Security Experts:

The Importance of Wellness for Security Teams

With the talent shortage in security, employers need to use a variety of tools to recruit and retain top talent

In recent years, many companies have begun looking much more closely at employee wellness. Companies are concerned about employee physical, mental, and emotional health, stress levels, burnout, and a number of other factors. In addition, since the labor market is quite competitive in most industries, employers are seeking creative ways to recruit and retain top talent.

There are perhaps few fields where the talent shortage is felt more acutely than in the security field. In addition to helping security teams recruit and retain the talent they need, employee wellness brings other benefits. Here are five ways in which wellness is good for security:

1. Remote/hybrid work: Allowing employees to work remotely or hybridly (a mix of remote and office work) has a number of benefits. Employees save hours spent commuting and can use those hours to volunteer, be with their families, enjoy friends, finish up additional work tasks, and/or focus on wellness activities. While in-person social contact is extremely beneficial, particularly in an office environment, not requiring a daily presence in the office from everyone often results in employees being more productive and happier. This allows the security team to accomplish more and better protect the organization using the same amount of resources, without negatively affecting morale and/or wellness.

2. Temporary work location change: Sometimes we just need a change in scenery. Perhaps an employee wants to spend some time in a certain geographic area. Perhaps an employee is considering relocating but wants a trial run. Perhaps an employee has a personal issue in another area that needs attending to. Until recently, these all may have been reasons for employees to quit or to take a leave of absence, costing the employer a tremendous amount of time, money, frustration, and aggravation. By allowing employees to temporarily work from another location for a month or two, security organizations can allow employees to scratch an itch, satisfy a curiosity, or attend to personal business while still contributing productively to the organization. Security organizations can also save themselves the headache of trying to replace the talent and institutional knowledge that just walked out the door. 

3. Geographically diverse hiring: Most companies have a strong commitment to diversity these days. An angle of diversity that is often overlooked, however, is geographic diversity. Where people live influences their experiences, priorities, values, and even how they think to an extent. Remote work opens up new possibilities for security teams to hire from a geographically diverse range of locations. This brings different ways of thinking, different cultures, different backgrounds, and different approaches to problem solving into the security organization. All of that is good news for the security team and the overall security posture of the business.

4. Wellness days/weekends: A recent trend in the focus on wellness are wellness days and wellness weekends. The idea behind wellness days and wellness weekends is that the entire company shuts down on the same days. For example, Friday through Sunday (inclusive) or Friday through Monday (inclusive). Since everyone at the company is taking a breather at the same time, the volume of emails slows dramatically, and the temptation to squeeze in a bit of work rather than to focus on wellness is reduced. A successfully executed wellness weekend allows the security team to take a break, catch their breath, and focus on family, friends, nature, leisure, and other activities that relax them, reduce stress, and refresh. With the hectic pace of the modern work environment, wellness weekends often allow the security team to recharge and return to the office (whether physical or virtual) in a far more productive state than when the wellness weekend began.

5. Shortened work weeks: Professionals are measured in terms of productivity, not hours worked. This has been understood and accepted for some time. As proof of this, as a professional, consider the last time you were asked to punch in and punch out. Likely quite some time ago, if ever. Given this, it is perhaps to be expected that employers are beginning to consider shortened work weeks. With employees working longer hours, and with modern devices keeping employees connected to work nearly around the clock, it is becoming more and more difficult to disconnect and to establish boundaries between work life and personal life. This leads to employee burnout, which in turn leads to decreased productivity. For security teams, which are often among the hardest working of teams within a professional environment, shortened work weeks and the longer weekends they bring are an opportunity to recharge and prepare for the craziness that the week ahead is sure to contain.

With the talent shortage in security, employers need to use a variety of tools to recruit and retain top talent. Alongside other tools, a focus on employee wellness has become a favorite of employers. Having just enjoyed a four-day wellness weekend courtesy of my employer as I write this, I can certainly understand why.

Related: Harnessing Neurodiversity Within Cybersecurity Teams

view counter
Joshua Goldfarb (Twitter: @ananalytical) is currently a Fraud Solutions Architect - EMEA and APCJ at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.