This transcript was generated automatically by AI. If you find any mistakes, please email us.
Announcer
0:00:00
Hello everyone, you're listening to Cloud Next, your go-to source for cloud innovation and leaders insight brought to you by GlobalDots.
Ganesh
0:00:15
Work-related stress is a modern day illness that affects nearly every sector. However, in the tech world, one segment, cybersecurity, is more exposed than others to relentless pressure, stemming not only from everyday routines, but from the very nature of the work itself. We hear about plastic solutions, perks like bonuses, company vacations, ping pong tables, fun days, free meals and happy hours, but at the end of the day, a ping pong table is just a ping pong table. The things you carry home in your mind and heart aren't sold by any bonus, no matter how it's packaged. The result is burnout, which in the best case scenario,
Ganesh
0:00:52
leads to midlife career changes and leaving the field altogether. But perhaps there's a middle ground. Maybe if we bring light to the issue, talk about it openly, and give people the tools to manage it,
Ganesh
0:01:02
while also drastically reducing the pressure and embracing work-life balance, we can find a way forward. I'm Ganesh The Awesome, solutions architect at GlobalNuts, and our guest today, Peter Koroneas,
Ganesh
0:01:13
founder of Cyberminds, a not-for-profit organisation focused on addressing mental health challenges in the cyber security field. With over 25 years of experience in cyber security leadership, Peter has seen first-hand the unique pressures that cyber security professionals face. Peter, before we start, what should people know about you? Tell the listener a little bit about yourself.
Peter
0:01:33
It's been a long journey. Let's just say I've had my share of tragedy and loss and the normal kind of, we call in law, which I studied, we call them the vicissitudes of life, the ups and downs. So I think, you know, the first thing to note about me is that, you know, we're all human. I'm a human like anybody else. I guess the difference is that from a fairly early age, I did commit to a personal journey
Peter
0:02:03
on my own development through meditation primarily. And I think as a result of that, I've managed to immunize myself from the worst that life's been able to throw at me from a psychological point of view and even from a health standpoint. But the beauty of these sort of deep introspective processes where you get to connect with a part of you that is always okay, is that you do develop, I mean the term these days we use is resilience. In a way I don't like the term because it implies that something's trying to break you,
Peter
0:02:41
but really I guess it's about do you have, do we or any of us, do each of us have a center of psychological safety where we can weather the storms. And I suppose in my case I've had the advantage of, well, experiencing the storms but also testing my own development against that and coming up okay. So I guess CyberMinds is really the product of merging the aspects of cybersecurity and the stresses that we're facing and knowing and understanding directly the challenges with solutions. In this case, what we're now using is the IRIS or the Integrated
Peter
0:03:15
Restoration Protocol which I'm sure we'll talk about today. Great, we know
Ganesh
0:03:21
that you have a bit of an impressive background in cybersecurity leadership. I think you can just unpack that a little bit for us and then what was the tipping point that made you shift out of that into this mental health challenge
Peter
0:03:35
Yeah, so well let's start way back. I actually had my first career as a science teacher and in fact let me go further back than that. When I was 10 years old I was invited into my uncle's laboratory in Perth, Western Australia. He
Peter
0:04:06
was a neuroscientist and he showed me human brains. Oh wow. He was researching you know neuropathology and But for me, it was this sort of pivotal moment where I came to see this, the brain as being so central and fundamental and yet also so fragile because he was researching the pathology and what makes us less optimal, more fragile than we perhaps think we are.
Peter
0:04:24
So I think it really impressed upon me this idea that we've got to protect our neurology. It really is the center of our life's experience, our emotions, our fears, our hopes, our dreams, within cyber security, all of our capabilities are neurologically based at some level. Obviously we apply learning to ourselves, but it's the neurological correlates that we draw upon when we're bringing our skills into a situation. So fast forward as a career as a science teacher, I then progressed into law and did a law degree
Peter
0:05:01
and actually was finally recruited as the head of Australia's fledgling Internet Industry Association in 1997. became the peak industry body for internet in Australia. And it was very early on in that sort of phase of my life that we started to see cyber security emerging as a major threat, I suppose, to the whole trust paradigm that we saw the internet needed to be grounded in.
