In the spirit of Festivus, I’m airing my grievances and demonstrating my feats of strength. I don’t know about you, but I didn’t enter 2022 with a full tank. I started the year by joining the hordes of people revenge-travelling/shopping/connecting/renovating (I know!). It’s no wonder I feel utterly exhausted. It’s also no wonder that I find myself feeling like “I’ve not done enough!”
Through my research on burnout, I recognize this as “professional efficacy” — how well we think we are performing, a key burnout metric (exhaustion and cynicism being the two others). So before I look forward, I need to recover, put grievances aside, and celebrate my 2022 feats of strength, which include:
- Making a call on the future of security awareness and training (SA&T). 2022 saw me spending 50% of my time responding to client inquiries, consulting, and speaking about awareness, behavior, and culture. I published a Forrester Wave™ evaluation, five blogs, and four reports in this space, including Forrester’s Guide To SA&T Regulations And Standards. The resulting report, The Future Of Security Awareness And Training, examines the major expected changes in the short, medium, and long term. I’m so proud of this research, as it outlines the need to disrupt the status quo, which seems to have become a moral imperative for me and should be for all of us.
- Diving into trust and the hype around the great resignation. I was lucky to have been “volun-told” to lead our inaugural The State Of Trust In Australia research. With my colleagues, we learned that Australians’ laid-back reputation hides the truth about our ability to trust. I was also asked to lead a panel at our T&I APAC Forum on “The Hype Around The Great Resignation” with some remarkable leaders, based on brilliant research by fellow Forrester VP, Principal Analyst Katy Tynan. The panel, and the roundtables that followed, were a 2022 highlight.
- (Still) working to break gender bias in cybersecurity. On International Women’s Day, we published Best Practices: Recruiting, Retaining, And Advancing Women In Cybersecurity, with one of my favorite collaborations of all time. Sam Higgins and I published a blog on the uncomfortable truth of performative gender diversity and inclusivity. I also led a panel at an AWSN (Australian Women in Security Network) Sydney Chapter on what it takes to be a leader within security. I loved contributing in these small ways. I continue to be inspired and humbled by the work of elevating women in cybersecurity. AWSN also invited me to its Cyber Insights Serieson women in cyber with the New South Wales government and Victor Dominello MP to explore how we can overcome the central barriers to women entering the profession. At Forrester, we hosted the inaugural ForrWomen Leadership Summit. I was also lucky enough to attend the first Executive Women event hosted by the wonderful Mitra Minai in her goal to support Fitted for Work.
- Introducing Forrester Decisions for Security & Risk to Asia Pacific. This year, we launched the highly anticipated Forrester Decisions for Security & Risk service into the APAC region. The service combines bold vision research, benchmark data, curated tools and frameworks, and an innovative hands-on guidance model through guidance sessions with analysts who are on your side and by your side.
- Being constantly inspired by my colleagues’ works. My colleagues’ research blew me away this year. Some particularly inspiring research includes:
- Erik Nost’s human-centered report, How To Manage Your Vulnerability Risk Program Amidst Skill and Labor Shortages.
- Jess Burn’s Rethink Your Reliance On Cybersecurity Certifications.
- Jeff Pollard’s research, The Emergence Of The Chief Trust Officer, along with his Security & Risk Forum keynote on the same topic.
- Sam Higgins’ important Technology’s Future Is Human-Centered report, which will inspire my upcoming human-centered security research.
- Janet Worthington’s Show, Don’t Tell, Your Developers How To Write Secure Code, which is so on point.
- J. P. Gownder’s blog, It’s Time To Discard Outdated Conceptions Of The Office, laid out the current state of the return-to-the-office tug-of-war in clear and concise terms.
The Intersection Of Work And Life
According to soon-to-be-released research by Australian not-for-profit Cybermindz, cybersecurity professionals in 2022 seem to be more burned out than frontline healthcare workers. I’m not on the front line of anything, and yet I’m feeling the burn. I shared some of my learnings on managing my own workload, mental health, productivity, deep work, and self-care in my 2019 wrap, and I’m going to share a bit more here.
In 2022, like many, I was back in the world again. I loved delivering roundtables, keynotes, track sessions, strategy days, and meetings in Singapore, London, Corfu (don’t ask), San Francisco, Maryland, and Washington, DC, and connecting with everyone again. I managed to tag family holidays to most of these (in my household, we call this “holiworks”). As a family, we spent time relaxing in Koh Samui, we ate our way through Puglia, Campania, and Basilicata, we hiked and parasailed in the Swiss Alps, and I squeezed in a sneaky mini-break in NYC while in the US.
With a heavy and relentless schedule, travel back on the agenda, and keynotes and events going back to IRL, though, I leaned heavily on a series of personal and work habits to manage my mental health and burnout. These include:
- My daily, weekly, quarterly, and yearly habits. Daily: I dedicate one hour to exercise, or close to 10K steps, my goal being mental, more than physical, fitness. Weekly: Every Friday afternoon, I review my calendar for the week ahead, making sure I stick to my boundaries. I book all my exercise sessions for the week ahead. I block out any days that start to fill up beyond my maximum comfortable number of meetings. Quarterly: I do a quarterly self-review (Wheel of Life). Yearly: I reflect on good and bad decisions I made, the biggest lessons learned, the biggest risks, and surprises.
- The practice of gratitude. This year, I received a number of heartfelt gifts and notes of thanks from industry friends and colleagues, which touched me beyond measure. It reminded me that I don’t make enough time to practice gratitude, so I was grateful when Julia Steel wrote this excellent blog on 14 ways to say thank you.
Looking Ahead To 2023
For 2023, I’m very excited about research on how CISOs can become “trusted” leaders. I’ll be launching research on human-centered security. I’ll continue research on stakeholder engagement in security, with a focus on empathy. I’ll also revive my research on cybersecurity team culture. And I’ll of course continue my research into security awareness, behavior, and culture.
THANK YOU FOR YOUR CONTINUOUS SUPPORT, INSPIRATION, AND ENGAGEMENT!