Navigating Mental Health, Narcissism & Burnout in Cybersecurity

By James Rees, MD, Razorthorn Security

The cybersecurity industry is known for its cutting edge technology and constant evolution, but beneath the surface of firewalls and threat detection lies a aspect that’s discussed less regularly: the mental health and wellbeing of its professionals. As cyber threats grow more sophisticated, so too does the pressure on those tasked with defending against them.

I was recently joined by Lisa Ventura (MBE) on the Razorwire podcast where we discussed this topic. Lisa is a prominent figure in UK cybersecurity and founder of Cyber Security Unity and has been at the forefront of addressing these often-overlooked challenges. With years of experience in the field, Lisa has observed and experienced first hand the toll that high stress environments, workplace dynamics and industry pressures can take on individuals. This blog covers the topics we discussed on the podcast.

We’re covering key issues affecting professionals at all levels including imposter syndrome, narcissistic behaviour in the workplace and burnout in cybersecurity. These problems contribute to a growing skills gap and high turnover rates, making it crucial for organisations to address mental health and workplace culture alongside technical skills.

This blog post will explore these challenges in depth, drawing on insights from Lisa and other industry experts. We’ll discuss strategies for individuals and leaders to create healthier work environments and highlight the importance of prioritising mental wellbeing in the cybersecurity field.

Navigating Narcissistic Behaviour in Cybersecurity

Unfortunately, the cybersecurity industry is not immune to narcissistic individuals who can create toxic work environments. These people often excel at manipulation and self promotion, sometimes rising to leadership positions despite their negative impact on team morale and productivity. Their presence can be particularly damaging in a field that relies heavily on collaboration and trust.

Narcissistic behaviour in the workplace can manifest in various ways. These individuals may take credit for other people’s work, dismiss concerns about security vulnerabilities that they didn’t identify or undermine colleagues’ efforts to implement robust security measures. In team settings, they might dominate discussions, belittle contributions from other team members or react defensively to any perceived criticism of their ideas or methods.

Recognising the signs of narcissistic behaviour is the first step in addressing this issue. For those working with such individuals, it’s important to maintain strong boundaries and document interactions. Keep detailed records of project contributions, decisions made and any problematic behaviours observed. This documentation can be crucial if the situation escalates and requires intervention from HR or management.

It’s also vital to build a support network within the organisation. Cultivate relationships with colleagues who share your values and work ethic. This network can provide emotional support and may also serve as witnesses to inappropriate behaviour if needed.

Despite best efforts, working with a narcissistic individual can be emotionally draining and professionally stunting. If the situation becomes untenable, seeking new opportunities may be the best course of action for one’s mental health and career growth. Remember, a toxic work environment can significantly impact your wellbeing and job performance, potentially hindering your long term career prospects in cybersecurity.

Ultimately, addressing narcissistic behaviour in the cybersecurity industry requires a collective effort. By raising awareness, supporting affected colleagues and prioritising healthy workplace cultures, we can work towards creating more positive and productive environments in this critical field.

A Growing Concern: Burnout in Cybersecurity

The high stakes nature of cybersecurity work, combined with the constant threat of attacks, can lead to severe burnout among professionals. Many feel they can never truly disconnect from their work, leading to chronic stress and exhaustion. This ‘always on’ mentality can have far reaching effects on both personal wellbeing and professional efficacy.

Symptoms of burnout in cybersecurity can include physical exhaustion, emotional detachment, decreased productivity and cynicism about one’s ability to make a difference. In severe cases, burnout can lead to depression and anxiety that extend beyond the workplace.

To combat burnout, organisations need to prioritise work-life balance and provide adequate support to their cybersecurity teams. This includes ensuring proper staffing levels, offering mental health resources and creating a culture that values rest as much as vigilance.

Proper staffing is crucial in mitigating burnout. Many cybersecurity teams are understaffed, leading to unreasonable workloads. Organisations should regularly assess their staffing needs and invest in building robust teams.

Offering mental health resources is essential. This could include access to counselling services, mindfulness programmes or stress management workshops tailored to cybersecurity challenges. Normalising the use of these resources can help reduce stigma.

Creating a culture that values rest is perhaps the most crucial aspect. Leaders must model healthy work-life balance behaviours and actively encourage their teams to disconnect and recharge. This could involve implementing policies such as mandatory time off after high stress incidents and rotating on call duties.

Addressing burnout in cybersecurity requires a holistic approach that recognises the link between individual wellbeing and organisational security. By prioritising the mental health of cybersecurity professionals organisations not only support their employees but also enhance their overall security posture.

