System restore: How stressed security bosses unwind from the daily grind
Nothing will take your mind off work like reading about humanity’s possible extinction.
Just ask Jim Motes. As the chief information security officer for video game retailer GameStop, Motes spends most of his daylight hours thinking about new security training techniques, which emerging technologies offer the best return on investment and how to automate as many tasks as possible.
When it’s time to decompress after a long day, though, Motes chills out by reading books like “Our Final Invention.” The nonfiction book by James Barrat examines quantum computing, artificial intelligence and the possible implications for mankind should the singularity become a reality.
“The assessment is that if a quantum computer becomes sentient, it would take about 30 days before it decided it didn’t need humans anymore,” Motes said. “It’s interesting, but maybe I’m weird.”
Not weird at all. Cybersecurity professionals are saddled with stress, thanks to a desperate shortage of qualified job candidates, tight budgets, long days and a never-ending arms race against cybercriminals and nation-state hackers intent on ruining their business. It’s enough for 68 percent of practitioners to agree that a career in security “can be taxing on the balance between one’s professional and personal life,” according to a 2017 study from Enterprise Strategy Group and the Information Systems Security Association.
“Infosec can be very pessimistic in that we’re always looking for what’s wrong with things,” said Jeremiah Grossman, CEO of the data management firm Bit Discovery. “We have to be that way to do our jobs. Friends and family will tell us, ‘We love you,’ and it can be hard not to be like, ‘What’s your angle?’”
In an effort to understand how cyber pros how they alleviate some of that stress, CyberScoop asked a handful of information security veterans how they unwind.
Jim Motes, CISO at GameStop
Along with reading up to four books at a time (Noam Chomsky is another favorite), Motes spends much of his free time restoring a 1948 Lincoln Convertible. The plan is to enter the classic car in the Great Race, a nine day, 2,300-mile journey for drivers who want to drive their refurbished cruisers from Riverside, Calif. north to Tacoma, Wash.
“It’s really based on timing and whether your car can go something like 120 miles everyday, and if you can make your time slots,” he said.
Marzena Fuller, Chief Security Officer at SignalFx
During the week, Fuller dedicates her energy toward building a cybersecurity roadmap for SignalFx, a San Mateo-based cloud analytics startup. The work involves protecting information of the firm’s roughly 250 employees and participating in sales calls with prospective partners.
But on the weekends, there’s no computer screen in sight. Fuller dedicates at least one day each weekend, usually Sunday, to exploring a new hike somewhere in the area with her family. That could mean getting up early to walk through one of the area’s many parks, or ditching the hiking boots and going on an “urban bike ride” through a new area of San Francisco, she said.
“We’re lucky to live in the Bay Area,” she said.
For a less rigorous hobby, Fuller keeps up with recent books about Ruth Bader Ginsburg, Condoleezza Rice and management-focused titles like “From Good to Great: Why Some Companies Make the Leap and Others Don’t,” by James C. Collins.
Gene Zafrin, Head of Information Security at Oscar Insurance
Russian literature helps Gene Zafrin forget hackers. Oscar’s security boss, who oversees a security team of six employees and counting, trades his computer for classic novels by Fyodor Dostoevsky, Leo Tolstoy or poetry by Alexander Pushkin.
While he’s not catching up on the canon, Zafrin says he’s traveling the world. Globe-trotting to destinations like China and the Mediterranean region provides an escape, but Zafrin says it’s also a relief to help friends and co-workers plan their own adventures.
“I often go to Italy, specifically to Rome, where I lived for six years,” he said. “Recently a colleague told me she’s going to Rome for the first time for Martin Luther King Day and I recommended Casa Bleve. It used to be a restaurant in an old Jewish ghetto and they’ve moved it to a more central location.”
“They have the second-largest wine collection in the world,” he said. “I couldn’t recommend it high enough.”
Edna Conway, Chief Security Officer of the Global Value Chain at Cisco
For Edna Conway, security isn’t a stressful business. The 12+ hour days might seem long, but she says the work remains manageable thanks to lessons Conway says her Italian mother passed down about cooking. Every dish is cooked in a step-by-step process in which all the ingredients should blend together in a specific way.
The same mentality applies to securing corporate networks, Conway says.
“Some of us see the richness of life in 360 degrees and understand it’s beautiful, not complex,” she said. “Lasagna might seem complicated, but it’s really not. You need to have the sauce and the noodles, but a lot of the flavor is in the cheese. That’s what holds everything together.”
Now, Conway finds solace in trying dishes like a meatball with mozzarella on semolina bread.
“I love food,” she said, laughing.
Jeremiah Grossman, CEO of Bit Discovery
There’s not enough time to think about hackers when someone is trying to break your arm, Grossman says. For much of his two decades in the security industry, Grossman has trained in mixed martial arts, like Brazilian Jiu-Jitsu. This style involves grappling against an opponent on the ground, and the first person to tap out loses.
“It’s really like human chess,” he said. “It appeals to the hacker or geek mindset because your size doesn’t matter, but you can always win.”
It’s a sport anyone can try regardless of their age or physical condition, Grossman says. Maybe that’s why dozens of security pros sign up for his annual contest in Las Vegas during the week of the Black Hat and DEF CON security conferences. At last year’s event, former UFC pros Forrest Griffin and Frank Mir sparred with 50 people from the infosec community, Grossman said.
“When I’m on the mat and there’s somebody trying to choke me unconscious, I only have time to think about that one thing,” he said. “I don’t have time to think about work. It’s fun, but it’s also an amazing escape that’s really productive.”