My Invisible Adversary: Burnout

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
thank you for coming I was so pleased to hear Joe and part of his keynote by saying boy don't we all feel really burnt out lately um the only thing he could have said that would have been cooler is and there's a talk on this in 10 minutes that you should all come to um my name is Matt I'm a chaos specialist at Google I lead the America's region of our security response team and that's the crisis management and digital forensics team that investigates security intrusions at Google my name is Yan uh I work on the emia team So based in Stockholm uh working with Matt on his team also solving crisis making sure that bad things becomes a little bit less bad uh that's what we do I also had a lot of our open source digital frenes tooling uh so on my spare time uh or on my Pro time I do a lot of coding as well um and I've been in this game for over 20 years up and downs uh and I'm really excited to be here and talk to you uh about this today um we're here to talk about operational security so we're going to talk about burnout as it applies specifically to operational teams incident response teams bug Bounty people who are triaging every day but a lot of the advice should be pretty applicable to the whole security industry um this is a word cloud that I got when I asked everyone I know on social hey if you're operational insecurity give me three words that describe your life on a day-to-day basis at work um and you can see some of the things that popped up stress repeat uh exhausted you know burnt uh on call came up frequently um a lot of the words that people use to describe their professional life they have double meanings right sometimes they're cool we get excited by our on call work excited by dealing with apts but they're also forces of Perpetual burnout um the exhaustion the stress the Collision of your work life into your home life um and we thought it would be really good to go through some of the things that we've done at Google over the last few years to address the burnout our own teams uh particular to this is that unique to operational teams unique to incident Response Security teams are a final security control so when you look at the holistic security posture of an org there's the firewalls there's the endpoint protection there's antivirus there's all kinds of these defenses that we build in and hopefully these days we're all building in the Swift Cheese model you expect a security control to fail and you expect a compensating security control behind it to succeed in a different way than the one that failed up to and including some places have either on purpose or inadvertently two endpoint control agents one that can block things that the other one misses um but when it gets down to the very end of the control stack when Network defenses have failed and somehow Beyond Corp has failed and browser sandboxing has failed and a zero day has taken a host over the operational responders are the last functional security defense before all of the defenses have failed and I think that puts puts us in a particularly difficult situation as the human beings that have to do that job we did a intense effort at Google at the outset of March 2020 something weird happened around then that caused everyone to be a little more stressed out than normal um and we spent a couple of years focusing on how do people in our field get burnt out and one of the things that we realized was there's really two different kinds of burnout that affect us from two ends the first kind of burnout is situational burnout and the best example that I can tell you about situational burnout comes from my time outside of Google as a search and rescue responder for a search and rescue team we have search dogs and the dogs are trained to do specific tasks and they're trained in the way that you would have to train a dog we put a person in a collapse structure a simulation we teach the dogs to sniff around and find signs of a living human being and when they find a living human being they get a reward they get a treat their favorite toy they get to play with the Handler for a little bit and we do that over and over until the dogs know with laser-like Focus that if you take them to a collapsed building and they go find living people they will get a treat and they do really really well at that but we ran into a problem at the World Trade Center collapse site because that was a collapse building so large that it took weeks to search for any potential Survivor we could search for and after a day or two of the search Dog Handlers running across the pile trying to find people we noticed the dogs were getting depressed and the reason reason the dogs were getting depressed is they were searching and searching and searching and they were not finding any living people anymore and they had lost their Zeal for the search and they were distractable and they were tired and so on the ground The Rescuers decided we have to fix the situation what can we do and so they took a break and they had some volunteers go hide in the rebble so that the search dog could find a living person get the reward feel some success and then the dogs started perking up again I'm sure some of you have been in this situation before at work right where you've been banging your head against the wall for days and getting no progress and you finally feel the win um the dogs needed it too that situational burnout is shortterm and focused on a particular situation you're in the dogs didn't want to stop being search dogs after they got back from 911 they were just burned out in the moment Johan has a different perspective he's going to tell you about chronic burnout yeah so chronic burnout is more the feeling this job is burning me out right I'm tired of this job I do not want to do this job anymore um and then it's gone pretty far right and the way you get there is that compounding all of the situational burnout signs and symptoms and we're going to get to them later on in this presentation um but they compound into something more big and something more difficult to