We’re focused on…
Being OK with making mistakes and not having all the answers.
Why?
Because we interviewed BHMEA Advisory Board member Jason Lau (CISO at crypto.com). We asked him what advice he’d give his younger self, and he said:
“I’d tell myself to embrace challenges and uncertainties as opportunities for growth and learning.”
It’s worth repeating
Embrace the challenges. Be OK with saying ‘I don’t know’. Because it’s impossible for anyone to know everything – even if you feel like you should.
“Early on, I felt pressured to have all the answers and avoid mistakes,” Lau added. “However, I’ve learned that overcoming difficulties provides invaluable lessons. The cybersecurity field shares many parallels to the game of chess, and even the best grandmasters are not unbeatable.”
“Each day is a new challenge and it’s important to learn and evolve regardless of the outcome.”
Cybersecurity is a high-pressure industry
The bottom line is that the stakes are high, which puts a lot of pressure on the shoulders of the people who are responsible for security.
And that pressure is reflected in a growing body of research, including:
One study by ThinkCyber Security Ltd which found that half of employees are afraid to report security mistakes – and the fear of reporting can lead to higher risks for organisations, with errors going unrectified.
Research that reveals cybersecurity professionals demonstrate poor decision quality when they’re working under stressful conditions – with pressure impairing their judgement.
Studies that show a growing number of cybersecurity professionals are experiencing severe burnout; manifesting as exhaustion, cynicism, and a fear of making mistakes. One particular survey found that 85% of cybersecurity professionals across six Asia-Pacific countries were suffering from burnout.
The fear of making mistakes holds cybersecurity professionals back from making sound, confident decisions
Stress, pressure, and burnout are all linked to the high stakes of cybersecurity. And they’re also key factors that are driving a fear of making mistakes – which is holding cybersecurity professionals back from having confidence in their own abilities, and making sound decisions.
This isn’t a good thing. Instead of reducing the number of mistakes made, the anxiety that builds can lead to negative outcomes:
Ultimately, this can have a damaging impact on an organisation’s overall security posture. We need to create space for cybersecurity professionals to try, to fail, and to communicate their ideas and experiences confidently.
Read our full interview with Jason Lau: Why cybersecurity professionals should study psychology
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!