Negotovosti uspeha kibernetske varnosti

V zadnjih nekaj letih je vprašanje duševnega zdravja v industriji kibernetske varnosti postalo vse pomembnejše. A Raziskava 2019 razkrilo, da je 1 od 6 CISO sprejet samozdravljenje to deal with the stress of their job. The strain passes through the CISO’s office and permeates the whole sector. A profile that’s rising hitreje od proračuna in vedno večja prefinjenost ter finančni učinek napadov se združijo in spremenijo tisto, kar je bil nekoč kotiček oddelka za IT, v lonec pod pritiskom.

john hammond, a cybersecurity researcher at Huntress, spoke on “Hard Truths and Unexpected Realities: Lamentations in Producing Cybersecurity Content” at Intigriti 1337UP v živo, spletno konferenco o nagradah za hrošče, marca 2022. Njegovi videoposnetki na YouTubu običajno pokrivajo tehnične teme, kot so analiza zlonamerne programske opreme, povratni inženiring in splošno programiranje, pa tudi manj tehnične vsebine, kot so kariere in intervjuji z uglednimi osebami na področju kibernetske varnosti.

Medtem ko ustvarjanje vsebine uporablja kot lečo za govorjenje o duševnem zdravju in pritiskih, s katerimi se sooča, vleče vzporednice med ustvarjanjem videoposnetkov za skupnost in izdelavo orodij za skupnost. Oba sta podobno ustvarjalna in odmevna udejstvovanja in prihajata z nekaj enakega negotovosti in pritiskov.

“Something goes wrong, and I’ll often feel like, ‘Look, I don’t know what I’m doing.’ All these cool crazy elite ninja warriors, cyber shenanigans, the wizards that are cutting through Ghidra and Ida and this low-level stuff — like, man, that is so out of my league,” Hammond said. “I come to the conclusion I’m a fraud.”

Part of that feeling stems from the sheer scale of the field, where no single person can know everything there is to know. “One learning lesson that I hope comes from that,” he said, “is that no one knows what they’re doing. No one is an expert in cybersecurity. Because there can’t be.”

To counter the inner voice saying you’re a fraud, Hammond recommends concentrating on your own process rather than focusing on other people’s successes.

“You can’t compare yourself to what people … show on Twitter, because for one thing, those are celebrating their highs, their successes, the incredible moments in life. And that’s awesome, but you don’t see the hard work, you don’t see the grit, you don’t see the determination, the long nights, the lack of sleep — everything they’re doing to put that work out,” Hammond notes.

The value of bringing your voice and your opinions to the community lies in increasing the range of perspectives and experiences in the town square. “They have their strengths, they have their weaknesses; I have my strengths, I have my weaknesses,” he said. “We have this discussion, we have this conversation, we have this sharing of knowledge and insight and input and opinions — whether they are wrong or they’re right, we’re doing it. And that’s a good thing.”

He closes with an excellent block of advice on how to proceed with growing your profile in the cybersecurity world without burning yourself out. “Do the stuff that you love,” he said. “Stop comparing yourself to other people. Compare yourself against yourself. And offer your input and insight, because that has to be how we grow and continue and better the industry and everything that we do.”