Workforce Well-Being in the World of Cyber
Five Essential Elements For Cyber Workforce Wellness
In the previous article, I mentioned the real and pervasive epidemic our nation is experiencing with burnout in multiple industries, to include healthcare and cyber. We looked at the common reasons for the burnout and found that they were remarkably similar.
Some of the most common reasons found were: too many hours on the job, feeling like a cog in the wheel, high adversity making mistakes costly, and every task being considered mission critical. Cyber professionals feel that they can never have a day off, yet they can’t directly see or visualize the value of what they do.
In a typical organization and especially in government agencies, the resources, tools, technologies, and funding allocated to cyber professionals are minimal at best. They are often asked to do a lot with very little and expected to resolve an organization’s cyber issues as a standalone entity, even though they are often embedded deep in the IT realm of the organization. In many cases, CISOs are not given direct funding or even asked for the type of budget they may need to enhance the state of security for their organization.
Additionally, the IT operations staff are also perpetually in a state of burnout, as they must meet the expectations of their CIO for operations, but also try and meet the security requirements put forth by the cyber department. Eventually, the state of burnout is perpetuated across the organization, with no sign of light at the end of the tunnel (or should we say marathon).
See Related: 5 Most Stressful Aspects Of Cyber Security
Defining Workforce and Employee Wellness
We must value wellness of the whole human being in any organization, profession, or industry. Too often, organizations and their leaders expect a person to function 100% on the job regardless of anything else that may be going on with the person, either at home or in other areas of their life. We must understand that our emotional, mental, and physical state are all connected, which necessitates implementing health and wellness programs and resources open and accessible to all employees.
Often, the word wellness is regarded as a term for those that are unwell, as if to seek wellness is to be frowned upon. That is far from the truth. Let us take a look at what wellness is and how we can look at it from a holistic and humanistic viewpoint.
Five Essential Elements of Workforce Well-being
Let’s think of the five essential elements of an employee’s workforce well-being as looking like the wheel of a cycle (pictured here). The wheel has different components to it, such as: Physical, Community, Financial, Social, and Career. Of course, there can be other components when it comes to personal and overall life wellness as well, but let’s keep it simple and stick with these five for now.
Figure 1: Life Bike – Workforce Wellbeing components (Courtesy: NIH Employee Wellness Council)
Using this definition as our model, let’s dig deeper into each aspect and see how they relate to a CISO and other cyber professionals.
Start with the Financial aspect from the role and perspective of the cyber professionals. One must consider the budget for their own security team/department (which often is not directly funded), the security budget needed for the organization as a whole to maintain an acceptable security posture, and even the overall IT budget (since that has a significant effect on security if the IT operations staff are not provided an adequate budget). Then, there are also personal financial aspects to any employee that factor into their wellness that we must acknowledge.
Now, let’s look at the Community aspect. To be an effective leader as a CISO, one must foster an environment of cyber security across an organization and ensure cyber is embedded into everyone’s roles and responsibilities. To do this, cyber professionals must move away from being the compliance-driven “No” team to a more community-oriented approach. CISOs must join forces and work hand-in-hand with the leaders of the organization to drive the value of cyber security and the risk of not having adequate security measures. They must speak the language of the stakeholders to get the message across and really engage and involve the whole community. We must stop working in silos and include all staff, supervisors, and leaders. There is also a personal community aspect to every person. As humans, we function at our best when we’re part of a larger community where we can feel supported and included. If that community aspect is missing or in flux, that can cause your Life Bike to collapse.
All of the aspects of the Life Bike work together and must be functioning at acceptable levels for an employee to feel fulfilled, joyful, and well overall in the workplace. Let’s see what happens when one or more aspects of the Life Bike collapse, as in the figure below.
Figure 2: Life Bike with one or more components affected (Courtesy: NIH Employee Wellness Council)
Since all pieces of the puzzle fit together and all are connected within one person, the Life Bike cannot perform at its best without all the parts of the wheel functioning at least at a minimal acceptable level. Organizations and their leaders must understand this basic holistic concept of employee wellness as an essential requirement that drives the mission and the people.
The Call to Empower Our People
From a cyber viewpoint, there is a reason why the motto of “People, Process, Technology” puts people first. When we empower our people, they will become our strongest and most precious assets, instead of how most cyber practices look at them now —as our weakest links.