Top 3 things that cybersecurity leaders can do to support team mental health

Top 3 things that cybersecurity leaders can do to support team mental health

Robert Wood

Last week's article focused on how individuals working in cybersecurity can better care for their mental health.

The silent adversary in cybersecurity.

This week, we will build on this and talk about things leaders can do to create and cultivate a team culture that supports mental health. This applies to you if you're a CISO, a director, a manager, or team lead.

Let's go.

Watch how your actions set the tone

As a leader, your team watches the sort of things you do.

Are you responding to email at 1:00 am?

Are you responding to every single Slack channel message that happens?

Is your schedule booked wall-to-wall with meetings?

Do you take time off and truly disconnect?

Depending on your answers to these questions, you may be sending your team an unhealthy message if your team members feel they need to be working all hours of the night or that they can never take time off. If so, they are way more likely to burn out. A study by Sabine Sonnentag, Professor of Work and Organizational Psychology at the University of Mannheim, discussed that healthy detachment from work can help improve your overall performance.

So, take heed of your behavior and the message it will send to your team.

Be aware of how you make risk decisions

As a cybersecurity leader, how are you talking about risk when it presents itself? Be very aware of leveraging FUD (fear, uncertainty, and doubt) when discussing risk. If you jump at every single risk and treat it as though the world is ending, people will follow in your footsteps.

A constant focus on the risk of the sky falling creates chronic stress for people.

It also changes the way your team talks about risk with other teams.

It's very common for security teams to be in a position to negotiate risk with business or system owners across our organizations. How much risk is okay to take on relative to your goals? Is it better to remediate or transfer the risk? What mitigation strategy is best relative to the cost?

These are much more compelling and engaging questions and conversations to have. When leaders set the tone for their team, acknowledging that not all risk is a show-stopper, it creates a much more business-aware team while, at the same time, not pushing the team into a state of constant heightened stress.

This also extends into how you decide priorities, what to work on, and what to put in the backlog. Not everything can be critical and an emergency.

Check-in with your team about more than work

As a leader, you can engage in truly meaningful conversations with your team. Use meeting times, whether a 1-1 or a team retrospective, to talk about more than work and project status.

Be intentional about asking how people are doing. Be intentional about ensuring the team culture isn't creating unmaintainable pressure. Be intentional about identifying toxic culture dynamics and then do something about it.

You are a part of your team. So what affects them affects you.

When you're engaged with your team on a more personal level, it will help you make sure that you're able to have essential conversations around priorities and self-care. This will help your team members avoid burnout and stay engaged with the work you're all doing.

Concluding thoughts

Bringing this home now, the leader sets the tone for the team. Toxic teams and cultures will likely have a toxic leader at the forefront. In turn, toxic teams and cultures are unlikely to have employees who bring their best selves to work. That leads to worse outcomes and higher turnover.

Speaking in security terms, that's all risk.

Some of the best things you can do as a cybersecurity leader is invest in the team and team culture where you work. The work happens through the people, and when applied thoughtfully, the three tips covered in this article will create a stronger, more resilient team that delivers the outcomes you're hoping for.