control and difficult to fix as well um I live close to uh some of my surroundings in my personal life is healthcare workers and they have similar uh issues and similar problems um they're very passionate about their job right um they want to help their patients uh they want to treat everyone with the same care the same level of excellence in their care and they want to make things better for people right um but when they get a feeling of I I'm not controlling my world um maybe I get priorities set Down on Me Maybe we get less resources but get more patients to treat um then that becomes really a Snowball Effect down to kind of chronic burnout scenarios and know infos is similar right we're very passionate what about what we do um the stakes are pretty high we want to make our users safe we want to make our companies safe our organizations safe make everything better right um so the stakes are high but that combined with losing control um over your world losing control over your situation um maybe someone else is dictating what you're supposed to do um that together becomes uh becomes a chronic burnout kind of path to to that part yeah in terms of uh chronic infos burnout real quick audience poll raise your hand if you've ever been in a team chat discussion or a social media post where somebody says I want to stop being insecurity and go be a farmer all right so I grew up in a farm community and I'm going to tell you farming sucks it is hard the animals are jerks and they stink right but it says a lot about our chronic state of burnout that we're like hm should I be kneee in animal poop all day or would I rather do one more security accreditation exercise I'll take the animal poop so some of the things we've observed at Google that lead to burnout that we'll cover now I do want to do an important caveat uh although I have been the subject of discussion probably by many psychotherapists I am not one um neither is Johan we're talking about the things that we've observed as practitioners this isn't a clinical thing uh and there may be things we've missed but I want to start with lack of control so lack of control and I I I mentioned this just right but lack of control is uh many different things uh but there's some signs here and uh uh also what leads to burnout can be you're not control of your incoming work as an instrument responder you're not by definition right we get all of the escalations and everything down the line that is we're supposed to take care of right but when you're not in control over the priorities of that uh or what you're supposed to prioritize over other stuff and you are not empowered to do that um that is a good way of of uh going down a bad path of that um the other one that is very close to me is not is when you're not empowered to fix your world on a technical basis as well so you know tools are broken and don't take me wrong in instant response and especially digal forensics everything is always kind of broken right maybe you need support for that file format maybe you have a parser that doesn't work uh the way it's supposed to um and that's fine right that's our world um but if you cannot fix that if you're not empowered to fix your tools uh and not empowered to fix your world and make it better next time um then it becomes a source of frustration and that source of frustration really is very close to source of a lot of stress for you um so be able to fix your stuff that's really important um also poor teamwork uh with partner teams if you're a large enough organization maybe you have a few product teams um different departments if you have not good relationships with lot of them um it be can become hard right and especially if you have like repeated incidents from a specific team um that maybe gatekeep access to the data that you need in order to do your job uh and if that is repeatedly happening uh that has also been seen we can see that as a sign of frustration and again frustration is a is a bad sign if you see that you should take a step back and and assess right um also I want to talk a little bit about being not in control over your day-to-day investigative work so as an instrument responder when I'm on operations uh we do have playbooks playbooks are really important response plans extremely important also checklists right I I like to be able to take the stuff out of my head down into checklist and make sure that I you know tick the boxes and I don't miss anything right super important it's helps us stay focused on the on the investigation it helps us stay consistent in our investigation super important uh but if they are too prescriptive um there's this chance that your team or you uh will just follow the playbooks step by step and when you're done you're done right when it come to security insurant response that's almost never the case right you need to be creative you need to be able to to look at the incident from above and see like what can I do what do I need to do in this special case right um but if there are two prescriptive um it will force you to um or it will get you to be non-creative uh and just take the boxes and that also leads you to feeling I I'm not valued uh maybe my judgment is not valued I'm just following the playbooks um and that is also a sign that is you need to you need to really look at and and take a step back so another big one that we've seen crop up from time to time is when a team has an unclear Mission um maybe this one seems like it would be pretty obvious by the way we did let algorithms generate all of our slide pictures um some of which turned out great others were which like that was the best we could do um so unclarity of mission right we generally know what we're here for we're here to protect the systems we're here to protect the users but we can lose sight of that in light of interrupts based work so interrupts based work for example I'm in incident response and I'm here to protect users but I also need to sign off on our incident response plans for you know your European regulation right or American Regulators or Indian Regulators we get a lot of interrupts work that isn't related to the