In February 2018, an article appeared concerning 'cybersecurity PTSD' and its impact on the security workforce, spurring a reaction to the terminology and the conditions referenced. More anecdotally, we as security practitioners have all heard co-workers lament of a stressful experience resulting in some sort of workplace 'PTSD.' While it is therapeutic to joke about serious issues at times, as a Post-Traumatic Stress Disorder sufferer and survivor there are limits – but also scope to identify moments for our industry to grow in facing such issues.
Whether through sexual trauma, military service, or other traumatic experiences, the number of diagnosed cases of PTSD is increasing – and along with it the chances that you will encounter someone living with this condition in the workplace. As the security industry grows and matures, the proper response is not to ignore, avoid, or shun this topic, but to embrace PTSD and coworkers and colleagues experiencing it to better understand the condition and formulate a better, more understanding workplace.
In this talk, I will speak to my own story of PTSD – from military service in Afghanistan to a very unique medical trauma – and how it has shaped not just my life, but my work in cybersecurity. Principally, cybersecurity has offered a haven for myself cognitively and emotionally - and I feel that I am not alone in finding peace and solace in our field. In providing this overview, I will touch on various points that we as a community can embrace to better understand and support those in our midst who may also suffer from such a condition.
Overall, the goal is to keep matters reasonably 'light' so we as a community can discuss such subjects, while at the same time diving head on into how the security culture both supports and provides difficulties to PTSD survivors. Ultimately, developing a more empathetic, emotionally aware security community will only benefit us as a profession – and PTSD is an excellent starting point for such a conversation.
Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other observables available. Prior to his time at Dragos, Joe ran the Incident Response team at Los Alamos National Laboratory, and served as an Information Warfare Officer in the US Navy. Throughout his career in network defense, Joe has consistently worked to 'take the fight to the adversary' by applying forward-looking, active defense measures to constantly keep threat actors off balance. When not hunting adversaries or playing with open source security projects, Joe loves playing ice hockey and building Legos.