our list i mean i i really want to prioritize sleep but sometimes it's just it's just not practical but um it is really important because it's only through sleep that brain chemistry changes and that actually allows us to focus and perform better um and to actually be able to focus and you know um do things um in in a very effective and efficient way um the other aspect of active recovery is like i've mentioned you know getting your steps in but it could also be something a little more stressful where um we actually engage our our sympathetic nervous system which then triggers the parasympathetic nervous system which is responsible for um what's typically called um rest and recovery so that sort of releases certain chemicals in our body that makes us feel good and calms us down and the other benefit of doing that is that we also train our body to handle more stressors and so that's really important um what's not good um if i may add is watching tv or something like that because that's passive recovery um because we're just sitting there and then we're taking in information and that sort of activates a part of our brain that could actually need some rest and so i'd like to sort of complement what sarb said by using technology for our well-being but to also not use technology because we also should not have that screen time so not having screen time on not having your screens on in the night is also a good way um to recover um with workload management and um you know time management and so on i think this is not only at the individual level but it's also like at a team level and um something of business cultures can develop is having time for focus you know there was a recent there's a lot of research on productivity and well-being among software developers and um there's this new framework that's being uh pushed by a number of researchers um it's called the dev x so the developer experience and um this sort of has roots from space and dora which is some research done out of microsoft um and other researchers but what they've come to uh their latest conclusion is that there are three core pillars we have flow cognitive load and feedback and so for people to get into flow um i think we've all sort of experienced this you know being in the zone uh losing our sense of time this is where we actually feel our best and perform our best in some sense and so i think it's really important that individuals and teams and managers allow for their team or themselves to have times that they agree on our days where they say you know we're not going to have meetings today you guys get to focus and do your stuff or you get to have some time to actually be creative and solve some problems and there's some studies that have shown this actually really benefits um and i think what's also super important is to have some kind of um for people to um you know not burn out um very often security professionals find their work meaningful and this is sort of like where this sort of hero culture comes in where they say they think and even i think you know like i'm saving the world i'm making this place a better place a safer place a more secure place and we sort of get lost in that um and that's really important we need to have or it's really important that we have uh we find meaning and purpose in our work but we sort of also need to balance that out by saying hey you know what um i really need to take a break right now and not be doing my saving the world work 24 7 365 days a year um that's just not sustainable um and i think that's sort of some of the i would say some of the best practices i mean what else is that i i i i feel like anything that can help us get into flow and get out of flow is something that we should be that's what prioritizing i don't want to say should too much um but that's something to prioritize and think about so so you know as i said i wanted to touch on some things that that management can do so we've now already sarbz mentioned uh kind of better balance with meetings not so many meetings breaks in between and you've also said kind of around the engagement and this kind of hero culture which i i really like um is there anything else that that i think sort of a manager or a leader should be thinking about though to to kind of prevent stress burnout and to just kind of enhance their engagement with the cyber security team well that that's again interesting question i'm going to come to it in a second one thing i want to add in what cash and i've already said is what we've been looking at is around work and i think that other aspect that you were asking about work-life balance um that is important but part of that work-life balance really is taking care of ourselves and it's interesting that those that suffer stress the most and and where they end up with with mental health issues often by that time they're not as cash they're not sleeping well they're not exercising as much as maybe they may have been at one time they're not eating well maybe as much as they would have done when they were at their best and they certainly aren't uh we've said sleeping eating exercising um drinking water uh hydration is yeah yeah eating and drinking so there's a lot of those personal care things that they stop doing and i think we all make excuses for ourselves oh it only happened one day or it happened i just remembered what that last one really was was around alcohol and drinking and in our culture around cyber and around many other professions there is that thing about drinking i know again that when i have an alcoholic drink even if it's the one usually it impacts my sleep that evening so i'm careful as to how i'm uh what i'm drinking when i'm drinking so that it doesn't impact my sleep all the time and i monitor it and it is that taking care of ourselves that's quite important but equally the point you raised the question you've around the team it's around looking after ourselves and the team and noticing the changes within ourselves and what we're doing within our eating habits our resting habits our our being hyper and how uh how much alcohol we're