core Mission and it can be easy to lose sight sometimes of what is it that I'm actually here for am I here to fill out accreditation paperwork or am I here to protect the users so I do a lot of reiterating to Google people across our team and even across the Google developer Community hey at the other end of every Android phone and every Chrome browser is a person and the things that they're trying to put in their browser or in their phone that means a lot to them so keeping it there keeping it secure keeping it safe means up to like life-threatening consequences if we fail to do it um and so we reiterate that very often to our team hey we're here to protect users that is the mission if you're doing things that are counter to the mission we should talk about how to do those but if you're doing too many things that are either that are unaligned with protecting users we need to try to make sure that we minimize those or find other teams to handle accreditation or you know talk to management about prioritization and make sure that people know what it is they're here to do um hand inand with unclear mission is opaque management raise your hand if you're stressed out by opaque management I think we many of us are right um this is different from an unclear Mission opaque management really really just means many of us who are practitioners who are on the front line of doing the work aren't in the room when decisions are made and we as security people tend to be the kind of people who really want to know why why am I doing this oh I have to start reporting if there's vulnerabilities in our kernel now why some cve was was placed on my desk and it's immediately I have to respond right away why who made the risk decision on that and I think when you get into the depths of management and you have to make decisions constantly all the time because managers are very interrup driven as well you forget to to include the why when you give the messaging to your team and I think one of the greatest things that we as managers forgot to mention I'm a team manager Johan's an individual contributor we're like peanut butter and jelly um the most effective thing you can do as a manager is be less opaque wherever you can if you're going to implement a new SLO why what caused us to have a risk-based worry that then caused managers to have a meeting that then caused us to decide we would resolve it by X you also get a lot of power as a manager if you do that because surprise we are not perfect and we make bad decisions sometimes and if you tell people the why behind a decision as a manager the smart ic's will tell you that was a bad way to handle this here's a better way and you can pivot on those decisions and that really does work out better for everyone burnout wise another one that we B especially in incident response teams is I call it Chaos on both ends but what this really means is every human being needs a stable Foundation to build on to build their emotional safety psychological safety and their skills and so if you are expected to work in a role where the role is ambiguous all the time incident after incident how do we resolve it I don't know let's figure it out how do we resolve it I don't know let's figure it out that ambiguity is a big source of stress and that's okay incident responders are here to deal with ambiguity and control it but we do that because we feel secure in our own position a and you can see if somebody starts having a difficult time at home as a manager their performance starts to get bad in terms of their on call work if they're worried about their team being reorganized again their work starts to suffer right and so the best thing that I can do as a manager is try to ensure that if I see operational people who are having a difficult time either with their job role or with home they need to take a personal leave to care for a family member my supporting on callers in taking personal leaves when they need it and shuffling around the on call rotation appropriately allows them to go home and and make sure that they maintain that stable Foundation of psychological safety they need so that when they come into work and the actual work is crazy and chaotic and ambiguous and uncertain they can focus on the uncertainty in front of them instead of the uncertainty they're going to walk into when they get home all right so unclear expectations um going back to your incoming work and be able to control that um it's about also about saying what are we supposed to do as a team and what are we not supposed to do as a team and again we are the team at the end of the line we the kitchen sink Whenever there is anything that people don't understand they don't want to touch or uh they don't know where to send it to right it comes to instant response we will have to deal with it right and that's fine but you also need to be able to say no to stuff that is out of the scope of what you're supposed to do a very classic example of this is vulnerability management or vulnerabilities versus compromises it's easier for an instant response team to take on the whole scope of vulnerabilities even if they're not leading to compromises or if there's no compromise there right um if you have a large enough organization a large enough company you will have even small ones will have dependencies on third party applications systems Services uh and that will inevitably introduce vulnerabilities right there will always be vulnerabilities that's fact of life and here at black hat there's a lot of talks about vulnerabilities how we can exploit them and so on and so forth right that's fun and it's a very interesting area right uh but if we start treating every vulnerability as an incident uh you're going to have a bad day in an incident response team because the scope is just so big right and you're going to end up as a investigator as a digital forensics you're going to go down the rabbit hole of I'm going to prove the negative and that's something that you really don't want to do uh you want to bring back facts uh and uh that's what you're supposed to do and not trying to prove a negative because that