25 May 2022

Mental Health and Cybersecurity: Two Continuous Journeys

Brandon Torio

Mental health is health. A common refrain during Mental Health Awareness Month, and one that strikes true when embarking on a journey to improve your emotional wellbeing. Health is an ongoing journey, funnily, with many parallels to cybersecurity. So, in honor of Mental Health Awareness Month, here are a few lessons I’ve learned from working in cybersecurity that resonate with my own mental health journey.

Mental Health is Dynamic Like an Attack Surface

At Synack, we often talk about how attack surfaces are dynamic — changing and evolving daily because of the continuous updates and improvements. The same is certainly true for mental health. 

Just as an attack surface should be continuously assessed, so too should your mental health. Checking in with yourself and others routinely only makes sense given the dynamic nature of mental wellbeing. Some of my best months or days come right after some of my worst. Don’t make assumptions about your own or others’ mental states, and keep in mind that change is crucial and expected.

Treatment Should be Continuous

In 2017, my therapist diagnosed me with depression. Today, my mental health and my ability to manage it are leaps and bounds better, and I credit that mostly to a routine of mindfulness meditation and using other mental health tools. Because I know mental health is dynamic, I know that meditation isn’t just for when I’m feeling down but rather a practice I continue through good and bad times to find balance. The same can be said of other tools like therapy or journaling.  

These tools work because they build habits and defenses that can stand up to the next challenge you face, just like protecting an organization with cybersecurity principles. If you’ve stopped your daily meditation, therapy appointments or journaling about your day, you might not have the habits and responses you want in place the next time a challenge presents itself. But if you treat your mental health daily, instead of only in a crisis, you can be prepared for anything. Like when an organization responds confidently to a security challenge, such as log4j.

Normalize Investment 

One of my favorite security messages that I’ve heard says that security should be treated as an essential business function. It’s not a side project you are burdened to fund, it’s an integral part of doing business and should be “baked in” to your budget. 

Similarly, investing your time into your mental health should be normalized. Take time to see your therapist or for daily habits that contribute to your emotional wellbeing. When seeing a therapist, I was fortunate enough to have supportive managers to take time off in the afternoon. I also had friends that supported me on my journey that I could turn to.

There’s no Better Time Than Now to Start

You can start your mental health journey at any time. You don’t have to wait for a low point to make positive changes. Just like you shouldn’t wait for a crisis to start enacting effective cybersecurity measures, you shouldn’t wait to tackle your mental health. Recognizing that it’s a dynamic challenge you need to prepare for, and invest in, is the first step in making a positive change for yourself.