Putting people first in cyber security

The cyber security stereotype is well-established: a worker hunched over a computer screen, tirelessly thwarting attacks that could damage their employer. The imagery often involves a hoody and a hidden face.

It’s sometimes easy to forget that these code-busters are actually just people.

Since Covid-19, cyber crime has escalated and several studies by research from the likes of Forrester, Mimecast and Security Intelligence suggest that people who work in cyber security are beginning to hit exhaustion.

Almost two in three (65%) workers have considered exiting because of stress, and three in four (73%) have already left their post due to burnout.

Speaking at this year’s InfoSec Europe event at London’s ExCel, Barclays’ global cyber operations managing director Becky Pinkard drilled into her audience that organisations must meet employee needs and, ironically, make them feel safe in an industry that is typically not so.

Speaking at a keynote which hailed her induction into the Infosec Europe Hall of Fame, Pinkard quickly put paid that those big and seemingly never-ending managerial questions such as ‘What’s the project? When’s the deadline? Why isn’t it done?’

“That isn’t what actually matters. That stuff gets done if you pay attention to the person,” she said.

What matters, Pinkard argued, is making sure employees feel respected and happy in a workplace environment, then instead of viewing tasks as a chore they enable workers to drive forward with passion and creativity.

This understanding grew from Pinkard’s own self-reflection of her 25-year long career journey in cyber security.

The battle to find myself

It hasn’t been an easy career-ride in terms of self-acceptance for Pinkard. She confesses that when she was notified of the award, she found herself scratching her head as to why she in particular had been chosen.

“I’ve not built anything, I don’t run my own security company, I didn’t do anything amazing, I mean why am I here?” she asked herself.

At the beginning of her career journey Pinkard admitted that she had long battled with self-doubt. Not just underestimating her ability in her profession, but at almost six feet tall and a lesbian, she felt as though she didn’t fit in.

“What happened over time was that I had this internalised homophobia and I didn’t even know what that was for the longest time, and what I realised is ‘I don’t like myself, I hate myself for who I am, I don’t fit in, I don’t feel like I deserve to fit in, therefore why should anyone trust me, or use me, or want to have me in their company, or respect me?’.

But after a while Pinkard found her home in security and what she felt had been taken away from her when she came out was recaptured in “this thing called my career”.

“I found my people”, she said, people that were excited to look at a packet capture for instance, that Pinkard jested were “weirdos” just as she claimed to be.

It helped too that she was hungry to hoover up any experience that would add to her knowledge of cyber security.

“I stuck my hand up and I did it, whether it was configuring firewalls, application security testing, penetration testing, doing some forensic stuff, that was cool.”

Food for (corporate) thought

Organisations need to focus on people and their needs, Pinkard argued, citing several key lessons she’d learned during her career. These include that it is okay not to know everything, it is okay to have a sense of humour, and people shouldn’t dismiss experiences that do not reflect their own.

An active D&I advocate herself, she co-founded the We Empower Diversity in Start-ups group in 2018. Pinkard said that diversifying cyber security talent will unlock the best talent and also talent with a range of experience.

“The worst thing you can do is to shut down experiences that are different to yours,” she exclaimed.

“Firms must step out of their comfort zones to engage with people who perhaps don’t even look like you. They didn’t come from where you came from, they might even intimidate you a little bit and maybe you’re scared you’ll say something dumb and they’ll think you’re a horrid person – no, they won’t!”

Candidates will be grateful that you took the opportunity to host a conversation with them and that you investigated what they brought to the table, she adds.

“And that’s what’s going to get the industry over the hurdles as they continue to arise,” said Pinkard.

Lastly, whenever you feel the urge to send a hasty and sharp email, maybe because your employee made a mistake – Pinkard once broke a firewall so badly that not even the manufacturers knew how to fix it – take a breath, and be kind.

“Take an extra moment and extend that kindness to people, it doesn’t take long.”

“There’s not always going to be a win win and that’s okay, but you need to be kind and figure out a way to progress.”