RSA 2019: Burnout is coming to your cybersecurity team soon

SAN FRANCISCO —Burnout. For healthcare pros, the term conjures frustrated clinicians, nurses and doctors foremost, followed perhaps by administrators, IT and others. Now add security professionals to that mix.

“This talent pool has a lot resting on their shoulders. Society is increasingly relying on us for public safety,” said Josh Corman, Chief Security Officer of PTC. “We’ve got burnout.”

Corman spoke here at RSA 2019 during a keynote with

Christina Maslach, a professor of psychology at University of California Berkeley and creator of the Maslach Burnout Inventory.

Maslach’s inventory lists three critical components of burnout: exhaustion, cynicism and a perceived lack of self-efficacy.

  • Exhaustion. Maslach described it as the “classic stress response,” coming not from the big problems employees encounter but, instead, from smaller day-to-day issues such as too much demand with too few resources.
  • Cynicism. This one is particularly thorny for infosec professionals since they are by many accounts paid to be cynical and find problems, Corman said. The consequences are that employees tend to “get negative about the job they’re doing, the people they’re working with and the work,” Maslach explained. “This results in people doing the bare minimum, a ‘take this job and shove it’ mentality that can lead to poor performance and absences.
  • Perceived lack of self-efficacy. This is the Sisyphean feeling that you’re not good at the job, not feeling competent, asking yourself what you are doing there and Maslach said that begins to erode at a person’s perception of their value and the sense of doing what they thought would be doing in a particular job.

Maslach’s inventory is a research measure, not a diagnostic tool, created to look at what is causing burnout and the downstream consequences, which are more than just a bad day at the office and, in fact, can include depression, suicidal ideation if not suicide itself.

For executives looking to avoid or address burnout among cybersecurity teams there are 6 key areas to consider. Those are workload, autonomy or choice about how one gets the job done, reward and recognition beyond salary and raises, workplace community, fairness of policies and practices, and values including what makes employees excited and proud to come to work.

Corman and Maslach agreed that looking at a burned out individual and saying “toughen up” or “you’re not cut out for this job” is a mistake.

“Burnout, what we’ve discovered, is the response to chronic stressors in the workplace,” Maslach said. “Overwhelmingly, research shows it’s the job, the environment, not the person.”

That said, there are things that can improve the working environment. Maslach said a hospital worked on civility, social communication and the working relationships of a group of employees for one hour every week, amid busy schedules, for six months.

“Burnout dropped, absenteeism dropped,” Maslach said.  

Corman added to those recommendations working backwards to address the measures that cause burnout by being more diverse and inclusive to reduce exhaustion, fostering communication to eliminate fear of talking about burnout, and strive to make better managerial decisions to treat people better across the ecosystem.

“Trying something different achieves something different,” Corman said. “We can focus on our better angels. We get the house we build and the culture we create.”  

Twitter: @SullyHIT
Email the writer: [email protected]

Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article