Peter
0:05:31
And I think pioneering work that we did, we had the opportunity to do a lot of, you know, groundbreaking policy work, legislative work, empowerment programs for the internet community, culminating in a scheme that reached 92% of the population within four months, and that was a botnet mitigation scheme, industry code of practice, where we would identify and then compromise computers and then notify their unsuspecting owners so they could be remediated. And that drew the attention of the Five Eyes community through the Australian
Peter
0:06:04
government. I was subsequently invited to the White House twice actually and they wanted to implement a similar scheme in the US which subsequently occurred and ended up reaching nearly 300 million internet broadband users, internet users in the States. So what that showed me though Ganesh is that you can have a good idea, you know, if your intentions are correct and your passion is there and you've thought through, you know, how to implement, then you can actually have a disproportionate impact on humanity
Peter
0:06:35
as it were. And I guess moving across into cyber minds and leaving that role in 2011, I was seeing more and more stress and burnout affecting my professional peers because I'd had this resilience through my own personal practices. I saw the opportunity to merge the two and actually that was really the birth of Cyberminds is to bring in the best of what we understand around neuroscience-based, you know,
Peter
0:07:01
scientifically-based measurable interventions that we can apply to our own lives and hopefully the promise or the aim is to lift societal resilience by improving the capacity of our defenders to firstly remain in their roles, not to burn out, and also to be performing at their peak in a way that they find the job satisfying and that they're able to switch off. You know, their relationships improve. We see the whole array of benefits that come through a proper orientation to our work and I think it's these, we could call them, you know, brain technologies that
Peter
0:07:41
we're applying internally on a regular basis through the programs that we run and we're seeing amazing effects and successes already. So I think that's really a pretty short version of how I got to where I am and what CyberMinds is and now we're about to launch in France. We've launched in Australia, the US and the UK already in under two years. So we're growing rapidly.
Peter
0:08:05
There's a massive need of course as we recognize but also we're really happy to move the conversation beyond everything that's wrong and broken in cybersecurity at the human level into well let's now focus on what we can do together as a community to actually improve the situation.
Ganesh
0:08:23
super great work, very interesting. And I purposefully kept myself naive so that I could hear it live through this podcast. And I been in cyber for roughly 20 years or so. And I've seen this burnout everywhere. And, you know, hands up, experienced the burnout myself. It caused me to have a career change in my trajectory, which is how I ended up in my current role, and then eventually how I ended up speaking to you now, actually. And the – I actually wonder how other people handle it.
Ganesh
0:09:05
I mean, I have a ridiculous morning routine that involves making sure I plant my feet on the ground, I do breath work, I do some yoga some days, some running, some gym, I make sure, all these things, pills, supplements, you know, lion's mane to improve the brain and I still, you know, touch the edge of burnout and, you know, I feel like I'm at the very high end of people who are looking after my brain and my body. So super keen to see what the Cybermind solution is and you mentioned your Integrative Restoration Protocol and unpack it for us and specifically how this is helping cyber security professionals.
Peter
0:09:48
So during COVID, because we couldn't travel, I took the opportunity to invest in some further personal development work and training. And I had been aware of the I-REST or the Integrative Restoration Protocol that had been developed by Dr. Richard Miller, a clinical psychologist in California, also a long-term meditation practitioner and yoga teacher. And Richard had managed to integrate the best of what these ancient sort of mind technologies
Peter
0:10:18
were able to give us with modern clinical psychology, psychological interventions, and he created this amazing, powerful protocol. It is a 10-step sequence of progressive relaxation, taking you deep, deep, deep down into levels on the edge of sleep. And there you can begin to process unprocessed emotions, unprocessed or beliefs that might be limiting you, limiting beliefs, trauma that might be there from even from childhood in some cases we're carrying a lot of stuff in our subconscious mind that we're not
Peter
0:10:55
aware of by definition. It's subconscious, so it's beneath the surface and as a result these unprocessed sort of forces within us are available to be triggered and I think burnout exacerbates that in the sense that your level of psychological resilience and in a sense your own immunity at a psychological level starts to wear a bit thin and so these
Peter
0:11:25
unprocessed forces are able to break through and start to pull the shots as it were in your life. If you're in a breach situation which we see quite a bit, you'll actually see cyber teams undergoing trauma, they'll be experiencing trauma and so it's super important in a contextual way to be
Peter
0:11:51
able to bring them the relief that they they need while the breach is going down or at least immediately after it's happened. Otherwise they are they're actually going to be psychologically damaged in a way that may, trauma does
Peter
0:12:15
not auto resolve, trauma generally needs some form of intervention to clear it Miller showed that. So when he took his protocol into the US military in 2004 with veterans from Iraq and Afghanistan were returning from quite you know, how would
Peter
0:12:30
you describe a war zone in those cases? I mean something that is I think that this figure is roughly around one So clearly, you're taking this fragile neurology into a situation that is completely jarring to it and unless you work with the trauma, then you are going to end up with serious pathologies there.
