‘As a security leader you're not Superman’: On building a resilient cyber team

Cyber leaders on burnout, pressure and managing an effective team

Cybersecurity can be a rewarding job, but it’s not an easy one and sometimes expectations are at odds with reality.

An effective cyber team brings together many different skills, with each person recognised for the value they add and work distributed fairly.

But this is easier said than done when managing remote or hybrid teams, where turnover is high and there is constant pressure to do more with less.

A panel of three senior IT professionals discussed how to get the best out of a cyber team, ensuring its members’ welfare and recognising the signs of burnout, during a panel session at Computing’s Security Leaders Summit last week.

Leadership style

The panellists described effective leadership as taking control while remaining calm, knowing when to lead from the front and when to delegate, and being open about personal limits.

When things get tough, as they frequently do, the first step is to reassure the team, said Henry Amadiegwu, CIO at Zenith Bank UK. “And don't just jump into making some hasty decisions and conclusions," he added. Create some breathing space to allow the necessary focus on investigation and containment.

"Control is really important: you have a talented team, and that's why you're there - to direct and govern each individual so they understand their role," offered Vikram Singh, a senior security architect at Thames Water, who likened the job to managing a team of sports stars.

At the same time, the panellists agreed, leaders should not be ashamed of showing their own vulnerability, especially during high-stress incidents.

"As a security leader, you're not Superman. You have to be vulnerable and show that there are times when it's overwhelming." Amadiegwu said.

Building the right cyber team

It’s crucial that the team is able to cope with multiple, overlapping crises over extended periods, and that means working closely together and supporting each other, said Bronwyn Boyle, CISO at fintech PPRO.

“Attacks are hitting on multiple channels, they've come very pervasive and a lot more difficult to detect and respond to,” she explained.

For Singh, this also means building a team with a diversity of experience: "You don't want a team of individuals that think and act like you: what you need is people who bring something different to the table and are open to challenging you."

Training, supporting and continuously developing skills is important for team cohesion as well as remaining effective, said Amadiegwu.

"Empowering and skilling your team is very key to building trust. I've seen teams that haven't been trained for four or five years, and they get left behind."

He highlighted the need for leaders to understand different generations and their approaches to work and mental well-being.

“You’ve got Gen Z who have a different way of thinking to those who've been working 40 years in security,” he said.

Leaders can learn from the younger generations and their better understanding about the importance of mental health.

Managing stress and burnout

A good cyber leader should always be aware of the personal needs of team members, but hybrid and remote work can make burnout harder to detect. Therefore, leaders must proactively get to know their staff as individuals.

Boyle, who is involved with Cybermindz a non-profit that offers psychological training for cyber teams, mentioned repeatedly the importance of creating a psychologically safe space where team members can feel OK about saying they’re not OK.

She spoke about the experience of people at the sharp end of last year’s big attacks on retailers and other firms, adding that lessons learned are starting to lead to a better understanding in the boardroom.

“Ongoing, sustained pressure caused a massive challenge in terms of attrition, with people being not well enough to work, and some folks with really difficult psychological challenges to manage.”

She emphasised the importance of identifying burnout before it becomes a serious issue, via regular surveys, meetings to discuss what’s working and what isn’t, and monitoring indicators such as increased sick leave.

“Make it very open and psychologically safe to talk about the things that might be kind of bubbling under before they become an issue.”

Singh concurred.

"If you don't know your team, you're not going to see when they're burned out: you need to know them on a personal level," he said.

"Don't just contact them when you need something. When you notice a change in tone or behaviour, you'll know something's not right."

When disaster strikes

In major incidents, the panel emphasised honesty, containment and support, not just the technical response.

"Be very honest and transparent at every point - it helps your remediation and helps your team understand what they need to do," advised Amadiegwu.

"Lead from the front - make sure people take breaks, get fed, and are supported," Boyle said.

"Keep a very open dialogue with your internal teams, and get the air cover you need from comms and legal."