At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Gemma Gilderdale, Head of People at Pentest People, spoke to the Gurus about Pentest People’s innovative wellbeing support, the future of cybersecurity, and why nurturing new talent is key.
Many organisation’s view wellbeing as a tick-box exercise at most, if specifically considered at all. Budgets are tight, resources are stretched, so naturally wellbeing (often deemed a ‘luxury’) is pushed down the pecking order of priorities – for better or worse. However, for Pentest People wellbeing initiatives are seen as a vital part of their work culture. According to Gilderdale: “Proactively prioritising the wellbeing of our staff and creating a healthy and happy team is essential for achieving success in the cybersecurity industry.”
Putting People First
The Pentest People wellbeing initiative heavily focuses on people. They truly put people first. For employees, free gym memberships are available to support physical and mental health. Cybersecurity is often deemed a thankless industry, with little thought spared for the people who keep us all safe until it’s too late and an incident happens. At Pentest People, recognising talent and thanking staff is ingrained in the culture, from the top down.
“Recognising and rewarding our team’s hard work and dedication is another key aspect of our approach to employee well-being. Based on feedback from our staff, we have implemented initiatives to acknowledge and celebrate their achievements more frequently. This not only boosts morale but also reinforces a culture of appreciation and recognition within the company.”
But Pentest People are open to changing their policies for the better, if necessary. Gilderdale explains: “We’ve also collaborated with Investors in People which has provided us with valuable insights, highlighting areas for improvement and affirming our strengths in supporting employee wellbeing. Regular one-on-one sessions have also played a crucial role in fostering stronger connections and open communication among our team members.”
Investors in People is a standard for people management. They offer accreditation to organisations who fulfil various requirements and show active commitment to bettering the workplace.
Mindfully Curating The Workspace
Pentest People’s commitment to wellbeing extends to the workspace – physical and digital. As Gilderdale explains: “We understand the importance of a positive and interactive work environment. That’s why we have implemented an ‘open dog policy’ to create a friendly and welcoming atmosphere. This policy not only allows for a more relaxed and enjoyable workspace but also helps to reduce stress levels and foster a sense of community among our team members.”
When it comes to working with a remote team, Gilderdale adds: “As our business continues to grow, we recognise the importance of maintaining transparent communication and unity, especially in a digitally connected world where a significant portion of our team works remotely. To bridge the geographical gap and bring our teams together, we host an annual conference at our head office. This event covers all travel and accommodation expenses for every team member, allowing them to participate in talks, celebrate achievements, and honour exceptional growth, passion, and dedication. Thanks to valuable feedback, we’ve expanded this conference into a biannual event, which now includes dedicated training days.”
What’s more, this passion extends to finding new talent. Gilderdale continues: “We’re passionate about nurturing cybersecurity expertise and supporting new talent in the field. Our team actively collaborates with local colleges and universities to provide opportunities for aspiring cybersecurity professionals. This includes engaging workshops, presentations, and a dedicated apprenticeship scheme. These initiatives empower people, not just our staff, with practical skills in areas such as ethical hacking, penetration testing, network security, and risk assessment.”
On The Burnout Crisis
The conversation around burnout in cybersecurity is ongoing, with no one quick and easy fix. What Gilderdale recognises is that when it comes to cybercriminal tactics, the human element of cybersecurity is often exploited. They know that security staff are stressed, overworked, and overwhelmed. She says it’s time for leaders to “acknowledge the industry’s skills gap, but we must also recognise that investing more time and resources is crucial in building a larger workforce capable of combating cybercrime on a massive scale, rather than relying on a few individuals who risk burnout. Equally important is ensuring that our teams receive proper training to feel fully equipped with the skills required to tackle the challenges ahead.”
So how can organisation’s support their staff effectively? Gemma’s advice is to be proactive, allow professionals to share or outsource less critical tasks, and implement proper structured break schedules and shift patterns. Evidently, balance is key.
Gilderdale also says a strong security posture is important when it comes to taking the strain away from employees: “The constant state of alertness that comes with cybersecurity work can take a toll on mental well-being. To counteract this, creating a comprehensive security plan is crucial. Such a plan offers a clear and concise roadmap for safeguarding data and systems. It not only helps streamline operations but also provides a sense of direction and purpose, which can be invaluable in preventing burnout.”
The Future of Cybersecurity?
In times of crisis, we must change, adapt and evolve. All cybersecurity professionals know that we must stay one step ahead of cybercriminals, but what about the burnout crisis? Gemma notes: “If nothing changes, the future looks concerning. The relentless pace and high-stakes nature of cyber defence work can lead to severe consequences for both individuals and organisations.”
“Burnout leads to decreased cognitive function, reduced attention to detail, and increased likelihood of mistakes. This translates to a decrease in the overall effectiveness of cybersecurity efforts. Critical vulnerabilities may go unnoticed, and response times to incidents may be compromised.”
Pertaining to her earlier point about the importance of personnel, Gilderdale expresses concern when it comes to talent retention.
“Constant burnout can result in high turnover rates within the industry. Cybersecurity professionals, feeling overwhelmed and undervalued, may seek less demanding roles or leave the field altogether. This will exacerbate the existing skills gap and make it even harder for organisations to find and retain qualified talent.”
Evidently, the ‘People’ of Pentest People are highly valued and prioritised by leaders, for longevity and a securer future for all.
Do you know an organisation that’s doing incredible things for employee wellbeing? Email us at [email protected].