Preventing Burnout and Safeguarding Democracy Through Inclusion


Posted on by Greg McDonough

With the proliferation of artificial intelligence (AI) based attacks, an increased responsibility for incident reporting, and a growing concern for liability, the cybersecurity industry is currently facing a very real problem in the form of burnout. However, RSA Conference 2024 is a clear reminder of The Power of Community and the resources, both physical and mental, available to those in need. This year’s conference features innovative programs designed to address burnout while making the industry as a whole more secure. Whether these solutions are geared towards making cybersecurity more accessible to those with disabilities, or designed around free/open source programs that will fit the budget of any sized team, or even ensuring safe and accurate elections, it is clear that the cybersecurity industry will continue to fight against burnout by working together as a community.

Given some of the common operating costs for equipping and staffing an effective cybersecurity team, smaller organizations are often forced to make difficult choices regarding the software solutions that they employ. Although this can often come at the expense of less effective security, Wednesday morning’s Cybersecurity for Have Nots, speaker Jake Williams presented effective free and open-source solutions that can provide valuable tools to any sized team, regardless of budget. He presented free and low cost software solutions such as Wazuh, Cloudsploit, and Bitwarden but made sure to differentiate between products such as these, that have the option of paid support and other open source programs that can exact a heavier cost in time to implement and update. Ultimately, regardless of the programs that a team employs, it is necessary to have skilled individuals to utilize them as he explained, “a budget for tools, but no head count is a fool’s errand.” By providing these tools at no-cost, the community has raised the collective security of the industry and helped reduce some of the stressors that can often lead to burnout.

One of the main causes for burnout is the sense of isolation that can often come from fighting a constant battle to protect an organization. Successful cybersecurity is typically invisible, which can lead individuals to feel like they aren’t being seen, heard, or valued. The session, Balancing Accessibility, Security and AI: Design Inclusive Security Tools, Abhilasha Bhargav-Spantzel and Aditi Shah broke down the various ways that the industry is recognizing those with disabilities and some of the exciting work being done with AI to make security more inclusive to everyone. Shah spoke from the unique perspective of being blind in the cybersecurity industry as she shared a few of the techniques and technologies that she uses in her work, such as accessibility software that reads her screen aloud. “By designing for people with disabilities, we help everyone,” Bhargav-Spantzel explained as she related how she utilizes some of the same audio features to untether herself from the screen and take her work outside. While there is tremendous work being done, there are still areas where the industry needs to do better. One area, where AI can play a major role, is in authentication that all too often requires users to decode frustrating visual CAPTCHAs that exclude the visually and cognitively impaired. Shah and Bhargav-Spantzel recommend that a fundamental aspect of inclusion should be a variety of alternatives that accommodate the needs of diverse users in authentication and beyond. They also feel that the industry as a whole needs to focus on hiring those with disabilities and leveraging their skills and experiences to better design user experiences. It is of paramount importance that organizations realize "accessibility is not a one time thing,” Shah urged the crowd. 

In Builders and Breakers: Partnering for Secure Elections, moderator Scott Algeier, along with panelists Casey EllisChloé Messdaghi, and Jennifer Morrell tackled the important issue of ensuring safe, democratic elections. They did this work as members of IT-ISAC in conjunction with election technology providers, in the hope of providing valuable insights as to how the cybersecurity industry can partner with the US government to prevent interference in the voting process. As part of this work, the team, along with additional researchers, was given access to current voting technology coupled with yet-to-be released voting software. Their methodology included making every possible attempt to break the system and discover methods that could potentially be used to subvert the voting process. Fortunately, as Messdaghi related, “the researchers said, ‘this is the hardest thing we have ever tried to break into.’” Although their concerted efforts only uncovered low-risk issues, the entire team noted the sense of satisfaction they felt in working on something as safeguarding the democratic process. “This is really important work,” Ellis explained.


Contributors
Greg McDonough

Cybersecurity Writer, Freelance

Human Element

Artificial Intelligence / Machine Learning incident response Open Source authentication innovation

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs