In the spirit of Festivus, I’m airing my grievances and demonstrating my feats of strength. I don’t know about you, but I didn’t enter 2022 with a full tank. I started the year by joining the hordes of people revenge-travelling / shopping / connecting / renovating (I know!). It’s no wonder I feel utterly exhausted. It’s also no wonder that I find myself feeling like “I’ve not done enough!”
Through my research on burnout, I recognize this as “professional efficacy” – how well we think we are performing, a key burnout metric (exhaustion, and cynicism being the two others). So before I look forward, I need to recover, put grievances aside, and celebrate my 2022 feats of strength, which include:
- Making a call on the future of security awareness and training. 2022 saw me spending 50% of my time responding to client inquiries, consulting and speaking about awareness, behavior & culture. I published a Forrester Wave™, 5 blogs and 4 reports in this space, including Forrester’s Guide To SA&T Regulations & Standards. The resulting The Future Of Security Awareness & Training report examines the major expected changes in the short, medium and long term. I’m so proud of this research, as it outlines the need to disrupt the status quo, which seems to have become a moral imperative for me, and should be for all of us.
- Diving into trust and the hype around the great resignation. I was lucky to have been “voluntold” to lead our inaugural State Of Trust In Australia. With my colleagues, we learned that Australian’s laid-back reputation hides the truth about our ability to trust. I was also asked to lead a panel at our APAC T&I forum on “The Hype Around The Great Resignation” with some remarkable leaders, based on brilliant research by fellow Forrester VP, Principal Analyst Katy Tynan. The panel, and the roundtables that followed, were a 2022 highlight.
- (Still) Working to break gender bias in cybersecurity. On International Women’s Day, we published Best Practices: Recruiting, Retaining And Advancing Women In Cybersecurity, with one of my favorite collaborations of all time. Sam Higgins and I and I published a blog on the uncomfortable truth of performative gender diversity and inclusivity. I also led a panel at an AWSN Sydney Chapter on what it takes to be a leader within security. I loved contributing in these small ways. I continue to be inspired and humbled by the work elevating women in cybersecurity. AWSN – Australian Women in Security Network invited me to the Cyber Insights Series: Women In Cyber with NSW Government and Victor Dominello MP to explore how we can overcome the central barriers to women entering the profession. At Forrester, we hosted the inaugural ForrWomen leadership summit. I was also lucky enough to attend the first Executive Women event hosted by the wonderful Mitra Minai in her goal to support Fitted for Work.
- Introducing Forrester Decisions For Security And Risk to Asia Pacific. This year, we launched the highly-anticipated Forrester Decisions for Security & Riskservice into the APAC region. The service combines bold vision research, benchmark data, curated tools and frameworks, and an innovative hands-on guidance model through guidance sessions with analysts who are on your side and by your side.
- Being constantly inspired by my colleagues’ works. My colleagues’ research blew me away this year. Some particularly inspiring research includes:
The Intersection Of Work And Life
According to soon to be released research by Australian not-for-profit Cybermindz, cybersecurity professionals in 2022 seem to be more burned out than frontline healthcare workers. I’m not on the front line of anything, and yet I’m feeling the burn. I shared some of my learnings on managing my own workload, mental health, productivity, deep work and self-care in my 2019 wrap, and I’m going to share a bit more here.
In 2022, like many I was back in the world again. I loved delivering roundtables, keynotes, track sessions, strategy days, and meetings in Singapore, London, Corfu (don’t ask), San Francisco, Maryland, and Washington, DC, and connecting with everyone again. I managed to tag family holidays to most of these (in my household, we call this “Holiworks”). As a family, we spent time spent relaxing in Koh Samui, we ate our way through Puglia, Campania and Basilicata, we hiked and parasailed in the Swiss Alps, and I squeezed in a sneaky mini-break in NYC while in the US.
With a heavy and relentless schedule, travel back on the agenda, and keynotes and events going back to IRL though, I leaned heavily on a series of personal and work habits to manage my mental health, and burnout. These include:
- My daily, weekly, quarterly and yearly habits. Daily: I dedicate one hour to exercise, or close 10K steps, my goal being mental, more than physical fitness. Weekly: every Friday afternoon, I review my calendar for the week ahead, making sure I stick to my boundaries. I book all my exercise sessions for the week ahead. I block out any days which start to fill up beyond my maximum comfortable number of meetings. Quarterly: I do a quarterly self-review (Wheel of Life). Yearly: I reflect on good and bad decisions I made, biggest lessons learned, biggest risks and surprises.
- The practice of gratitude. This year, I received a number of heartfelt gifts and notes thanks from industry friends and colleagues this year, which touched me beyond measure. It reminded me that I don’t make enough time to practice gratitude, so I was grateful when Julia Steel wrote this excellent blog on 14 ways to say thank you.
Looking Ahead To 2023
For 2023, I’m very excited about research on how CISOs can become “trusted” leaders. I’ll be launching research on human-centered security. I’ll continue research on stakeholder engagement in security, with a focus on empathy. I’ll also revive my research on cybersecurity team culture. And I’ll of course continue my research into security awareness, behavior and culture.
THANK YOU FOR YOUR CONTINUOUS SUPPORT, INSPIRATION AND ENAGEMENT