Cyber burnout is a real thing.
What it is?
What exactly is cyber burnout or cyber fatigue? According to Stacy Thayer, speaking at blackhat 2022, “Occupational burnout is clinically defined as a psychological syndrome that occurs due to chronic emotional interpersonal stressors on the job.” In other words, overworked in a high-stress career.
What’s the cause of this cyber burnout? A kind of perfect storm of three factors. From We live Security, “ [it] is a combination due to the lack of experienced talented people, the accelerated digital transformation we have witnessed in the past two-plus years and the never-ending barrage of cyberattacks that cybersecurity teams are required to deal with.”
How big is the skills gap? According to Cybersecurity Ventures, the number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million. And “when there is such a huge shortage of talent in the cybersecurity industry, those who are on the frontline are potentially prone to suffering burnout.”
There’s another problem, according to an article on ZDNet. “Employers are already facing something of a dilemma when it comes to cybersecurity in 2022. Not only is the number of attempted cyberattacks escalating worldwide, but employers face the added pressure of a tightening hiring market and record levels of resignations that are also affecting the tech industry.”
“Some reports have suggested a third of tech workers plan on quitting in the next 12 months.” Many of those in the cyber industry. What’s more, “32% of IT managers and 25% of IT directors are considering quitting their jobs in the next six months.”
So, what can be done about all this?
What to do about it
This is a multi-part problem that requires a multi-prong solution. First on the list is to stop glorifying overwork, which is prevalent throughout the tech industry. Also on the list is to increase awareness about the problem and to lower hiring stands to attract more workers without credentials, but who have an interest and aptitude for cyber and let them learn on the job.
There’s one other, surprising thing on the list: shifting left. This is according to Carlos Rivera, the principal research advisor at Info-Tech Research Group.
According to Rivera, burnout can be reduced by “adopting a ‘left-shift mindset’ within the development environment, where burnout and stress can lead to errors slipping through the gaps and making their way into published code. Organizations will face the least risk when introducing security as early as possible in the development process and leveraging tools to automate and support this goal.”
And this is where threat modeling comes in.
How threat modeling can help
Threat modeling is the ultimate technique for shifting left in development. It models threats and recommends mitigations before deployment. It’s been understood for a while now that threat modeling has an oversized impact on cost reduction because of its ability to detect threats early in the development lifecycle. Apparently, it can also reduce burnout too.
In addition, modern threat modeling tools automate almost every facet the threat modeling. This affords the opportunity to reduce developer stress even further as it decreases their workload.
If you’d like to learn how to improve the security of your applications while also reducing your workers’ stress, we invite you to check out ThreatModeler. ThreatModeler is a modern threat modeling platform that automates almost every aspect of threat modeling “from code to cloud”.