Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

4/25/2016
04:00 PM
Lysa Myers
Lysa Myers
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Surviving InfoSec: Digital Crime And Emotional Grime

The never ending stream of threats, vulnerabilities, and potential attacks can take its toll on the typical security professional. Here's how to fight back against the pressure.

First in a two-part series about reducing on-the job stress and anxiety.

Over the years I’ve talked a lot about how much I enjoy working in the information security industry. Ours is a very tight-knit community of people who feel a passionate calling to defend our networks and systems. But as security emergencies are an inevitable part of the job, there can also be a fair amount of emotional strain. It’s important to have a cache of tools to help alleviate that.

In InfoSec, the pressures we face are similar to those you would find in other emergency response or physical security jobs. With a never-ending stream of threats, vulnerabilities, and potential attacks, we are constantly exposed to the negative aspects of humanity. As a defender, we act as a filter for that emotional grime, protecting our users from its negative effects.

And because digital crime is a fairly new concept to most people, it might not be treated with the same urgency as physical security threats. When you talk about vulnerabilities in your environment, friends and colleagues may think that you are tilting at windmills. This can lead to feeling underappreciated.

The stress from emotional grime is less personal but more overwhelming because threats seem to be omnipresent. In this case, it may be helpful to find things that make you feel positive about other aspects of your life or that “quiet” your mind. The stress from feeling underappreciated may be more personal, so it may be helpful to try things that change your perspective or improve your communication skills.

Packing your infosec survival kit

What works for one person may be the exact opposite of what works for another, but here are 10 strategies worth considering:

Go outside. Walking in nature can be a great source of comfort. If you can’t get to a forest in a moment of need, gardening or even looking at roadside trees can clear your head and make a difference in your overall emotional health.

Find an animal to pet. The opportunity to interact with animals can be a huge boon to your health. Having to take time to walk your pets gives you a fantastic excuse for getting out of the office, to get exercise, and maybe see those trees.

Image Credit: A. Davey

Image Credit: A. Davey

Get organized. Rather than taking up mental cycles trying to remember all the things you need to get done, write things down. If you’re big on systems, there are a bunch of popular ones out there like Getting Things Done, and the Pomodoro Technique. As long as it’s not a procrastination method, going on cleaning binges can be a great way to relieve stress.

Create Structure. Sticking to a routine as much as possible, whether you’re at home or on the road, can reduce strain on your body and mind.

Soothe yourself. Offices can be overwhelming places, which is especially challenging for people with Sensory Processing Disorders or Sensory Processing Sensitivity. (Given the number of people on the Autism Spectrum in tech, that probably includes many of us!) Get a really good set of headphones, set up a white noise generator like a fan or desktop water feature, or find a secluded place to escape for a few minutes. Outside of the office, take time to do something nice for yourself, like getting a massage, going to a sporting event, taking a hot bath, or taking a trip to a bookstore.

Unplug. If you think that the world will come to a screeching halt if you fail to answer your email within five minutes at any hour of the day and night, it’s especially important to schedule time away from work. Even if you’re not that bound to your work, it’s important to figure out what is a reasonable time to shut down from the daily grind.  

Find a hobby. Take time to pursue interests outside of work: Bonus points for escapist entertainment, meditative crafts, making delicious food or drinks, social gaming, target shooting, taking scenic drives, making or listening to music.

Eat better. Consuming nourishing food and drinking plenty of water can help decrease feelings of anxiety. Eating mindfully can help you identify and avoid problematic foods or emotional eating binges. Speaking to a doctor or dietician can help you identify nutrients you may be deficient in, or foods you might be allergic to which could be decreasing your resilience to stressors.

Do something physical. Given the stereotype of the sedentary computer geek, you might be surprised how many InfoSec folks are enthusiastic athletes. Particularly popular choices are sports that involve meditative movement (such as walking, yoga, tai chi, or qigong), pummeling inanimate objects, lifting heavy things, or just doing something to the point of physical exhaustion. Some enjoy group sports, while others crave the quiet solitude of independent activity.

These are all fairly quick and simple changes that you can incorporate into your daily life to help diminish the worry you bring home from work. In my next post, we’ll discuss things you can do that may take more time, but will make you more resilient to stress overall.

Related Content:

 

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31476
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
CVE-2021-31477
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
CVE-2021-32690
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
CVE-2021-32691
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).