Charley Nash, Author at IT Security Guru

Cyber Mindfulness Corner Company Spotlight: Cybermindz

Charley Nash — Mon, 18 Sep 2023 15:48:23 +0000

At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week’s guest has set up a dedicated organisation to do just that! Peter Coroneos, Founder and Executive Chairman at Cybermindz, spoke to the Gurus about the importance of supporting the wellbeing of cybersecurity professionals and why the time is now for change.

Peter is a cybersecurity veteran, with years of experience across the cyber and technology sectors. His resume is broad, extensive and impressive, currently serving as a global ambassador for Paris-based not-for-profit Cybersecurity Advisors Network, with over a decade of experience as CEO of Australia’s Internet Industry Association (1997-2010), and a pioneer for the development of the 2010 icode scheme (a scheme embraced by the Federal Government in Australia and adapted for the US government). In recent years, however, Coroneos has turned his attention to the mental health of cybersecurity professionals. In 2022, he established Cybermindz, a dedicated not-for-profit mental health initiative. Cybermindz launches in the UK this week.

“The existence of Cybermindz is testimony to a very real problem. A problem you wish didn’t exist, but it does. It’s because of that very suffering that we’re here,” Coroneos said, regarding the founding of the organisation. It’s well documented that cybersecurity is a thankless industry, with professionals increasingly more often reporting signs of burnout and stress. Coroneos notes that the relentless threat environment posed by unseen attackers causes the neurology of cybersecurity professionals to adapt into an unhealthy state of ‘hypervigilance’. He notes that we’re not adapted, according to environmental biology, to combat virtual threats. Traditionally, our attackers would have been in front of us and visible. Therefore, there’s a disconnect in the way our brains approach these threats. Burnout, in this case, is the product of the failure of the human neurology to adapt to these modern threats.

The Cybermindz program directly addresses the risk of burnout and skills loss in existing cyber teams. The organisation aims to equip leaders “with the necessary coping skills and support to ensure they remain happy, effective and resilient in the face of an escalating threat environment. Our mission is to support the performance of cyber teams and related professionals, improve skills retention and enhance the health, wellbeing, productivity and cohesion of our most critical human assets, and those who work with them.” Cybermindz is peer-informed and will operate at scale to transform the human face of cybersecurity.

Coroneos knows the importance of wellbeing support for cybersecurity professionals first-hand: “We’re all cyber people ourselves; we are the industry. It’s painful to witness the human toll on people you really care about. The people who defend us but aren’t recognised. They take the brunt, so society doesn’t need to suffer. This plays out on health and relationships though.”

Peter is also an accredited Integrative Restoration (iRest) teacher and practitioner of this and related disciplines since 1977. iRest is at the heart of Cybermindz offerings, with virtual and in person sessions available for organisations. But what is it? According to the Cybermindz website, iRest is “a simple 10-step protocol that is easy to learn and can be practiced anytime, anywhere. Its positive effects are supported by scientific trials and military based research.”

“iRest can be practiced in short sessions of 10 or 20 minutes, to induce deep relaxation and leave you feeling refreshed and alert. It can also be used before bed, to ease your body and mind into restful sleep, even if you work shifts or are sleep deprived.”

Additionally, Cybermindz offers organisations the chance to take part in a two-hour explorative masterclass on the neuroscience of burnout, along with courses spanning from 8-weeks to 36-months. They pride themselves on offering support for organisations that’s easy to implement and builds resilience. Being remote, they open themselves up for scaling.

But why now? Coroneos says: “we’re fighting an asymmetrical war. We never know if we’re safe. Organisations and security professionals are in a pincer between the bad actors and pressures from their own organisations.” When it comes to cybersecurity, Cybermindz have identified 15 unique factors to cybersecurity that lead to burnout and stress for professionals, including success invisibility, under resourcing, ‘remotification’, relentlessness, and understaffing.

To coincide with the UK launch of the non-profit, this week Cybermindz are hosting a virtual summit on the topic of UK mental health in cybersecurity leadership. The event will bring together cyber leaders and practitioners to explore what a solution to the burnout and mental health crisis in cybersecurity might look like. The summit is designed to explore a constructive way forward. The iRest protocol will also be demonstrated.

The event runs from 10am-12pm on Thursday 21st September 2023. You can register for free here: UK Mental Health in Cybersecurity Leadership Summit + UK launch of Cybermindz | Humanitix

Do you know an organisation that’s doing incredible things for employee wellbeing? Email me at charley@itsecurityguru.org.

The post Cyber Mindfulness Corner Company Spotlight: Cybermindz appeared first on IT Security Guru.

Armis forges ahead into Cyber Exposure Management as it readies for IPO

Charley Nash — Fri, 15 Sep 2023 10:30:59 +0000

During a live-streamed even this week, Armis co-founders Yevgeny Dibrov and Nadir Izrael laid out the company’s vision for the future, which is centred around its newly announced AI-powered cyber exposure management platform dubbed Centrix.