drinking when we go out not as a way of telltaling but more as a way of respectfully just understanding that you know last week you were having or last year you were having one pint when we went out now you're regularly having four pints you know what what's what's happening what's going on and it's really around observing a part is part of it another part of it is around feeling comfortable within your teams to say um i'm not feeling right i'm not feeling well it may be nothing to do with work it may be to do with uh personal life could be financial it could be family it could be any one of those things but being able to say to someone in the team what's going on and to be able to be heard and heard in the right way and within the foundation we are creating a framework a mental health um framework uh and it's it covers lots of different levels and one of those levels that we're covering that is a topic that we call transparency which is about being able to say not just to your team privately but being able to say to your organization i am feeling stressed i need to take time out it's slightly different from taking a sick day where you have to prove that you're sick um and this is this is that different thing and the transparency goes wider than just being able to say that to your organization it's also being able to say i i i'm thinking of leaving because i am very stressed um i'm burnt out and i need to go and then being able to say to your recruiter don't put me in another role where i'm going to go somewhere else and it could be out the frying pan into the fire but you can be honest leaving you can be honest to your recruiter and you can be honest where you're going to um that you don't you're not looking for another really really really stressful job but at the moment there's nothing that's right in the industry that enables us to say it say exactly that so within the team yes it's good that we can do it but we need to go wider than the team yeah i i know you want to address that and then hopefully we'll get around to to talking about that but you've now mentioned this you know create being able to kind of share and and and and be honest and so on but how can security managers leaders and organizations go about creating this supportive workplace that you're talking about because i mean it's it's a it's a work it's a supportive workplace culture really and you know how do you go about creating this this culture that prioritizes mental health where people feel comfortable talking about these topics um i think the the biggest mistake you could that the organization or the team can make is that they're going to find the answer within their team what they need to do and um we do work within the mental health and cyber security foundation on our steering group we have got three individuals who provide such services they provide consultancy services cash is one we're not recommending that you go out and use these three people but what i am saying is don't assume that you can find the answers internally you often the best thing to do is look outside to see if you can get someone independent to come in and actually help identify and create that atmosphere create that team setting and that's one of the things that admiral did they did go outside they brought someone in to help them and facilitated from what what the question you asked what what may have been not a culture of sharing but to be one that was far more supportive and looked at what they wanted from that support and those are the sorts of things where if they're trying to do it internally they may not get the results that all of them want but by getting someone externally everyone can be honest without offending anyone else necessarily and i think that's quite important looking feeling that you can come up with all the answers you may have the answers but to get someone independent to actually bring them out and to prioritize them or help you prioritize them in the right way is actually a good way to go okay so uh we've talked about addressing mental health and cyber security on the individual and tournament team or organizational level but as you've hinted you you believe that it also has to be addressed at a wider level perhaps even a national level so could you explain why you guys think that and exactly what you think needs to be done because you want to go that first and then i'll add to it if you like um okay so i think um it's it's really important to have this from a national level because if we look at any of the cyber resilience policies of a nation what we see is that and sort of this is borrowing from you sarb so we see that um they they mentioned that the the resilience of the nation relies on the resilience of the enterprises and you got to just keep going recursively so what is the resilience of the enterprise it depends on the resilience of the teams and what's the resilience of the team it depends on the individuals and so you can see that this is quite a deep rabbit hole and if we want to start prioritizing the resilience of the nation we have to cover all these levels and this is actually one of the major reasons why we need to start or it's really important that we start focusing this at a national level i mean if we think about it it's also you know if you look at the political situation across the globe today nations also need to start consider or are beefing up security um you have national national level security operation centers and so on and so it's really important that these people the people working at this level um are actually supported and have the kind of resilience that we're talking about here so do you want to add to this please yeah of course thank you um so so you're absolutely not right warwick and cash in the sense that uh it's not just national it's international the national level is from the government down the international level is the industry then there's the professional level as well so the national level you've covered the international level is the perfect is the industry because the cyber security industry in the whole world is