Peter
0:12:45
So Richard's technique was able to restore people at the highest level of trauma down to subclinical levels within about a month, which is phenomenal. And so during COVID, I learned I became a facilitator, I became a level two facilitator and began to introduce this protocol into cyber security, but with Richard's guidance and help and support, and I work directly with him now, he's actually one of our directors in the US on cybermines.
Peter
0:13:22
Richard has been very generous and has enabled us to customize the protocol into the, with the language and the culture of cyber security, so that the advantage of that is that when we're coming in, it's coming in, that the
Peter
0:13:53
programs we run are very much peer maybe adjacent professions within IT or wherever, are all feeling like we understand them. And so you don't have the stigma, the traditional stigma, with other forms of mental health care support. Instead, it's like talking to like,
Peter
0:13:58
well, our facilitators are given induction through cyber security and so as a result we get very high levels of engagement and as a result we're able to get good results because it's something people want to do because they feel, definitely they feel immediate positive effects but they also see that we are like them, we are cyber professionals and we've done the work to optimize our own minds as it were and now we're helping them as well. So that's sort of very high level what we're doing. In terms of the protocol itself, as I said, it's a progressive set
Peter
0:14:38
of relaxation exercises as a guided practice. So we do it with live with our groups. We also provide recordings to the groups that we've worked with so they can go on and become independent practitioners. We have micro practices that they can use opportunistically, but we've also got a very strategic approach around prevention. So the end result of all this is teams that are performing better, that are happier, have increased morale.
Peter
0:15:09
We're helping the leaders directly because often it's the leaders that are coming to us themselves, they are sometimes facing the greatest stresses. It's very lonely to be a CISO. Any kind of leadership role, I know that from my own leadership career, they say it's lonely at the top, it definitely is. And I think this sense of isolation and being at the pointy end of things is very taxing and so we work with the leaders and their teams and I think it's very powerful when the team see the leaders showing some vulnerability, we realize that we're all human
Peter
0:15:49
but that is actually the leaders are the greatest role models to bring in and show when they are prepared to do the work on themselves and get themselves healthy again, then that's a great incentive for the team to follow suit. So that's really the vision here, Ganesh, is we're sort of imagining and creating a world I believe where resilience, human resilience at the neurological level becomes a key tool in the toolkit of cyber defenders alongside technology solutions and training programs around end-user behavioral change, which is also important.
Peter
0:16:30
But unless the defenders are themselves resilient, then I think the organization remains at risk. And I think in many cases, we want to change the narrative around this away from wellness, which is important, but really into the language of risk reduction. Because ultimately, when an organization commits to resourcing programs like this, they need to find the resources to fund this work, but the ROI is massive because you're now having less churn, skills loss due to burnout, you're losing less corporate memory around, you know,
Peter
0:17:09
how the systems are all operating, that people leave, a lot of the stuff isn't documented and so you add all that up, you don't have the cost of rehiring, recruitment costs and of course you've got a cohesive team that is performing at peak, all those things go to reduce the risk posture of the organization. So it's a very worthwhile investment even from a risk standpoint.
Ganesh
0:17:33
Yeah, I love the way you can tie that back to an actual solid investment for the company and you know information loss is very very real I've seen that and been part of that and I the technique itself it sounds unbelievably fascinating because you know we don't have a great
Ganesh
0:18:13
way of getting rid of trauma as humans you know I'm sure everybody's away and then it deals with its caution, it shakes it all out. And it's kind of, it's over that moment, you know, it's wrapped, it runs it out, but we don't do that, we store that. And the, I definitely went the slow path, I definitely didn't get the speed
Ganesh
0:18:20
of your protocol. I wish I'd have known about it when I was in my depths, because the speed of that sounds, you know, frighteningly successful or astoundingly successful, not frighteningly successful. And everything you've said, I completely, I had to stop myself interrupting the whole time, but you know, when I had my burnout at work and I announced it and I was very open about it, I then had multiple people come up to me quietly and say, I'm so glad that you came out and said that, and I know, you know, came to me and said I had a
Ganesh
0:18:55
burnout and this, that and the other, and I said, well why didn't you come out and say something, and then there's this shame around it for some reason, as if you're supposed to be, you know, a cyber security professionals and to the listener that might be thinking I'm in tech but I'm not a cyber security professional or I'm the project manager and that's quite stressful or I'm a whatever else and that's also quite stressful. Why
Peter
0:19:32
particularly do you zone in on cyber security professionals? Well there's a couple of reasons and I have to hasten to add that we do not restrict our programs to cyber people only. So if you're one of those other people that you mentioned they are welcome to join the programs
Peter
0:20:07
as well but for cyber it's because I have a background in cyber myself so authentically we can come in with the Secondly, I think from an organizational standpoint, cyber defenders are probably the least understood people in organizations sometimes. The work they do is often invisible and so there are actually factors that we've
Peter
0:20:21
identified that are unique to cyber security in combination. We've measured, we're doing research in Australia and elsewhere, pioneering research in this area that is showing that cyber security teams are burning out faster than frontline healthcare professionals. And I can talk about how that's, and that's after a pandemic. So I guess when you add all those things up, and also just allied to that, they say it's the only job in IT where somebody somewhere 24-7, 365 is looking to ruin your day. You can't think of many other roles other than active combat service people where someone
Peter
0:21:02
is actually, you're there to do your job and you've got people that are trying to break you and break everything that you stand for. Can you think of any other profession if you're a school teacher or healthcare professional? I mean people understand you're doing your best, no one's out to try and break you.