“In a perimeter-less world, where assets are digitally connected, traditional cybersecurity boundaries no longer exist. Legacy on-premises systems and point solutions are no longer fit for purpose, leaving your attack surface and most critical assets open and exposed to cyber criminals and multiple bad actors,” explained Nadir Izrael, CTO and Co-Founder, Armis. “The sheer scale and dynamic nature of the attack surface necessitates an entirely different, AI-driven approach, and that’s what Armis Centrix is – the AI that powers a suite of powerful tools for managing cyber risk exposure.”

It’s a strong message, particularly in light of recent cyberattacks like the one on MGM over the weekend. Addressing how organisations, especially larger ones, are still struggling to get cybersecurity right, Armis CISO Curtis Simpson emphasised that by 2025, the number of connected assets will grow to 50 billion.

“Even today, 80% of these assets remain unseen, unmanaged and lacking in any security measures,” he said. “In parallel, vulnerabilities have also increased at a rate of 689% over the last 6 years. Environments are now incredibly complex, hybrid environments with many forms of interconnected assets. Attackers are now regularly taking advantage of this complexity to establish a foothold and then move through environments quietly, exploiting as many vulnerabilities on unseen assets as possible.”

Simpson also noted that due to this fast-changing and challenging situation, it is understandable to see organisations struggling to stay ahead. “The challenge is that everything from IoT, OT and physical / virtual IT devices are not only interconnected at scale, but the business use of such assets evolves constantly, as does the corresponding threat landscape. The challenge is that when we consider capabilities like vulnerability scanning and penetration testing, the traditional security stack was not built with this degree of change and exponential growth of varying forms of interconnected assets,” he explained.

“Anything from an embedded vulnerability in a VOIP phone to an exposure in a cloud container can be used as a stepping-stone in today’s most material and subversive attacks,” Simpson continued.

He stated that this means that organisations must first focus on ensuring that they have continuous, contextual visibility into their entire attack surface. Simpson posited, “Next, based on this intelligence, surgically prioritise vulnerability mitigation and remediation based on the potential for material impact, not only the CVSS score. From there, the continuous monitoring of all connected assets against their potential to materially disrupt the business becomes paramount.”

Ultimately, Simpson concluded, “the long-term successful approach to optimising resiliency and minimising the materiality of cyberattacks revolves around contextual asset intelligence that spans the entire connected landscape.”

Enter Armis Centrix

Armis Centrix helps organisations see, protect and manage their entire attack surface, continuously safeguarding their mission-critical assets from cyber threats. Born in the cloud and fueled by AI, only Armis Centrix delivers a true modular approach to cyber exposure management covering the most critical cybersecurity needs for Armis clients across four solutions:

Asset management and security – Complete asset inventory of all asset types allowing any organisation to see and secure the attack surface
OT/IOT security – See and secure OT/IOT networks and physical assets, ensure uptime and build an effective and comprehensive security strategy
Medical device security – Complete visibility and security for all medical devices, clinical assets and the entire healthcare ecosystem – with zero disruption to patient care
Vulnerability prioritisation and remediation – Consolidate, prioritise and remediate all vulnerabilities; improve mean time to remediation (MTTR) with automatic remediation and ticketing workflows

Armis also shared that customers across the globe have been expanding their use of the Armis Platform with a 50% adoption rate of two solutions in the Armis portfolio and over 15% using three or more of its solutions in the past year.

Armis protects critical assets for notable companies

Some notable recent wins include Vestas, the leading manufacturer and service provider for sustainable wind energy in the world, Reckitt, the multinational consumer goods company, Booking Holdings, the world leader in online travel, the Port of Antwerp, the world’s largest cargo port and JLR, the biggest luxury vehicle manufacturer in the UK.

“As a leading manufacturer and service provider for sustainable wind energy, our customers require a high degree of security controls to meet regulatory requirements. We utilise Armis to detect and respond to threats and have worked extensively with Armis to shape the integration, so the product fits into our overall detect and response strategy. The insights provided by Armis have proven highly valuable in day-to-day operations again and again, and we are currently expanding our installation,” said Steffen Høgh Vinter, Director CMRC Enablement and Problem Management, Vestas

“When we started the program from a central cyber team, we had no visibility into our factory so every device was unseen. Now, with Armis deployed in half our factories, we’ve seen 10s of 1000s of devices that we didn’t know about before. Armis is allowing us to address three use cases: firstly, giving us that visibility that we didn’t have before. Secondly, allowing us to identify vulnerabilities, which allows us to de-risk our state. And thirdly allows us to identify any unusual behavior that’s happening in our network,“ said David Boyd, Director of Cyber Strategy & Engagement at Reckitt.