Addressing the Cybersecurity Skills Gap

The cybersecurity industry faces a significant skills shortage, exacerbated by mental health issues and toxic workplace cultures. As experienced professionals leave the industry due to burnout or unsatisfactory work environments, the shortage of qualified personnel worsens, placing additional strain on remaining staff.

To address this multi-layered problem, the industry must adopt a holistic approach to talent management, encompassing several key elements:

Creating inclusive working environments that support diversity, including neurodiversity. Organisations should welcome individuals from various backgrounds, including those who are neurodivergent. This may involve adjusting recruitment practices, offering flexible working arrangements and providing necessary accommodations.

Providing clear career paths and professional development opportunities which allow for both vertical and lateral movement. Invest in continuous professional development through training, certifications and conference attendance to demonstrate commitment to employee growth.

Implementing mental health support programmes including stress management workshops, resilience training and regular check-ins with mental health professionals. Implement policies that actively promote work-life balance.

Encouraging open dialogue about challenges and ideas. Implement regular team-building activities, mentorship programmes and feedback mechanisms to create a supportive work environment.

    Additionally, the industry should focus on attracting new talent through partnerships with educational institutions, offering internships and engaging in community outreach. Implementing ‘re-entry’ programmes for professionals returning after career breaks can also help address the skills gap.

    Addressing the gender imbalance in cybersecurity is crucial. Targeted recruitment efforts, mentorship programmes and initiatives to combat gender bias can help attract and retain more women in the field.

    Lastly, organisations should consider internal talent development, identifying employees in adjacent fields with aptitude for cybersecurity and providing necessary training.

    By creating supportive, inclusive work environments, offering clear career progression, prioritising mental health and fostering positive workplace cultures, the sector can retain existing talent and attract a diverse new generation of cybersecurity professionals. This holistic approach is essential for building a resilient workforce capable of meeting evolving digital challenges.

    The Role of Leadership in Cybersecurity Organisations

    Leaders in cybersecurity organisations play a crucial role in addressing industry challenges. Their influence extends beyond technical strategy to shaping the culture, values and overall health of their teams and organisations.

    Leaders must vigilantly identify and address toxic behaviours within their teams, setting clear boundaries and expectations for professional conduct. They should promote a healthy work-life balance by implementing policies that encourage regular breaks, respect for personal time and the importance of disconnecting from work.

    Creating an environment where team members feel valued and supported is essential. Leaders should regularly acknowledge contributions and ensure opportunities for growth and development tailored to individual aspirations and strengths.

    Destigmatising conversations about mental health is another key responsibility. Leaders can start by being open about their own challenges, demonstrating that vulnerability is a strength. Encouraging open dialogue about workplace issues through regular meetings, one-on-one check-ins and feedback mechanisms is crucial.

    By modelling healthy behaviours, leaders set the tone for their entire organisation. This includes maintaining their own work-life balance and seeking support when needed. Creating diverse and inclusive teams is also vital, promoting an environment where different perspectives are valued and respected.

    In the rapidly evolving landscape of cybersecurity, leaders must prioritise continuous learning and adaptation, both in technology and management practices. They should encourage a culture of curiosity and lifelong learning within their teams.

    Lastly, cybersecurity leaders must advocate for their teams at the highest organisational levels, securing adequate resources and ensuring cybersecurity is given appropriate priority in overall business strategy.

    By embracing these responsibilities, leaders can create more resilient and effective cybersecurity organisations, addressing broader industry challenges and shaping a future that is not only technically proficient but also supportive, inclusive and sustainable.

    Conclusion

    The industry faces unique challenges that extend beyond technical threats. By addressing mental health concerns, toxic workplace behaviours and burnout in cybersecurity, organisations can create healthier, more productive environments. Leadership plays a crucial role in fostering inclusive cultures, promoting work-life balance and prioritising employee wellbeing.

    As we navigate the evolving landscape of cyber threats, it’s clear that a holistic approach to talent management is essential. By focusing on both the technical and human aspects of cybersecurity, the industry can build a more resilient, diverse and effective workforce. This approach not only benefits individual professionals but also strengthens the overall security posture of organisations and the industry as a whole.

    Ultimately, the future of cybersecurity depends on our ability to nurture and support the people behind the technology. By creating environments where professionals can thrive, we ensure that the industry is well equipped to face tomorrow’s challenges.

    Get in touch to discover how Razorthorn can help your organisation with cybersecurity consultancy, testing or compliance.

    TALK TO US ABOUT YOUR CYBERSECURITY REQUIREMENTS

    Please leave a few contact details and one of our team will get back to you.

    Follow Us