will lead to rabbit holes that you cannot get out of technically um and it will lead to Stress and Anxiety um and um longer term it will burn out your team so if you're able to have a vulnerability team that focuses on vulnerabilities and then escalate the high priority vulnerabilities or any compromises based on those or any exploited attempts for your organization uh then they escalate that to your team and you will have a better smaller scope with stuff that matters uh and also interesting uh work for your for your team um because otherwise everything becomes so much so every kind of becomes boring right it's the same thing all over again I'm going to chase the rabbit hole again and that becomes annoying and people are going to start losing interest uh I want to mention one more thing uh before the next slide here is something called don't be a hero or heroism and why that is not a good thing and why how we can turn that into something good right so um being a hero is about um you see a systemic problem but you're not fixing the systemic problem maybe you as a team member you as a person will take that on and make sure that you meet slas maybe you need to have that ticket que down to a certain level or the response times need to be down right and you're working long hours to make that happen right you're you're being a hero and you're doing that you're doing good job but the wrong the wrong job right you should supposed to be thinking about systemic problem instead so one way of getting out of that and I'm kind of shating here a little bit sorry about that so we're going to get to um remedies a little bit later but this one is is is the extra tip I guess um one way of getting out of this heroism uh thing is to let let things fail right um if the consequences are bearable um it's fine if this control fails it's fine if this um this thing that happened is the consequen of that we can we can deal with it right then it's sometimes better to let it fail and let the organization see that we have a systemic problem and then you get maybe and hopefully you will get the resources to actually fix the systemic problem instead of burning yourself up out or burning your team out trying to be heroes so that's one thing I wanted to add there Matt next slide you you reminded me under unclear expectations my absolute favorite question to get from a new lawyer we've never worked with before is can you prove the actor didn't have a zero day that leaves no logs no is that something that you thought you would get from me um and it reminds me of that because a lot of these things too especially with unclear expectations the best resolution there is good communication right just come back hey why is it that you think you need that why is there that you've regul wise where you think we have to prove negatives you know here is what we are capable of and can give you how do we work together with that um for operational teams another thing we run into often and is resource starvation which is there is way more work than there are people to do the work also probably affects some of us in the audience um this is another thing that I pull from my experience as a volunteer firefighter as well to kind of take a look at because in the fire service if you've ever been inside a firehouse there's good lounge chairs and there's a TV there's usually like either an Xbox or Playstation depends on what year it is um there's sometimes a pool table if you're at a nice fire department um if you're at an underfunded one there's a basketball hoop in the back that's missing the little net um but the thing that those all have in common is everybody understands in the fire service that when we are called out to a fire it is going to be hard physically exhausting stressful emotionally draining and we're going to come back and we're still going to have to clean our gear put away the hoses refill the air bottles once we're done with that though if there's an hour and a half left in our shift nobody from management is hovering over our head saying well there's you're getting paid for another hour and a half you need to be doing some work right we sit in the chair we talk about what we just saw we decompress we try to fit in the downtime so that we are sane again when the bell goes off again um people understand this I I've never had anybody ask why do firehouses have nice sofas um but that's not something that people understand so well in it uh you are always worried that you know if you get a rare moment of downtime and you play Starcraft I think is that still a thing I don't do gaming uh what's what's like a good game you might be playing anyone all right I'm going to go with Minecraft then um if you're playing Minecraft at your desk you're always worried somebody's going to walk by and be like well look at this lazy slacker um I think as management especially but as senior ic's too we all need to do a better job acknowledging and you know saying to management and saying to other stakeholders hey this is really stressful if you want me at 8:00 pm on a day when we've had a compromise and you need me focused on that you need to keep me not fully occupied all the time I need to have these breaks to decompress um as a manager of incident responders I try to keep my people about 80% booked which means like if I break people in because managers have to Bean count if I break people into a 40 Hour Week chunk I'm not trying to make sure they do 40 hours of work in that week I'm trying to make sure they do roughly 32 and the other eight is flexible time do something that fulfills you code on an open source project or if you need to not be in front of a computer anymore go do something else um this is something companies need to do to maintain long-term expertise in Security in their or especially long-term expertise and security as it applies to their org so signs and symptoms of burnout how can you tell your co-workers your employees and your other staff are in the middle of burnout um I'll turn it back over to Johan our chronic burnout expert yes so I want to there's a lot of signs and symptoms for this right but I want