“Armis is one of those inventions that simply needed to happen. It meets a foundational, unmet need in cybersecurity, namely the ability to “see all evil” (on the network) by discovering rogue devices and providing real time intelligence about their identity and condition. With Armis, there’s no need for an army of engineers or analysts to decipher complex systems and their signals,” said Spencer Mott, Chief Security Officer, Booking Holdings

Armis CEO and co-founder, Yevgeny Dibrov, concluded: “We focus on empowering businesses with asset intelligence and actionable plans so they can be assured that their infrastructure is safe and operational at all times. I measure our success not only in financial growth, but in the positive impact that the company is having on virtually all industries thanks to the trust that our customers have given us.”

The post Armis forges ahead into Cyber Exposure Management as it readies for IPO appeared first on IT Security Guru.

Blame Culture: An Organisation’s Ticking Time Bomb

Charley Nash — Wed, 06 Sep 2023 10:13:38 +0000

An organisation’s attitudes to cybersecurity are almost as important as the steps taken to prevent such attacks. Regardless, when something does go wrong, blame culture tends to run rife. With rising fear of litigation, a human tendency to want to know who’s responsible and increased attacks across the board, business and security leaders must decide to foster a culture of free of blame – or not.

Mistakes happen, but when mixed with fear, shame and guilt, employees are faced with an important choice: to report or not to report. This decision, either way, is rooted in a company’s established values and ideology. As a 2022 Gigamon survey highlighted, 94% of IT and security leaders worldwide believe that blame culture could also be a deterrent to the speed of reporting an incident. But what is blame culture? And what toll does it have on our wellbeing?

Simply put, blame culture, according to researchers at the Oxford Review, is defined as an environment where people, or groups/teams of people, are frequently singled out and blamed, criticised and fault is apportioned for mistakes and errors. This tends to result in a situation where people are reluctant to accept responsibility for their actions and mistakes, because they are afraid of criticism and reprimands from their managers and leaders.

In cybersecurity, for example, if someone was to click on a phishing email and compromise a company’s data they may suffer harsh consequences like sacking or, for some professionals, a hefty fine. If a company has a policy that’s harsh on professionals when mistakes happen, employees may be less likely to own up when they do make mistakes, ultimately increasing risk for all. Equally, cybersecurity professionals themselves may feel obliged to work longer hours to make sure systems are secure to circumvent these risks leading to burnout, which, again, creates an unhealthy and unbalanced workplace culture. As a 2020 Nominet survey found, 95% of CISOs worked more than their contracted hours.

Renske Galema, Area Vice President Northern Europe at CyberArk, explains further: “When an employee makes a mistake resulting in a damaging data breach, organisations sometimes feel the need to blame them. While this blame culture may help businesses feel better in the short-term, it has a negative long-term impact on their cybersecurity posture – discouraging employees from reporting cyber mistakes and delaying the company’s ability to mitigate damage.”

Galema continues: “The blame culture misses the point. Rather than looking for someone to blame when a problem occurs, organisations must instead focus their efforts to keep their security programmes, especially their identity security, tight.”

Blame culture also carries significant risk to wellbeing, as Dr. Paras Patel, Chief Scientific Officer at The Zensory, told The IT Security Guru:

“Such environments [of blame] often lead to processes which do not offer constructive support or solutions and lead to individuals working in a self-preservative manner to avoid any shame or blame i.e., instead of learning from mistakes, employees may try to hide them, so they do not get punished. Nobody will take accountability for problems if they think they will be punished for doing so.”

“Such toxic environment and culture can have significant impact on wellbeing, including:

Psychological Distress: Constantly feeling blamed or shamed can lead to high levels of stress, anxiety, and depression. Individuals may develop feelings of worthlessness and inadequacy, damaging their self-esteem, having long term mental health and wellbeing implications

Fear of Failure: In an organisation that places blame and shame on mistakes, individuals could be hesitant to take chances or make choices out of concern that they’ll be singled out if anything goes wrong. This failure-related dread might hinder their ability to advance personally and professionally.

Breakdown in relationships: Blame and shame undermine teamwork and mutual respect among individuals and groups. People become reluctant to engage in open communication, information sharing, or productive teamwork when they experience continual criticism. This could lead to them feeling isolated at work with evidence showing that isolation can lead to negative impact on mental health and wellbeing.

Burnout: Being around guilt and shame for prolonged periods of time can cause chronic stress. The constant need to work in an environment where no mistakes can be made or where you must justify actions to place the blame elsewhere has a negative impact on individuals physical and mental health.”

Of course, a culture free of blame does not mean a culture free of responsibility.

Paul Baird, Chief Technical Security Officer EMEA at Qualys shares this sentiment: “Drawing a clear distinction between responsibility and blame is crucial for creating a healthy and productive organisational culture. Responsibility entails being accountable for one’s actions and decisions, acknowledging the consequences, and taking steps to rectify or improve situations. It’s a fundamental aspect of personal and professional growth, allowing individuals to learn from experiences and contribute positively to the organisation’s progress.”