being affected by this and we do need to be looking at it uh and what it is that we expect the industry and our professionals to be doing and what sort of hours we expect i mean we've spoken cso's and there's plenty of cso's that will say to you you know uh their staff um have not gone to a charter chart their child's um play or their christmas this or their christmas that for a long time we've had a cso say that their team um what you know some members of their team were 15 minutes late for their own wedding and there's these sorts of crazy things stories that we hear within cyber security and we expect we sort of talk about these and we joke about them but really they're quite serious it shouldn't be like this and we need to be addressing this as an industry and as a profession we also need to be addressing it in the sense that many of the current certifications are out there um they are focused almost entirely to get in cyber security you've got to be technical to have to be a cso you need lots of technical experience there's not much that's mentioned outside of that technical experience so all of our um job descriptions and all of our roles and the desirable sort of qualities all of them are essential mandatory that every single one of these around you know technology and experience of technology they're not around managing the team and making sure that the team works well so the people side of things we we're forgetting and we've been forgetting this for a long time so what we need to be doing is dealing with this and dealing with it in a way over a period of time because most of us my age your age you know we know that we've been around a while and we cannot change overnight but the cso's of not tomorrow not next year but four five ten years time they're cso's that have got well balanced background and some of the skills they've got the skills that um we may not have so easily that we may be having to buy in i'm not saying that they won't be buying them in the future i'm saying that they'll recognize it far earlier and they'll be able to budget for these things far earlier because they'll have the skills so there are multiple levels um that we are looking at this from and i mentioned earlier on about the recruitment level and it is very very important because um there's right now we know that the average life of a cso is between 24 to 36 months it keeps changing all the time and it may get slightly less it may get slightly more but the point is even the 36 24 to 36 months is not very good and it means that we're going to come into role we're going to be implementing technology we never budgeted for we're going to budget for technology we're never ever going to implement and we're dealing with things and we're so far removed from them in some respects and and it's it's not right it can only be sustained for a period of time and i think something somewhere some point will give um and we're going to get far worse stories than we've had from the states like uber incident and so on they're going to be very different and it's going to boil back down to the cso and the industry as a whole okay um that sounds really good thank you so much for that that summary i think before we waste or we lose any more time uh i'd like to just ask you guys to tell us more about the mental health and cyber security foundation and i'm going to put up some of the links that you've provided so if you could just tell us about the foundation and how people can interact with uh with these links and where where the links go and and how they can be used that would be great i'll start off then um yeah so basically uh the foundation there's some basic information at that first it's been the um foundation's website or web presence is being hosted by virtually informed um we are we have got a home page for that we've got a charter there is some research there's community practice um cash will cover the research but effectively we've got a few groups there's a apart from the research group we've got community practice group we have got a um a charter group we've got a framework group as well so we are looking at all of these things and we're expanding on these one of the easiest ways to connect with us is through linkedin uh we're not very good at keeping everyone informed through linkedin at the moment because there's only a few of us trying to do lots of things we are hoping to attract through speaking to yourself warwick and speaking at events to attract more people to participate and help us spread the word and actually do some of the work around the foundation's charter the framework that we've got for example help us with some of the research i'm not going to cover the research in detail i'm going to pass over to cash but there is a lot going on and what we're looking for is participation and involvement from people to help us make it happen cash yeah so um i so i'm leading the research group at the foundation and we're collaborating with a number of uh organizations for research on in mental health and cyber security um we're working with recruiters we're working with research institutes we're working with service providers to get a better picture of what the state of mental health in cyber security is and this is quite a broad area yeah thanks for that cash um a couple of things i'd like to add and i think it's quite important one of the things that we are doing in terms of the research we are working with our charter signatories we will be sending out surveys to them and collating what they were doing and what they are doing um so we've got a whole range of different questions that we're looking to um get evidence on some of it's around current practices practices some of it's around um particular professions like for example the instant responders we're trying to do very very specific research and trying to answer some questions that been on our mind that we did put out in our first report in may of 23 last year so there's a lot going on around there if there's anything that takes your interest please do get in touch with us at the email address there and