to zoom in on on a couple of them and one of them is what we called urgency fatigue uh so urgency fatigue and I I guess a lot of you kind of can relate to this right but uh if everything is high priority then nothing is high priority right at Google we have this level of things so p z that's you know priority zero that's the highest of highest um so if everything is p zero nothing is and the problem with this is that um uh you start getting so much work that you are not able to kind of distinct on what is important and not and there's a danger zone here right there's a danger zone when you you hear yourself saying it's probably fine and this is a very instant response type type of thing right but if you if you see um an incident an escalation you need to figure out what happened and you shrug and you say that this is probably fine uh because I have these three things that they say are equally important and equally urgent uh what I'm going to choose so this is probably fine the problem there is that you lose your sense of curiosity you lose your sense of I need to De dive deep into this and really understand this and make sure that the triage being done properly that we are not at risk all of those uh instant response traits right so that's a sign if you hear yourself saying that take a step back and say that H I wonder if you should start thinking about our prioritization maybe we need to talk to our management and actually make sure that not everything is urgent because hint not everything is as urgent I promise um so another another if you want to spot that in in other other ways is going into meetings and the language is always urgent right and and maybe that urgency is coming from above or maybe it's actually now rooted in your team that everything is urgent take note of that also tickets uh if tickets are always urgent in the language the words are Urgent um take note uh and take a step back um because this also leads to things that are used to be fun aren't anymore and I mentioned that earlier right but I really want to zoom in on that because when you find yourself not being excited by the stuff that you were decided about before uh or you know because this is your passion right we we we have a lot of passion and we have a lot of curiosity and we want to kind of understand things technically right uh but when you lose that that's really a a a pay down downwards so I want to uh highlight that uh but that chronic burnout a couple of examples there but Matt you're going to talk about situational burnout sides I've cover situational burnout um so situational burnout as I mentioned before this is short-term burnout that's very intensely felt in the middle of really serious moments um and for those of you who are are wondering whiskey and Captain Crunch is the Breakfast of Champions don't knock it until you've tried it um if you've ever been involved in a really big security incident and you don't happen to have a global on call team or even if you do have a global on call team you can find yourself putting in some extra hours um situational burnout typically occurs when you know for example like the early days of a log for Jay explosion when nobody's sure what to do or how to get a handle on it um companies or teams who don't have a crisis management procedure in place in advance will likely run into situational burnout from the collective effort required to self-organize one um incident responders especially if you have maybe four forensic people and there's 40 hosts that you need to do forensics on they'll start to experience the situational burnout just from trying to deal with the overwhelming volume of data that they're dealing with um and then there's the stress factor especially if you don't get to be in big security incidents often it's emotionally stressful it's kind of draining um situational burnout is something if you are we use in incident command system to deal with incidents at Google we have an incident commander and we say that a formal part of the incident Commander's job is keeping stock of all of the response team and just looking for the signs of situational burnout in the response team to have people take breaks catch it have them go away for 30 minutes reassign some of the work or even just have a conversation with them about hey what's burning you out right now um I had one case where somebody was situationally burnt out during an incident and when I actually stopped and talked I said hey it looks to me like you're really running red right now what's going on um they were just late for dinner and their wife was mad at them um and I was like okay just go home then like we can we can Shuffle around your work um and you're not going to do functional good work if you're that stressed about it anyway because you're going to introduce mistakes can I add one thing to that absolutely um don't underestimate sleep when you're in a situation like this and you're responding it's very hectic right um it's better to go home 3 hours earlier and have a good night's sleep and come back the day after than to push through those three hours and not get much done uh by personal experience that is true and since we're on the signs and symptoms I I forgot to add my number one thing I look for to tell whether someone is situationally burnt out or not is are they annoyed that I interrupted them about something that it was my job to interrupt them about so if I'm asking a forensics analyst hey do you have an update on browser history analysis for this host and they're like God I'm getting to it they are definitely situationally burn out um because that is the one job they were assigned I didn't give them 50 and I'm The Incident Commander I'm I'm supposed to know this um so I really try to take stock of how are their reactions when being asked for normal things um that's my number one sign that I look for a special note we we were going to cover this in chronic burnout but I I pulled it into a new slide because on a special note I wanted to talk about cynicism um cynical outlooks are a thing that destroys teams and it spreads from one person to another um now we