Baird continues: “In some cases, organisations and leaders might misuse responsibility as a tool for blame. They might assign responsibilities with the intention of later using them to assign blame for failures, creating an environment of distrust and anxiety. This turns responsibility into a weapon rather than a constructive mechanism for fostering growth and accountability. A more constructive approach is to view responsibility as a character builder. When individuals are entrusted with responsibilities and provided with the opportunity to learn from both successes and failures, they develop resilience, problem-solving skills, and a sense of ownership.”

Dr. Paras Patel concludes: “Creating a positive culture where individuals feel comfortable owning up to mistakes has not only positive wellbeing effects for the individual, it can also have a positive impact on the organisations.”

The post Blame Culture: An Organisation’s Ticking Time Bomb appeared first on IT Security Guru.

Cyber Mindfulness Corner Company Spotlight: Egress

Charley Nash — Thu, 24 Aug 2023 09:44:06 +0000

At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Jack Chapman, VP of Threat Intelligence at Egress, spoke to the Gurus about the human side of phishing, leading by example, and eradicating blame culture.

When it comes to mental health and wellbeing support, Egress are a shining example of how a rounded, but personalised approach is key. They offer a wide range of traditional support, alongside dedicated programmes to foster mental wellbeing, including financial advice and private healthcare schemes. Earlier this year, they were named one of the 2023 UK’s Best Workplaces for the second year too.

On the importance of mental health in the workplace, Chapman says: “if we don’t look after our people how can we push forward together?” He continues, regarding their comprehensive company wellbeing offerings, “in terms of offering a broad range of elements, it’s understanding that people don’t fit into neat boxes, people need supporting at their level, at different times.”

Egress offer their employees a whole range of programmes to support their staff, including:

Qualified mental health first aiders in the office.
Employee assistance programmes including a set number of free structured counselling sessions. For example, in the UK this is via Legal and General.
Time off / work-life balance incentives are on offer including:

- Flexible working.
- eFlex – a scheme that enables employees to flexibly take up to 15 additional days of paid leave throughout the year.
- Paid time back.
- Increased holiday entitlement.
- Enhanced maternity package.
Active listening / feedback regularly taken from employees to improve the workplace.

Egress aim to stop data breaches by reducing human activated risk, so it makes sense to foreground the ‘people’ element of cybersecurity and provide ‘human’ support for employees and customers. The most common threat vector of UK businesses last year was phishing attempts (83%), according to the Cyber Security Breaches Survey 2022. When it comes to phishing, Chapman notes: “phishing isn’t just the technical problem, it’s a people problem as well.” He succinctly describes cyberattackers as aiming to ‘trick’ users in these sorts of attacks. He notes that what cybercriminals do is try and invoke fear and strong emotions, ultimately leading to emotional distress. Egress aim to work with victims to educate on why this is dangerous, in an attempt to balance the technical needs of businesses, but also the needs of the person who is being targeted.

Chapman notes that we need to move away from a culture of blame: “The last thing in terms of the cyber phishing is how many businesses respond to it. We’ve seen those industries where they’re slightly older school thinking, where they might punish people with more training, they might have policies like ‘you’ll have three breaches, then you’re dismissed’. All this does is actually create a negative culture where people won’t come forward… And that’s why it’s so important to blend human wellbeing with security.”

But how can organisations move away from blame culture? “I think first and foremost, it starts with leadership, and showing that leaders can make mistakes in these areas. They need to step forward and almost show you the way forwards.” Chapman notes that the importance of accountability must be instilled in everyone, including those from a non-technical background. He notes that unity of approach is key.

“And I think by having that collaborative approach, you destigmatize the fear that surrounds the fallout of these events. And it might be the case where some stakeholders go who’s to blame for this and the answer for that is quite often we as a business are to blame for this.”

He continues: “All things start with good communication.”

When asked to offer advice, Chapman says it’s key to “have a mission statement of enabling and supporting your employees” and to “have safety nets underneath for when they do fall.”

It is worth noting that Egress offer a range of internal schemes to support diversity within the company. For example, their Culture Club uses awareness days to raise awareness through mindfulness activities. Equally, inclusivity is important. Egress often change bank holidays, celebrate/mark awareness dates, and celebrate various religious holidays.

Chapman says: “Diversity of thought is paramount. You see attackers coming from all backgrounds, all walks of life, targeting employees, especially in a social engineering firm, so it’s important to have that across your business.”

“If you have everyone thinking a certain way, you’re not going to evolve together. So I think diversity plays a key part in making us more secure in a lot of ways.”

A final word from Chapman, “it’s really a case of we advocate for technology and humans together as a business and our products.”

Do you know an organisation that’s doing incredible things for employee wellbeing? Email us at info@itsecurityguru.org.

The post Cyber Mindfulness Corner Company Spotlight: Egress appeared first on IT Security Guru.

