Stories

Mental health is new focus at premier cybersecurity conference

Animated GIF of brain icon being made brighter and darker on computer screen
Illustration: Sarah Grillo/Axios

LAS VEGAS — At this week's Black Hat cybersecurity conference, panels about hacking automobiles and airplane WiFi are being interspersed with a new focus: mental health.

Why it matters: Issues like anxiety and depression aren't new in the cybersecurity field, and stress is rampant: pros work long hours under enormous pressure to protect critical networks from ever-increasing threats. Black Hat's new focus on the people, not just the technology, may instigate broader industry changes.

The big picture: The leading cybersecurity conference has long had conference tracks like cryptography, forensics and incident response. This will mark the first year the "community" track joins that roster to provide a place to talk about less technical, more human issues.

  • Black Hat has a large industry presence, and shining a light on topics that tend to be discussed outside the corporate eye — things like suicide, stress load, mental illness and trauma — may force major employers in the field to think about those issues, too.
  • "Good conferences are a reflection of the community," said Black Hat General Manager Steve Wylie. "We have a responsibility to the community."
  • Wylie said they received more speaking proposals on the topics than speaking slots available, which he said indicated a strong response.

Mental illness and suicide: "In the past year I know several people in the community have taken their own lives," said Jay Radcliffe of Boston Scientific. "It’s a sad thing, and something I feel responsible to talk about." Radcliffe, well known for hacking devices, will be presenting about his own experience with depression with Christian Dameff, an emergency medicine physician.

  • "With global staffing shortages in information security, we're seeing departments that should have 10 people work with 5. And that increases stress," said Radcliffe.
  • Anecdotal evidence suggests high prevalence of mental illness in the information security community, perhaps heightened by the hacker subculture attracting people from a variety of backgrounds, some of which may involve preexisting mental health conditions.
  • A separate presentation will discuss the high instance of autism in the field.

Stress: Two researchers from the National Security Agency, Celeste Paul and Josiah Dykstra, will release NSA data on the effect of stress on operator performance and how to combat it. "We did see effects," said Paul.

Post-tramatic stress disorder: Cybersecurity also draws a wide array of ex-military members, including Dragos Security's Joe Slowik, who served in the Navy.

  • Slowik will talk about his experience with PTSD.
  • "The talk itself was a spur-of-the-moment reaction to an article on 'cybersecurity PTSD,' which the author was using to mean burnout from all of the breaches," he said. "Seeing terminology come up in a way that was almost flippant bothered me."

Sexual assault: Slowik notes that PTSD isn't exclusive to ex-military practitioners. Cybersecurity, like other industries, has faced a reckoning in recent years as victims of sexual assault and harassment have come forward.

  • Makenzie Peterson, coordinator for wellness programs at Hampshire College, will discuss how communities on the whole move forward after widespread allegations of sexual assault.

The bottom line: The community track is a chance to change the industry. "There’s such a talent shortage right now that companies may need to take advantage of community track to recruit employees," said Radcliffe.

Correction: An earlier version of this story misspelled Joe Slowik's name. The story has been updated.