in the security industry we love dark humor right you like my shirt um we like dark humor the burning dumpster fire of Love is one of our favorite icons because we realize that everything is trash all the time um and we all kind of collectively like to make fun of humor the fire service is like that too uh the probably number one stressor any fire chief has is are the things the firefighters say around the dinner table going to get out and be heard by the public um because you have to dark humor away the pain sometimes but here's the difference between dark humor which is healthy for a team and cynicism which will destroy your team are the jokes that your team is making that are kind of dark jokes about a situation or a person and their motivations number one thing I look for if one of my team members is making a joke about how you know you will never be able to secure remedy right haha we're laughing at remedy that is dark humor that's fun if it's remedy will never fix this bug because then VP won't make an extra bonus this quarter oh that's that's cynicism that's the poisonous stuff because when you start questioning the motivations of the people around you or the motivations of the people you work with you're starting to they're starting to show you that they feel alone they feel isolated they feel out of control it is all of those things in one coming out and so so I refuse to allow cynicism in team chats I will pull people aside for a one-on-one and I'll just say hey dark humor is great questioning the motivations of RVP is not um let's talk to them if you're wondering why it is they gave us a particular order so on to remedies um obviously Clarity of mission there are direct ways to do this telling everyone what our mission is telling everyone what we're here for repeating it people need to hear it 10 to 15 times a month is um but there's also the indirect ways right we have a cool logo we have a challenge coin despite the fact that challenge coin is just POG for grown-ups these subtle reinforcements of your mission spe consilium nonest hope is not a strategy um there are 11 things in the coin that symbolize our team these actually mean a lot to your team and you can Infuse them with your mission over and over again so that every time they see the logo on their shirt they're being reminded of the mission and a hard part of that is leading by example um this is something I do I have a team of 19 I am technically not supposed to be on call in the on call queue anymore because when you're leading a team you're not supposed to be neck deep in the work but I make an example in my on call team about once a month when somebody says hey I need a shift swap will anyone swap ships for me I leap in and I say I'll take your shift for the week and I will work at least one on call shift a quarter so that my team can see that I will do a full week of anything it is that I would ask them to do they'll also see how I do it which gives me a really good chance to Mentor newer team members or even experienced team members who don't get to do a certain thing often but most of the value I get out of this is just saying hey when I come around you in a team meeting and say we're going to change the way we do X I'm never going to do it in a way that I would refuse to do if I were in your seat and I think that means a lot to the team insist on downtime in the fire service fire truck loses wheel on WE to burning house it's it always happens in the fire service we have a saying and it's a military saying too schedule maintenance for your equipment or your equipment will do it for you um this applies to people too um Sunnyvale Department of Public Safety in Sunnyvale California where my Google office is are one of a few public safety departments in America that are called unified Public Safety and they do a really neat thing you train as a police officer a firefighter and an EMT and you pick two and for 6 months out of the year you're a police officer and then they say okay time to be a firefighter for 6 months now why because nobody ever wrote a rap song called f the fire department it takes you out of one rle where you're beginning after 6 months to get burnt out in a chronic way and maybe you're starting to deal with this the the public a little bit more meanly than you would because you've dealt with too many mean people this quarter and then they rotate you into the fire department and for fire they rotate you into police um we do this with our people too insist on downtime um give them rotations give them other projects to do right uh will my video play I think it will so manufacturing togetherness is uh see if this will play yeah when we're in a big security incident lots of things happen that are bad right and this is an example from a security incident that my team was involved in we spent weeks doing task after task after task trying to make things better and we were all starting to get a little situation burnt out and then we had a hard drive fail and the hard drive that failed was the master drive to a data array we were storing on a bunch of evidence on and boy did that make everyone angry and we were so frustrated and situationally burnt in the moment that somebody finally had a bright idea and they were like Hey we're next door to a scientific shop that has liquid nitrogen let's try freezing this drive in liquid nitrogen and smashing it and in the moment the leadership thing to do was say absolutely yes we should do that um and we smashed our hard drive that made us mad we found out liquid nitrogen wouldn't make it break into dust like we were hoping and then for the rest of the day everybody was in Super High Spirits that was a loss right losing that hard drive set us back by eight hours we needed to manufacture a way to turn that into something that the team would remember and enjoy and bring back the morale just like FEMA had to hide people in the rubble when they're trying to get the search dogs happy again I lost my ability to click didn't I come on all right cool all right so empowering the individual and I know that we're getting short on time here so we have to speed