It’s Time to Approach The Cybersecurity Skills Gap Differently

Charley Nash — Fri, 18 Aug 2023 14:09:51 +0000

The cybersecurity skills gap and talent shortage is a topic on the agenda of almost every board across the industry – and it’s becoming an ever more urgent discussion. In fact, according to the 2023 State of the CISO report by Salt Security, 91% of CISOs agree that finding and keeping qualified cybersecurity talent significantly impacts their ability to deliver on digital transformation initiatives. With an estimated global workforce gap of around 3.4 million people, it’s time to rethink our approach to tackling the ever-increasing cybersecurity skills gap. But where to start?

For Camellia Chan, CEO and Co-Founder of Flexxon (who was also one of our ‘Most Inspiring Women in Cyber in 2022‘), the narrative around cybersecurity hiring needs to be approached differently: “There is a popular misconception that entering the tech world requires years of formal, technical education – but we must shift the narrative. I did not have those credentials when I joined the industry, I studied business management at university. But if you have a passion and want to work hard, there are many ways for you to pick up the skills and be an excellent cybersecurity professional. That’s why it’s crucial that business invest in quality education and training for employees.”

Viewing talent as an investment is not uncommon, but an open mind to the idea of the ‘perfect candidate’ is crucial, especially when it comes to education, according to Haris Pylarinos, CEO and Co-Founder at Hack The Box: “We should move away from a traditional hiring model that focuses solely on university degrees and specific certifications.”

“This way, a broader range of candidates, including self-taught hackers and experienced professionals from various backgrounds, can apply. This approach matches what I feel is more important in the industry today – practical experience. Relying solely on a university degree will actually sabotage your hiring efforts.”

Edward Thorpe, Lead Talent Acquisition Partner at Garrison, expresses a similar view: “By considering talent outside of cyber, from fintech or gaming as examples, we can start to develop pipelines of more diverse talent eager to work in an industry that is equally prosperous, yet less competitive and potentially more rewarding.”

Ilona Simpson, CIO, EMEA, at Netskope, suggests that the problem is that many educators focus only on encouraging people to get into STEM: “It implies that you only need engineers. You also need customer support, you need corporate managers, you need UX designers… You need everyone. You need every skill in our industry.”

But where else can this talent be found? Steven Wood, Director of Sales Engineering at OpenText Cybersecurity, suggests: “Expanding talent catchment profiles, implementing supportive intern programs, revising recognition, and giving the cybersecurity team a seat at the boardroom table are all credible actions that businesses should take today.”

When it comes to existing recruitment practices, Jamal Elmellas, Chief Operating Officer at cybersecurity recruitment agency Focus-on-Security notes: “Hiring from within the same small talent pool is undoubtedly causing issues in the cybersecurity sector. It’s intensifying competition over top talent, particularly those with three to six years’ experience, and this is leading to more churn. A transient workforce does nobody any favours.”

Additionally, Elmellas outlines the significant risk to approaching the talent shortage with an ‘anything goes’ type attitude: ” If we throw open the gates, we risk diluting the industry by introducing a whole swathe of people with no technical skills. While that may fill the recruitment gap, it does nothing to address the problem the business has which is a lack of trained and competent cybersecurity professionals, resulting, once again, in less resilience.”

Chris Cooper, a member of ISACA Emerging Trends Working Group, shares a similar worry: “Employers should be asking if applicants are able to demonstrate transferable skills which could be applied to a career in cyber – we should be actively sharing our experience with each other so everyone can benefit.”

Evidently, in order to create a robust future, it’s important that we diversify our hiring views in many different ways. Crucially, a diversity of thought (whether that’s voices across industries, regions, genders etc.) is necessary for a strong future. Tech has always been forward thinking, but in many ways the industry lags behind its counterparts in terms of diversity. In fact, according to research by Eskenzi PR and Marketing, only one fifth of cybersecurity leadership roles are filled by women.

Caitlin Nowlin, Program Manager at Hyland, further explains: “No matter the task, it’s always important to have multiple perspectives. Our background and experiences can impact how we approach a problem or activity, and having a broad set of individuals working on something means all the kinks are ironed out. This approach requires diversity – of gender, race, ethnicity, background and even education is key to making something the best it can be. But there is a huge gap right now, especially in tech and computer science industries.”

Jamal Elmellas, Chief Operating Officer at cybersecurity recruitment agency Focus-on-Security, continues: “We can’t continue along the path we are on where the sector is made up of predominantly white middle-aged men but nor can we pretend this is an unskilled career path. We need to tread carefully. Implying that soft skills are enough to succeed in the sector is disingenuous.”

Evidently, there’s no one path to ‘solving’ the skills gap. Instead, an open mind in the hiring process, alongside retaining talent is key – to plug the skills gap and make organisations as safe as possible.

The post It’s Time to Approach The Cybersecurity Skills Gap Differently appeared first on IT Security Guru.

