Mental Health in Cyber Security Foundation

Around the world national Cyber Resilience Strategies regularly state that the Cyber Resilience of the nation relies on the Cyber Resilience of its enterprises. However, the Cyber Resilience of enterprises whether they have a strategy or not, in turn relies on the Resilience of its Cyber Security Teams!

"This means that the Cyber Resilience of every nation relies on the Cyber Resilience of its Cyber Security Profession."

However, most Cyber Resilience Strategies of nations and enterprises have no mention of how they will protect their Cyber Security Teams from stress, burnout or mental health issues.

Protecting Cyber Security Professionals from stress, burnout and mental health issues isn't just something that is missing from Cyber Resilience Strategies, but also from most industry and professional certifications - as most of them focus on the technical or business skills needed rather than the people skills to maintain a healthy mental balance for peak performance.

The Foundation believes that the stress, burnout and mental health issues are a Cyber Resilience issue not a Wellness issue, and as such should be responded to by the Cyber Resilience Management Teams rather than HR.

This project aims to:

• Set out Charter levels with principles of good practice, and work with organisations to adopt and promote the appropriate level for them. [The Awareness level of the Charter is available now, see below for details]
• Develop best practice guidelines and frameworks to assess and measure maturity in cyber mental health and welfare within organisations.
• Establish evidence driven challenge statements based on independent research, bringing together subject matter experts to contribute to establishing principles of good practice, with a means of applying these and ways to measure effectiveness.
• Build a Community of Practice to develop, test and share principles of good practice. [A Community of Practice group has been established, see below for details]
• Develop guidelines to assist independent researchers to identify the questions that will help the Foundation in aims and objectives to help the Cyber Resilience community.
• Develop a Framework for the profession and enterprises on approaches to effectively manage cyber security teams to build better Cyber Resilience.

The Foundation's Executive Steering Group together with its community has developed an awareness level Charter, which has been signed by around 30 organisations by Mental Health Awareness Week in May 2024. An example of the Charter can be reviewed on the Charter page, which consists of three sections, where the third section we list the Pledges that you wish to make about actions you wish to take. If you would like more details about signing up to the Charter please check out our Charter pages or email us at: .

We have a Community of Practice group which meets 2.00pm (UK time) on the last Thursday of each month in a conference call to enable people from around the world to join and share with us.

To get an invite to the next meeting, please send a message to: .

The Executive Steering Group is made up of the following members:

1. Sarb Sembhi (Chair-person & Founding Member)
2. Paul Simms (Charter Lead & Founding Member)
3. Peter Olivier (Strategy Lead & Founding Member)
4. Rebecca McKeown (Community of Practice Lead & Member)
5. Dr. Daniel Shore (US Lead & Member)
6. Dr. Kashap (Kash) Thimmaraju (Research Lead)

We are always on the look-out for people who are active in this field and would like to contribute to increase our reach and work, if you feel that there is something that you can help with, please contact us.

The project came about after the following turning points:

- In October 2023 after an Open Conference Call, it was clear to us that there was enough interest from enterprises who wanted to do something to help their Cyber Security Teams. Before this ...

- In Summer 2023 after the Panel Session at InfoSec Europe (London) Event, we had lots of professionals speak to us about their own experiences of stress, burnout and mental health. Before this ...

- In May 2023 after we released our discussion Paper on Mental Health in Cyber Security. Before this ...

In October 2022 at a Chief Information Security Officer (CISO) event there was a session onthe "Changing Role of a CISO". The discussion in the session included changes impacting the role by causing stress and burnout, as well as mental health issues in some cases.

On sensing a strong feeling in the room the event Chair, Sarb Sembhi asked for volunteers to help produce a paper on it, upon which two volunteers Paul Simms and Peter Olivier offered to work on a collating a paper, which was released in May 2023.