Ganesh
0:21:21
Yeah, you are on the front line in the cyber warfare and it's one of those jobs, I mean a lot of jobs in cyber you could argue this, but specifically on the security one, if you precision perfect, you will be invisible. You know, if 100% of your work is spot on, nobody knows you exist. And it's the 1% that ends you up on the front page
Ganesh
0:21:47
of the news because you, somebody found a way into your system and they stole the bank cards or ransomware happened or whatever. It's stressful. And I actually, some people are just naturally built for it. No question about it.
Ganesh
0:22:02
I met Greg Notch, who's a CISO of a company called XSpell, and they are a managed detection response company for other companies. So he's got all the pressure of all of the CISOs on his shoulders. Every single client they sign, he has the weight of all those. And we did a nice podcast episode, but afterwards, privately, I was like, how do you cope under that much pressure? Because you have like 10x pressure or even 50x pressure. Because if your platform goes wrong, you're going to lose all those
Ganesh
0:22:42
customers because you can't, you know, if you have a breach, that's it, it's game over, no one's going to trust you anymore. And it didn't have a totally straight answer, which makes me believe he was just one of those people who's built for it. He said, you just have to move past that, you know, you just have to move past that.
Ganesh
0:22:57
And but for those people who can't just move past that and they take it to sleep, you know, and I'm definitely one of those people who takes problems to bed all the time and stuff like that. I feel like we need these toolkits and what I also feel rightly or wrongly could just be my opinion it's ever so
Ganesh
0:23:19
slightly woo and cyber is not the most woo place you know if you if you were to map atheists against job professions I'm sure there would be a high correlation between atheists and people working in tech and then particularly there's a lot of men in tech that's no great secret you know there's a known problem in the industry, and men are definitely the less woo, and the, any sort of, you know, meditation or self-work, all these kind of things,
Peter
0:23:51
I, maybe rightly or wrongly, I don't buy it. I mean the programs we use are all scientifically based. There's actually I think 25 or 30 studies now that show that you can map on MRI scans even the changes in brain development as a result of these processes. I think we're way beyond that point. I do believe that was the case probably 20 years ago, but certainly since I've been actively sort of bringing it into this area. I've spoken with neuroscientists in America, Dr. Sara Lazar out of MIT and Massachusetts General Hospital at Harvard actually had done
Peter
0:24:38
the pioneering research that had shown that some of these techniques can bring about neuroplastic changes in the brain. In other words, development of new areas of capability that you can see on MRI scans within 8 weeks of regular practice. So there's nothing woo about this. Anyone that believes that needs to go to some reading and understand that these techniques haven't survived for thousands of years for no reason. They've survived for thousands of years because they work.
Peter
0:25:08
Just like running or going to a gym makes you fit. It's a form of brain fitness that is measurable, it's repeatable, and in its absence of course you are going to find the normal processes of degradation occurring because if you put any biological system, whether it's an amoeba or a bacterium or a small animal or a plant or a human in a situation where their available resources are not sufficient to meet the demand on them, whether it be biologically or in this case neurologically, then that's actually the definition of stress.
Peter
0:25:47
And anything will break under sustainment and that effectively is what we talk about when we talk about burnout. As to the first point about these people that you meet that claim not to feel stress, I do think we have to be a little bit cautious about that. At one level it's certainly true that there are both genetic and behavioural differences in the way that we respond to stress.
Peter
0:26:15
At some level stress can be very motivating. We call that eustress, positive stress, but then there's distress which is stress that degrades your ability to perform. So, while there may be genetic and behavioral people who are stronger in these kind of situations, we have to be careful because some people are also really good at sublimating stress and they don't show it outwardly, but they may be actually taking it in at levels they
Peter
0:26:46
don't even understand and that in the long term, because in effect they're in a form of denial, or they may be using alcohol or substances or any other unhelpful behaviors to manage the stress, to control it. So outwardly it may seem like they're doing okay, but you never know what's going on beneath the surface, which is why the protocol is so fascinating, because for the first time you get to have a look at what's under the hood, to use the American expression. You see what's happening beneath the surface that you may
Peter
0:27:16
not even be aware of, and you've got the opportunity to clear it out, to actually do the work, to process it, or as Richard Miller says, to metabolize unprocessed forces that are operating in the subconscious. And the result of that is even, I mean, I would, I would posit that you could take the most, let's call them stress-resistant person in the world, they would still benefit from this program. If for no other reason, you get a much better understanding of yourself. And so typically when you emerge from the program, you are clearer, you're calmer, your sleep improves. We see that within days of
Peter
0:27:55
commencement. You have a more positive outlook on life. You're more able to effectively, not necessarily shut off that negative voice in your head, but you're able to step away from it and see it for what it is, and it's not who you are. Your negative beliefs are not who you are. Your negative emotions, your anxiety, your fear are not who you are. Who are you? You're actually that aspect of self that is aware of all these things and observes it. And so we teach them how to ground back into that sense of just an observer state where you can see the wood for the trees.
Peter
0:28:30
And from that, you're able to restore. And that's why we call it integrative restoration. We're integrating all of these unprocessed forces that, as I said, could be there from childhood. Even beliefs like, I'm not good enough. Could be a child, I had that belief from childhood.
Peter
0:28:47
Firstborn child wanting to impress my parents, or my teachers, and somewhere along the line someone said I need to try harder. I took that on board with my infantile or my juvenile brain and formed a belief around that that I wasn't good enough. And that is so common, particularly amongst high achievers. Very very common that we have this or the imposter syndrome is a sort of beliefs that are driving us and sometimes they're
Peter
0:29:17
not relevant anymore. I mean I know I am good enough, why is that belief still there sometimes that I want recognition? I'm not talking about me personally anymore so much, that was certainly the case for a while, but I mean you see it on LinkedIn. People are saying, I'm so proud to have received this new certification, so grateful to be speaking at this event. Right, what are they really saying? That I'm important, that I still matter.
Peter
0:29:49
And in this age of AI, the greatest challenge facing humanity, according to Yuval Harari, is the loss of relevance. And so you see it playing out, it's the ego function playing out, I still matter. So these are belief systems that are being challenged every time we go into a breach situation, every time we go into a high stress situation. It's like, what part of us, is there a part of us that is free of all this? This sort of narrative, this limiting narrative? And the answer is yes, but how do we find that? And that's what the protocol is sort of optimized for, is to show you that there is this center of resilience.
Peter
0:30:29
We call it an inner locus of control. Always fine. Always clear. Always in joy, in its joy. It's a joyful state, because when you look at kids, I don't know if you've got kids, Ganesh, if you see young children playing, look at the freedom, the spontaneous joy.
Peter
0:30:52
We all had that. What happened to us? How do we lose that? Is it possible that we can track back and
Ganesh
0:31:09
reopen and re-access this spontaneous state of just being? And you even only based on scientific evidence MRI scans you know the it's a bullet proof history that this program has essentially and I think is very exciting good to know a couple of things what if a company wants to take this on and from there I hope that you increase greatly in the number of companies that do want to take it on because
Ganesh
0:31:48
well I saw a funny video on LinkedIn literally yesterday it was for A6 trainers but it was about how your desk is killing you and you need to get away from your desk and it had the free bowl of fruit and the guy says free fruit? Fuck the fruit! I just thought there is so many companies and this mental health care is not giving you a bowl of fruit yeah at a
Ganesh
0:32:19
ping-pong table. So there's lip service to it but actually this is the real thing that people ought to be doing inside their companies. So what's the what do they and I don't mean
Peter
0:32:26
Sorry, finish the question.
Ganesh
0:32:30
Well, I was going to say what's the pushback from organizations? So, you know, I imagine lots of these guys have got lots of money, they're tech companies, probably money is not such an issue, but taking them out to go and do this, you know, maybe you need a few days off site or a week off site, and then what other pushbacks do you get from them?
Peter
0:32:48
Well, the first thing is they don't need to go off-site because we can deliver remotely. In our most intensive program, which we call Rapid Reset, which is our trauma support program, which is designed for teams under active breach or have recently experienced a major cyber incident, the commitment is two one-hour sessions a week delivered remotely. So we can schedule around their availability. So that hasn't ever been an issue for us.
Peter
0:33:19
We've got other programs who are the commitments one hour a week. And then of course, once they've done the initial training and they're shown how to use the technique, then they're given access to the recordings where they practice in their own time. So there's no impasse on the organization at that level. There is a cost involved obviously because we need to pay our facilitators and the money
Peter
0:33:43
is going to building our capabilities so that we can alleviate more and more suffering. But really, I think the impediments that we see, to be fair, are actually not coming from within the cyber security community or within the cyber security divisions of companies that tends to come out of the traditional areas of HR and people and culture because we're not of HR and people and culture, we're of cyber security, but we're coming in with a mental health intervention which is military proven and evidence-based and we rock up with cyber minds and the CISOs wanting to do the program.
Peter
0:34:23
from the HR saying, well, this is our domain, right? This is not something we thought of, and therefore there is some resistance there. Having said that, we have worked with major companies where the HR have actually come in and done the training with us.
Peter
0:34:41
And once they see it, they realize that this is an adjunct, an amplifier of the work that they're already doing. But typically, HR or the people in culture teams will be working on things like wellness programs, which are of greater or lesser effect. Clearly in cyber they can't be working that well for the burnout that we're seeing.
Peter
0:35:05
And secondly, they bring an EAP or an employee assistance program, which generally is too late for the individual once they get to that point and there is definitely a stigma attached around accessing that. So I think the way to view our programs is that ours are largely preventative. It's better to build the resilience before you need it. My teacher, my meditation teacher used to say, it's too late to dig the well when the
Peter
0:35:32
house is already on fire. So I think prevention is always going to be preferred but having said that, you don't always have the luxury of that. At the very least, you need to be providing support in teams that are already highly stressed. We can measure where they are on the burnout trajectory. So we do metrics.
Peter
0:35:53
All our programs involve pre and post metrics which we provide as aggregate reports to the organization. So not only are our programs scientifically based, but they're also measurable, so you can actually show the net improvement in our case across 22 metrics. We've created this thing called the Cyberminds Resilience Index, which is an amalgam of 22 metrics of psychological wellbeing and resilience, including sleep. And so we can actually show exactly
Peter
0:36:24
where the team sits. So I think really the message is that resistance is really just a product of habit and a product of institutionalized resistance and silos within organizations. We are now in 2024, we're facing probably the most pernicious state within cyber security that we've that I've witnessed in 25 years in terms of the scale of attack, the intensity of the attack, the frequency of
Peter
0:37:06
the attack, the sophistication of the attacks that are occurring now are not like anything we've seen before. I think anyone in cyber would admit to that. You can't go to a conference these days and it's more of the same and even that
Peter
0:37:31
I think things are the worst they've feels like that and so whatever we've been doing in the past is clearly not working. We cannot afford to lose a single person out of cyber security let alone CISOs and several
Peter
0:37:43
members. I know a guy I met a CISO in Europe earlier this year that had been through a major insider attack that took four months to resolve and at the end of Wow. And it probably left the organization still carrying unresolved trauma.
Peter
0:37:45
I mean, that's indefensible, Ganesh. There is no justification for exposing people to that. And in Australia, at least, I can say, more and more we're starting to see regulation around psychosocial workplace risk and we would argue that cyber security is inherently a risky from a psychosocial standpoint in terms of the
Peter
0:38:14
psychological damage that you can experience just doing your job. You
Ganesh
0:38:25
know we need to be supporting our people. Find the resources because I'll tell you it's a lot it's going to be a lot more cost-effective to save your end of the day and I still see I feel like the biggest barrier is gonna be getting
Ganesh
0:38:44
company, I don't think the employees are gonna say no to free resilience training you know, they'd be just as that they're just not going to but companies willing to sort of buy on board and then take the program somehow is the
Ganesh
0:38:54
that but people are just I wouldn't say happy to let them go but they're just sort of through naivety just happy to let people crash into the wall as if there's this never-ending supply of resilient tech people to replace them it's just not the case so the work is clearly needed. And I really hope that we, you know, I will hope cyber minds becomes a household name, you know, across every country that you launch yourself in. And I can't see that people don't wouldn't be interested in it. I mean, I could
Ganesh
0:39:28
immediately think of a wide network that I'm connected to that once we make this episode, we put it out, I'll say, Hey, you want to listen to this, I would hope it would automatically lead to some business for Cyberminds. It's totally an awesome project. Anything else you would like to unpack before we get into the, just little bits about yourself?
Peter
0:39:53
I think the message that I would like to leave is, it doesn't have to be like this. Your mental health need not be the price of your career choice in cyber security. Young people coming into cyber security, there are three major diversity groups that we are actively recruiting to come into cyber. Women, for the reasons you mentioned before, critically important to be able to bring the feminine mind, the feminine viewpoint, the feminine perspective, which is something we've neglected for so long and women have such a different lens on things sometimes and I think given the nature of the battle that we're facing now, we need as many different ways of looking
Peter
0:40:39
at the problem as we can. So there's the sort of gender push around diversity. Secondly we've got the Gen Z or for the American listeners, the Gen Z contingent that we're seeking to attract in. Typically, those are born from, I can't remember the year now, but I think roughly within cyber we'd be looking at people between the ages of 18 and 26 as prospects that we'd be wanting
Peter
0:41:08
to bring in. Now, did you know 60% of Gen Z kids are carrying a diagnosable anxiety disorder. Wow. And that's due to things like social media, fear of the future, financial insecurity. There's studies on this now that we've referred to. So if
Peter
0:41:41
you're a CISO recruiting young people, you've got to be aware that they're coming in already with some anxiety even before they start the job. And the other So if you expose someone whose brain is not fully developed, that may be already carrying an anxiety disorder into a high stress occupation without support, then you may be effectively
Peter
0:41:54
impeding the development of their brain and damaging them for life. It's not because you need to be doing that, it's because we just don't know one up to now has been bringing neuroscience into cyber security as we are now to point these things out. So does that mean we don't recruit young people? Absolutely not. We need them. They're the next generation.
Peter
0:42:17
What we need is to firstly understand where they're coming from as they come in, to give them the prevention, the preventative skills so that they've got the capacity to build resilience even as they're learning cybersecurity. And then the other major diversity group are the neurodivergent, you know, the people on autism spectrum and other aspects of neurodivergence, who are also amazing in cybersecurity because for the same reasons the other groups see things differently, may have the ability for hyper focus or other capabilities that
Peter
0:42:54
so-called normal people don't have. It turns out that the neurodivergent also have a higher propensity to burnout than the general population. So if you've got your three major diversity groups that we're actively recruiting to come in, all at a greater level of susceptibility to burnout than the average person and cybersecurity itself is inherently a psychosocial risk environment, then we would argue that there is a duty of care for organizations, a moral and ethical
Peter
0:43:28
obligation to ensure that we are supporting and protecting and helping those people to come in. Otherwise, it's like we're leading them over the precipice. Come in, come and have a career in cyber security. By the way, you know, this could damage your relationships, you end up with a
Peter
0:43:57
substance abuse, substance issue and you
Ganesh
0:44:02
know, you're not going to sleep for a few years and you may end up with some trauma. I mean, it's not exactly a thing that you're going to it? Definitely not and you know I kind of see a little bit as just a
Ganesh
0:44:19
maturity of the field and you know I'm sure for many years people building bridges used to have things land on their head and lose toes before they you know mandated that you had to wear a hard hat and you had to wear steel toe cap
Ganesh
0:44:28
long time to grow into their problems. Everything happened very quickly in the world of cyber security and tech, you know, you can argue it only really started with the internet when people could start connecting to each other. And really, where things are ramping up and changing so immensely quickly that we haven't caught up pace so that, you know, the health and safety hasn't caught up yet to where we are.
Ganesh
0:44:55
And that's essentially what needs to happen. And super fascinating to think about younger generations coming in and the responsibility of companies because it's not something that even crossed my mind. And I wonder if it ever crosses most people's minds. Probably not, to be honest. So yeah, really, really appreciate you highlighting that. And it's, yeah, I could definitely sit and talk to you for a solid another hour,
Ganesh
0:45:24
but unfortunately we can't do that. You've been kind enough to give us this slot. We have the DeLorean question, which we like to ask every guest, and I definitely want to fit it in with you, which is if you could go back in time and give yourself one piece or more of professional advice, what would it be?
Peter
0:45:43
Trust my own judgment. I think sometimes you have doubt, but I think there's a part of us that knows. I think to trust my intuition, if I'd started doing that at an earlier age, I probably would have made better decisions along the way, probably avoided a few unnecessary roadblocks, speed bumps. I think we all have the capability, what I've learned through my own personal practice is that we have access to a sense of knowing of things beyond what the cognitive mind is
Peter
0:46:19
aware of. And I think there's even some neuroscience on this, that we are taking in much more information from the environment all the time that we're actually able to effectively process. So where is that information going? It's somewhere in there. I mean memories are all there somewhere. All this sort of this is vast. I think Einstein, whether it's correctly attributed to him or not and whether it's even accurate, said something like we only use 10% of our
Peter
0:46:47
brain. What would it be like if we're able to access more of our own intelligence? And I think for me, intuition is the great secret, it's the great hack, it's the ultimate
3
0:47:00
hack.