Cyber Mindfulness Corner Company Spotlight: Netskope

Charley Nash — Thu, 17 Aug 2023 09:07:22 +0000

At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Ilona Simpson, CIO, EMEA, at Netskope, spoke to the Gurus about the importance of work/life balance, blame culture, and good leadership in practice.

With over 20 years of experience, Simpson is no stranger to navigating all phases of a business, from small organisations to world renowned global corporations. In fact, in 2021, Simpson was recognised by Constellation Research as a member of the Business Transformation 150, an elite list that recognises the top global executives leading business transformation efforts in their organisations.

Simpson is evidently passionate about transforming the workplace and making it a more balanced and inclusive place for all. For Simpson, a holistic and, crucially, authentic approach to mental health is key – and one that incorporates valuing people and implementing a positive culture too. Simpson notes: “it’s not about checking boxes.” Interestingly, Simpson notes the engagement with awareness months as something that has given many people the courage to get the conversation started around mental health at work, despite the fact that many organisations often use these days merely as a chance to scream ‘we’re doing this!’

The importance of workplace wellbeing is integral to the core of Netskope and instilled from CEO Sanjay Beri and the board and downwards. Simpson recalls, fondly, the company’s annual kick off for the entire organisation where Beri stated: ‘our legacy is not just about how well we are protecting the world, but our impact on the computing community in a wider sense.’

In terms of proactive initiatives that Netskope offer, employees are given wellness days off work, the leadership vow to never write an email on the weekend, and a day off is given for your birthday. They also have mentorship programmes and a partnership with Lyra that offers every employee at Netskope access to eight free hours of therapy or coaching. As Simpson states so succinctly, “it starts with a small thing,” but Netskope’s commitment to mental health is no small feat.

When it comes to burnout, Simpson notes that it’s important to discuss, as leadership, ‘how do you, as an organisation, embrace failure?’ She notes that one of the biggest causes of burnout within the industry is the fear of being fired, alongside never knowing when an attack might hit. Simply, there’s a lack of control that comes with the job. Simpson notes: “It’s almost certain that something will be out of control and, in addition to that, there’s a fear that your head is the one that will be rolling – and that becomes a topic for the boards.”

Regarding blame culture, Simpson adds: “one of the biggest fears, as a human, is to be humiliated.” She notes that transparency and accountability is key to getting to eradicating it, “what gets measured, gets done.”

Simpson offers three pieces of advice for organisations on how they can foster a comprehensive wellbeing package for their employees:

“First there is institutionalising it, and you institutionalise it in a way that someone in your organisation runs it, for example it may be on someone’s annual target. Similarly, championship from one of the members of top leadership, whoever that is, who brings the topic onto the agenda of your board meetings is important. Drum the drum across the organisation.”

“Secondly, how do you get any change executed? Don’t think that anyone is the smartest kid on the block. Crowdsource ideas.”

“Thirdly, a budget.” As all organisations know, in times of economic uncertainty, anything that isn’t essential to the running of the business often gets the chop, but research has shown that better employee wellbeing boosts productivity etc., so it may just be a worthy investment.

Simpson’s parting message was “there are two elements to any transformation: enablement and empowerment. There’s a lot of emphasis on empowerment, and empowerment is talk the talk, but enablement is giving someone the budget and the time to set them on the path of least resistance and make it as easy as possible for them to champion.”

Do you know an organisation that’s doing incredible things for employee wellbeing? Email us at info@itsecurityguru.org.

The post Cyber Mindfulness Corner Company Spotlight: Netskope appeared first on IT Security Guru.

Cyber Mindfulness Corner Company Spotlight: Mimecast

Charley Nash — Fri, 11 Aug 2023 13:47:08 +0000

At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Johan Dreyer, Field CTO, EMEA, at Mimecast, tells the Gurus about burnout, leading by example, and the future of cybersecurity.

Johan Dreyer has been working across the IT Infrastructure, Messaging and Security industry for over two decades. In that time he’s become recognised as a trusted advisor to many organisations seeking guidance on the rapidly evolving landscape of IT security. Crucially, he’s noticed burnout increase among professionals. Dreyer notes: “It is widespread across the cybersecurity profession. Year on year, there are more attacks and more sophisticated approaches taken by cybercriminals. Our teams and our budgets are growing, but perhaps not keeping pace. And our teams are under a lot of pressure to continue to keep their organisations safe from attacks.”

“It’s a big challenge to try and deal with, across the board – and that’s whether you work in the vendor world, where organisations are charged with the objective to help keep customers safe, or if you’re part of an IT security team, who’s charged to keep their own organisations and employees safe from cyberattack.”

Crucially, Dreyer admits, it’s important for leaders to lead by example and take wellbeing, mental health, and burnout seriously.

Dreyer continues: “The culture of an organisation is often the result of the level of influence and role modelling that comes from leadership. So if you’ve got a board and executives who are invested in the wellbeing of themselves, as well as their staff and their organisation, that will become part of the culture and they will make time to invest in things like Employee Assistance programmes, in wellness seminars, in various other social activities, that help to break up and recognise the pressures that have been placed on staff and employees by operations and work.”

For Mimecast, their aim, generally, is to help protect people, protect data, and protect communications for companies. In terms of their product, they provide tools and technology that can be implemented to detect, prevent, and respond to cyberattacks through email generators and/or emails. Importantly, Mimecast invest time and money into their Employee Assistance programme, which helps anyone who is feeling overwhelmed or under pressure to speak to an independent third party for professional help.

When it comes to cyberattacks or cyber related incidents, there is a prevalent ‘blame culture’. Naturally, when something goes wrong, people look for the causes and, if not handled sensitively, a culture of blame can run rife throughout an organisation. As a result, when a mistake happens, an employee may feel less compelled to come forward and own up.

Dreyer adds: “Let’s consider the source of a blame culture. It comes from a sense of shame and a lack of openness. I think, first and foremost, it’s important to promote an environment where we’re encouraged to speak up, where we’re encouraged to support one another, and we’re encouraged to ask for help.”

The Mimecast State of Ransomware Readiness 2022 report revealed that 58% of professionals say that their role is getting more stressful each year and, additionally, that, in the next year, 42% of professionals are considering leaving their role in the next two years due to stress and burnout.

About the report’s findings and the general increase in ransomware attacks, Dreyer notes: “We’ve got to be concerned about the welfare of our teams. We’ve got to be putting systems in place that measure organisational resilience, especially in terms of how prepared our organisations are. We must ask: What are the scenarios that could happen? How do we run through these scenarios when they do happen? And could we present an argument that says we had prepared adequately? If we’re able to do all of that, it’s not going to take the pressure off, but it might ease some of the burden that our individuals and teams feel.”

But what about the future of cybersecurity if nothing changes?

“I don’t think there is a future of cybersecurity if nothing changes, because there isn’t a model where nothing can change. The adversaries will always come up with new ways, new tools and new approaches to get to achieving their end goal or their target. So long as the defences that we’ve got in place stay where they are or improve slightly, there’s going to be potential friction in achieving those targets and goals for adversaries.”

“There is no state where nothing changes, and therefore stays the same. What we can say for certainty is that adversaries will continue to evolve their techniques, tactics and procedures. Equally, for the cybersecurity world, as cybersecurity vendors, organisations, and as customers, we’re going to innovate at the same time to be able to respond to and detect and block these attacks and help keep organisations safe.”

In terms of advice for avoiding burnout, Dreyer emphasises: “The airline analogy comes out front and centre. Put the safety mask on yourself before you help others.”

Do you know an organisation that’s doing incredible things for employee wellbeing? Email us at info@itsecurityguru.org.

The post Cyber Mindfulness Corner Company Spotlight: Mimecast appeared first on IT Security Guru.

Cyber Mindfulness Corner Company Spotlight: Exabeam

Charley Nash — Tue, 11 Jul 2023 14:22:16 +0000

At the IT Security Guru we’re showcasing organisations that are doing great things for employee wellbeing! This week, Gianna Driver, Chief Human Resource Officer at Exabeam, tells the Gurus about how Exabeam are championing wellbeing support within the organisation. Driver has over 20 years of experience in executive human resources management across all sorts of organisations.

According to Driver, the next-gen SIEM and XDR company are “mindful that wellness is about considering the whole human and caring for their needs.” Putting this into practice, the company offer benchmark pay to offer competitive salaries, provide mental health benefits and unlimited time paid off. They also have tools that monitor the utilisation of their benefits, which, ultimately, helps shape the benefits they offer and how they promote them. For example, Driver notes, “if our employees aren’t maximising their use of retirement planning and benefits, we might offer financial literacy courses.”

Attempting to avoid burnout, Exabeam also try to practise gratitude towards their employees to thank them for their hard work. Driver adds: “We know that our employees at Exabeam work really hard to make our company successful, and so we want to say “Thank you” to them! We’ve implemented multiple Thank You Days – company-wide days off each year – which have been positively received. We’ve found that when everybody in the company takes the same day off, everyone can recharge and come back with less intimidating inboxes.”

Earlier this week research was released that found that over half of individuals have felt socially excluded in the past year, leading to poor mental health outcomes and feelings of anxiety, sadness and isolation. The report also suggested that those who are part of at least one team or society experience personal, professional and health benefits including feeling happier (30%), more confident (26%) and more likely to achieve their health and fitness goal. At Exabeam, the company have launched several groups for employees to join. Driver notes:

“In the spirit of social and emotional wellness, we launched several Employee Resource Groups (ERGs) for both in-office and remote employees. We have six ERGs: ExaGals; Somos, which is for our Latinx population; Waves, our Pan-Asian ERG; Pride, for the LGBTQIA+ community; a veterans ERG; and BAE, for our Black community.

But what have the productivity outcomes been for the business?

