This article is more than 1 year old
Stress, bad workplace cultures are still driving security folk to drink
Self-medicating with booze is no answer, hackers warned at conference
Black Hat In a personal and powerful presentation, a computer security veteran has warned that too many infosec bods are fighting a losing battle with the bottle.
Jamie Tomasello, senior manager of security operations at Duo Security, has 17 years of experience in the industry, and has been sober for the past six. While the causes of alcoholism are down to many factors, including genetics, practices within the security industry make it a lot harder to deal with dangerous levels of addiction, and it stops people from speaking out.
“Even after 17 years, I’m more afraid of disclosing I’m a recovering alcoholic than any vulnerability I’ve found in code,” Tomasello told this year's Black Hat USA attendees in Las Vegas on Wednesday. “Our work environments work against us and we push ourselves to run on empty far more than we should.”
A key factor is stress. Security professionals often work long hours, have to be instantly on call for emergencies, and the consequences of messing up on the job can be massive. When humans get stressed, the brain floods with cortisol, increasing the heart rate and blood pressure, triggering sweating and increasing breathing. This “fight or flight” reaction is a product of our evolution, and is an essential survival tool.
However, being stressed repeatedly does change the brain’s chemistry somewhat, and it’s found that chronic drinkers also display very high levels of cortisol. There is a clear relationship here, with stress helping to form addictive behaviors, Tomasello warned, and encouraging damaging levels of addiction to take root.
Workplace culture also doesn’t help. Many offices have beer on tap, wine in the fridge, and hard liquor on the shelves as a perk for employees, and that increases the temptation to problem-drink. Many company events are also either held in bars, or stocked with copious amounts of booze.
There’s also the social stigma, and a lack of understanding: some people can manage their drink, and yet are unable to manage those who can't. Tomasello recounted how one boss, who knew of her condition, would still encourage her to sink a tipple with the team.
IT staffers on ragged edge of burnout and cynicismREAD MORE
“We don’t tell people with diabetes, 'Go on have the cupcake,' so why treat anyone with substance problems any differently,” she said.
There are also false myths to deal with. Some people think that the longer you have been sober, the easier it is to stay on the wagon. However, she said the past year of sobriety has been the hardest for her, and sometimes she just had to take it one day at a time.
Some coping strategies work better than others. Tomasello said she actively encourages staff to take their full vacation allowance, so they can unwind, destress, and let their brains get back into shape without having to self-medicate with grog. She also advised tipping a bartender at the start of the night to just serve you non-alcoholic drinks.
If people are at hotels for conventions, or at the airport on the way, another technique is to ask a staffer if “A friend of Bill W,” has checked in. This is code for asking where the nearest Alcoholics Anonymous meeting is – AA was started by William Wilson – and many places have staff trained to let you know where meetings are being held.
Tomasello insisted she isn’t anti-alcohol, nor trying to start a temperance movement, and instead urged delegates to do what they can to help colleagues who are suffering from substance issues, and to destress staff – rather than distress – as much as possible to stop things getting worse. ®