um and we'll be in touch with you thank you back to you warwick yeah so you you mentioned the the study that's coming out that's what you did with admiral how how can people access that right um so so next week we've got a workshop with um some of the people that we're working with who are charter signatories and that will be the first time we're presenting it we have got a paper version meaning like an academic research paper then we've got presentation version the both versions will only be available to those people that we're working with closely this side of christmas once everything's been agreed within admiral within what they are allowed to release that will be post christmas so they will be able to access it and download it it will be available on on the website um we will yes the foundation yeah uh it will the foundation will separate from uh virtually informed site it just seems easy to manage it at one place at the moment that's all okay so beyond beyond that and the other things that we've discussed are there any specific training programs or resources that that have proven effective in addressing mental health challenges in cyber security because you said that you know it's important to kind of reach out get get the help in but i was just wondering whether there are kind of existing training programs or resources that that are available that you could perhaps recommend or point people in the direction and we are also that is one of the areas of work that we are also trying to do which is around signposting where people can go the challenge that we've got with that is because is that if we put our name to it and something goes wrong we will be in trouble so the only signpost that we can give right now apart from saying that three of our steering group members are service providers we can say that there is an organization called cyber minds there's one mind itself in the uk cash works with the flow institute so there are a few out there it's just a case of looking and at the moment we're going to be collating many of these services so we can signpost them and that we're signposting for the right thing for the right person because what somebody might be looking for is individual help with an organization what they actually need is individual help outside of the organization mean a personal thing so there's things like that that we're trying to clear up in our own mind first before we start promoting and signposting those that we are aware of unfortunately we are that early stage in in that research because we're very worried that we may um miss signpost somebody and and that won't be good for them or for us yeah i know exactly what you mean is when people ask you for recommend recommendations for restaurants or or films and so on you make a recommendation they absolutely hate it so i know i know exactly what you mean i we've covered quite a lot of territory i think uh but is there anything that you would like to speak about that we haven't perhaps covered that you guys would like to sort of perhaps add as as a sort of closing statement or just kind of wrap up or anything we just haven't really addressed that you think is really important that you'd like to get across to the audience today cash you want to go first yeah sure um i think um we talked about um a lot of mental health from the perspective of um you know stress burnout fatigue um and it sort of has um in my mind like a negative connotation to it what i would also urge um the listeners today and um everybody who listens to this is to also think of the positive aspects um as well because it's not just people being stressed out or being burned out and so on but there are also many people thriving in the industry and so i would encourage leaders and individuals and managers to think of this from both the perspectives that how can i actually help my team or how can i actually thrive and be more engaging at work but how can i also prevent people um how can i prevent myself from experiencing high stress or perhaps leading to burnout so those would that would be my sort of last words on this but my last word is just to re-emphasize that we have got a case study coming out next week and i'm reluctant to talk about it but there are so many benefits that are mentioned there that the organization admiral got from the whole exercise the work that they've been doing and the program they had that they didn't expect so i think you know it's really worth looking at that and it does it will impact the type of resilience of your organization uh if you start working towards making some changes now um including things like retention and we've talked in the industry for so many years about skills gap which means that you can't afford to lose your best people your most experienced people who may be the CISOs who may be the instant responders and so on so you know there are many many benefits to taking care of your people um and please do look out for for our use you know our case study okay great so we'll we'll leave it there for today and if you'd like to find out more about mental health and cyber security please join us in person or virtually at cyber revolution saab will be there to share more of his expertise and present an outline of a proposed cyber's resilience framework for stress burnout and mental health that he mentioned and he will be joined by jasmine iskenzie who's the co-founder and ceo of the will be speaking on harnessing mindfulness to combat social engineering attacks as well as innovation director at north wave investigation and innovation who will be speaking on cyber security and mental health navigating crisis impact and herbert burda media who will be speaking on stress burnout and declining motivation in cyber security so if you'd like to meet any of our speakers register for your ticket today on the cupingacol website many thanks to our brilliant speakers in this session saab sebi and kashyap timiladju for sharing their perspectives in this road to cyber revolution webinar thanks gentlemen and we look forward to seeing you all in frankfurt thank you thank you