through the last couple of slides here but I want to do a couple of of points here this is very close to me because I'm I'm leading a lot of our tooling our open source digital forensics tooling and empowering the individual is about giving people space and time to do Project work because as Matt mentioned here right decompression is important when you're in this situational uh instant response you are starting to burn out there you're getting a little bit of tired of that you need to decompress on one way of doing that is doing Project work but also Project work that affects you right you a as a person this going to lead to my world being better next time we do this type of incident so that might be improving your tooling um open source is a great vehicle for giving people a personal recognition in the community right so you can get your staff and your your your folks to have that recognition and build a brand about that and that that's a good feeling and that that brings you further um but it might also be just process improvements right playbooks response plans make them better user education that you pick up from incident that can be better like you can work on that but that decompression time is uh is important and other point I want to make is um making sure that you give your people uh and your employers employees sorry um the ability to grow their skills and why is that important it's not just us like having them go to classes or or learning new skills in per se but it's about giving them the sense of I'm not stuck in my role I can actually move um and even if they move right say for example they get interested in in product security or network security or um you know mobile security um and they find a really New Passion there that's good for the individual they find a new thing if you can keep them in your company and they move away from your team but to another team you will have the best instant responders when things hits the fan later on and you need their support they're going to be great at instant response they also going to be great at the subject matter that they are focusing on right now so letting people have that feeling of of I'm not stuck will will you know you will be more resilient to burnout in general so the last side I have um uh it's about postmortem and blameless postmortem and why they are good um and I always bring this up in my presentations because I think it's a good takeaway uh for an organization and for you to to have right so what is blameless postmortem it's a cultural thing started at Google um about from the security reli sorry the Rel reliability engineering culture um it's about you should never blame the person for a mistake you should have psychological safety to make a mistake right uh you have to shift focus and shift that to blaming the organization and blaming the system instead right uh because that way people are empowered to make mistakes because mistakes is how we learn and mistakes is how we build better systems fix the systemic issues and build more resilience into our processes our systems our uh day-to-day work and that is really important in uh if you want to talk more and have more insights on that I'm I'm happy to to talk after the talk as here as well um so if you want to wrap it up um sure um as you leave this talk the the last piece is the personal Factor um we wanted to really focus on the things that teams and organizations can do to prevent burnout because burnout is something you have to begin preventing well in advance and you have to have a plan for well in advance it's not something that you just do once it's happened um and so I didn't want to focus on all the things the individual must do to not become burnt out that places the blame in the wrong place but that said we are all varied individuals and have a hobby have two Hobbies whatever it is you do don't make security person your personality and don't make the company you work for your personality because those things will change through your whole life and you need other things that make you truly happy so that when you're in the middle of a career change or in the middle of a bad incident or in the middle of a problem you can fall back on something that makes you happy that's not affected by all those other things um and that is the last piece of dealing with burnout that I I thought was really valuable to reinforce for people um we are available for QA I think we have to vacate the stage but we'll hang around and we're not that easy or that hard to get a hold of so thank you for coming thank [Applause] you
Info
Channel: Black Hat
Views: 2,961
Rating: undefined out of 5
Keywords:
Id: NA0f5owyoko
Channel Id: undefined
Length: 40min 39sec (2439 seconds)
Published: Fri Apr 05 2024
Related Videos
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility
Black Hat
936
It's the best tiramisu I've ever had
식탁일기 table diary
52M
Black Hat Then vs now #blackhat #villainous #edit #short
Mr.TopHat Animations
804K
Intro to LLM Security - OWASP Top 10 for Large Language Models (LLMs)
WhyLabs
5.4K
Why 90% of Startup CEOs Are Failing | John Kim Sendbird
EO
468K
Kidnapping Without Hostages: Virtual Kidnapping and the Dark Road Ahead
Black Hat
1.2K
5 Signs of an Inexperienced Self-Taught Developer (and how to fix)
Travis Media
616K
Keynote: Industrialising Cyber Defence in an Asymmetric World
Black Hat
1.4K
Keynote: My Lessons from the Uber Case
Black Hat
2.9K
The Black Hat Europe Network Operations Center (NOC) Report
Black Hat
1.1K
Black Hat vs Glitch Production | Meta Runner, Sunset Paradise, Murder Drones & SMG4 |
Keykie
1.1M
Lawyer Reveals #1 Conversation Technique To Instantly Gain Authority, Respect & High Status
Doug Bopst
12K
New Techniques for Split-Second DNS Rebinding
Black Hat
1.5K
Through the Looking Glass: How Open Source Projects See Vulnerability Disclosure
Black Hat
939
Locknote: Conclusions and Key Takeaways from Day 1
Black Hat
619
You have to look out for these hacks in 2024! (plus get FREE training)
David Bombal
62K
a day in the life of an engineer working from home
Joma Tech
20M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.