Peter
0:47:01
They do say, actually, that in professions where it's rapidly changing, like the decision-making data points, are so dynamic. And I think technology is one, probably cyber security would be right at the forefront there. We tend to rely more on intuition than we do on information. In rapid decision-making circumstances, we're going with gut feel. I mean, I'd say the best of the red team is incident responders, SOC team, analysts, any
Peter
0:47:33
of those people that are performing at peak would be probably tapping into some other attribute of knowledge beyond what the actual data is showing them. And we could call that just simply experience, is another way of saying it. But I think there is some capability that I would love to explore deeper around this whole thing of how do we become much more intuitive. And someone even said to me once that the thinking mind should be the servant of the intuition and not the other way around. If you were really tuned in to life, you would be functioning much more on intuitive knowledge
Peter
0:48:14
than information-based knowledge, because information-based knowledge is necessarily imperfect. It's only as good as your capacity to identify, absorb and process the information and interpret it. I mean, you know, as humans, that's a pretty deeply flawed process. So I think information-based knowledge is one form of knowledge, but I think intuitive knowledge is fascinating for me. And I mean, Cyberminds arose for me as an intuition.
Peter
0:48:47
It came to me as an intuitive insight and inspiration way before it became, you know, then it percolated down into my intellectual mind that assessed it and thought actually that could work. It's interesting, isn't it? Some of our best decisions, or even the decision to make, I don't know, you might not agree with it, but to choose a life partner. I mean a lot of it's based on signals that are not cognitive.
Peter
0:49:13
It's more on the feel of things. I mean this is definitely starting to sound woo-woo, but I think you could talk to many leaders who will tell you that their intuition has saved them more often than it's
Ganesh
0:49:26
betrayed them. Yeah, I think going back to even you mentioned Einstein, Einstein and Tesla and a bunch of these geniuses, they always said they weren't their ideas, you know, that things just came to them. They didn't, they weren't sitting studiously with their conscious mind, it was their subconscious, unconscious or something else that was gifting them these ideas and this brilliance. And yeah, if we could all tap into that, that would be a totally wonderful place to be and
Ganesh
0:49:58
how much humanity would step forward if we were in that space but maybe we fell off the woo-woo cliff towards the end there but it's you definitely you're definitely preaching to the choir on that
Peter
0:50:23
one so you have my back. Peter it's been totally awesome talking to you can't thank you enough for coming on genuinely looking forward to the
Ganesh
0:50:26
Any closing words from yourself?
Peter
0:50:29
If you are in cyber security and you're starting to question your own reason for being in the role, if you feel like you're fighting an unwinnable battle, if you feel under-recognized or unrecognized, if you feel that the stresses are just getting too much, take a moment, step back, tap into some part of you that brought you into the role in the
Peter
0:50:55
first place, that sense of mission and purpose, and understand that these roles are so critically important now. It's not a matter of bailing out or changing roles or doing something different. I think it's a matter of if you're really committed to this mission that we are all on in cyber security, which is to serve society through the work we do, protecting humanity against these bad actors, then let's work together as a community to support and recognize each other,
Peter
0:51:27
and then as organizations to support and recognize and nurture the talent that is so precious and we don't want to lose. So hang in there, take proactive steps. Don't just wait for the situation to improve, take positive steps for yourself, for your team, so that we can all remain passionate and even joyful in the work that we do. Life's too short to be suffering and we don't have to, suffering is not necessary, suffering is optional, pain may be unavoidable,
Peter
0:52:07
but suffering is definitely optional.
Ganesh
0:52:09
That has to be the most seminal sign out of any guest we've ever had, Peter, so, totally awesome, thank you for that. Genuinely great, thank you, genuinely from my heart for the work that you're doing, not for coming on the show,
Ganesh
0:52:25
but for what you're actually doing. It's truly great stuff. This episode was produced and edited by Daniel Ohana and Tom O'Morvinson, sound editing and mix by Bren Russell. I'm Ganesh The Awesome. And if you're ready to deep dive
Ganesh
0:52:38
and start transforming the way you approach cloud practices and cybersecurity strategies, then the team and myself at GlobalDots are at your disposal. We are cloud innovation hunters and we search the globe looking for the future tech
Ganesh
0:52:51
solutions so we can bring them to you. We've been doing it for over 20 years it's what we do and if I don't say so myself we do pretty well. So have a word with the experts, don't be shy and remember that conversations are always with the experts, don't be shy and remember that conversations are always for free.