“When we initially started investing in and making time for these different initiatives, there were concerns that these projects would take time, energy, or focus away from business operations. Over time, we’ve realised that we’re not taking away slices of the “productivity pie”, but instead, we’re growing the pie.

“We have a learning division that we started earlier this year, and it’s part of the overall People and Culture team. That department works with leaders across the organisation and creates content to support leaders and help them become better. We believe better leaders create happier employees. We also do company-wide surveys to gauge individual feedback and ensure initiatives are tailored to specific teams.”

Do you know an organisation that’s doing incredible things for employee wellbeing? Email us at info@itsecurityguru.org.

The post Cyber Mindfulness Corner Company Spotlight: Exabeam appeared first on IT Security Guru.

Over Half of People Have Felt Socially Excluded In Past Year

Charley Nash — Mon, 10 Jul 2023 15:58:42 +0000

New research from health provider Bupa in partnership with ParalympicsGB found that 58% of Brits have felt excluded in the past year, resulting in poor mental health (30%) and isolation (41%). The research also found that feelings of exclusion has made Brits feel shut out in their daily life (28%), at work (27%) or within society (24%). These findings have been released alongside a #TeamHealth campaign to encourage wider access to teams and societies.

Bupa’s research shows that 30% of people have felt a negative impact on their general mental health due to their experience of social exclusion, with many left feeling isolated (41%), sad (41%) and anxious (33%). This research is especially pertinent for people in the cybersecurity industry, given that the stress and pressure of round the clock protection means that free time is often scarce.

The research was conducted by Censuswide among 2,002 UK nationally representative general consumers. Among this group, 417 reported that they consider themselves to have a disability.

Notably, people living with a disability (72%) are more likely to experience exclusion. This group is also almost twice as likely to report poor mental health than the wider population, as well as high levels of loneliness (43%). Women (61%) are also significantly more likely to report feelings of isolation.

Currently 44 per cent of people in the UK aren’t involved in social, professional, community or interests-based support networks, while for one in five (21%), the number of teams they belong to has decreased over the past three years.

For cybersecurity professionals, cultivating a sense of community among professionals may be the first step to improving mental health. Statistics show that two-thirds of cybersecurity professionals feel stressed at work.

Paralympic Gold medallist Richard Whitehead MBE says: “I know from personal experience that feeling excluded is very harmful, both in terms of mental health and preventing people from reaching their potential. And although we’re making progress, it’s not always as easy for disabled people at school, work or in the community, which is why equal opportunities for everyone and feel a sense of belonging is so important.

Those who are part of at least one team or society experience personal, professional and health benefits including feeling happier (30%), more confident (26%) and more likely to achieve their health and fitness goal5. The sense of belonging leads to people feeling more included in society (36%), sociable (35%) and valued (34%).

Whitehead continued: “Being part of a team has been really important for me in reaching my sporting and professional goals. Everyone needs a strong team in their corner, whether in their professional or personal lives, and deserves to feel included”.

Dr Naomi Humber, head of mental wellbeing at Bupa, says: “Being part of a community or team with common interests or goals has a remarkable positive impact on both physical and mental health. Group participation and inclusion promotes a sense of belonging and social connection, creating a supportive environment that encourages healthy behaviours and motivates individuals to achieve their personal, professional and health goals.”

For further information about making the workplace more inclusive for everyone, Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting at Stott and May Consulting, provides tips in her latest piece for The Cyber Mindfulness Corner.

The post Over Half of People Have Felt Socially Excluded In Past Year appeared first on IT Security Guru.

Developers Kept Away From Coding, Estimated £10.4bn a Year Wasted

Charley Nash — Thu, 08 Jun 2023 16:14:48 +0000

Research by software delivery platform Harness suggests that UK businesses are inadvertently wasting over £10.4bn per year as a result of lack of software productivity, mainly due to developers having to manually carry out routine operations that could be automated or aided by AI.

These administration tasks include unnecessary scripting, toolchain maintenance, and responding to security issues occurring across the Software Development Life Cycle (SDLC).

This follows research released earlier this year by Software that suggested that developers are spending less than an hour per day (52 minutes per day) on coding, as a result of being bogged down in manual tasks. This has resulted in an rise in poor mental health of employees, as well as downturn in digital transformation progress.

Nick Durkin, Field CTO at Harness, adds: “We are facing a developer experience crisis. Repetitive tasks such as the maintenance of unnecessary scripts, repetitive manual testing and waiting times for builds to complete, are keeping organisations’ best developers from the critical work of coding.

“This toil is driving huge inefficiencies across the Software Development Life Cycle (SDLC), minimising the impact of developer talent and stalling critical digital transformation projects. It could even lead to burnout, or push an organisation’s most skilled resources to seek more engaging roles with another employer.

“Organisations must act now to improve the developer experience, empowering them to do what they do best; turn ideas from concept to reality.”

The post Developers Kept Away From Coding, Estimated £10.4bn a Year Wasted appeared first on IT Security Guru.