Measuring Fatigue, CPTD, and Burnout in Cybersecurity with the Copenhagen Burnout Inventory

I don't have a good side. I just just just want to work just want to fit that on the Right. Um, who is a first time at any of my talks? Holy cow. I hope you don't feel like you wasted your hour when this is over. Um, so here's the thing. I I um I don't stand still. So like that camera thing, I'm going to try to stay in range and and make you all happy, but and I'm I'm guessing you'll give me borders as we go. Um so my name is Patrick Kelly, which you can probably figure out by now. 25 years in cyber security. Um almost 30 15 and excuse me, 25 in critical

infrastructure, 15 in cyber, 10 years of proxy. So um I am part US and I guess now I'm part Canadian. Um, so some of you are not going to like me because I am pulling for the Jay's and we'll see how that works out. Um, we're also a bid which means I don't have to follow all the rules. >> So let me give you some backstory. Um, I am as of two weeks ago um 18 years clear of narcotics.

Um, I did narcotics for all the wrong reasons. And we'll get into that because some folks in here are maybe not doing nar Hey, come on in. Have a seat. Um, there's like there's like two there. Um, some of us find ways of coping with stress and things of our lives in good ways and some of us do it in bad ways. And we're going to pick some of that apart. Okay. So, this is how I feel most of the time. And there's a little bit of a story behind this image because when I lived in Southern California, when I would walk into stores, they would always say, "You know, you remind me of somebody. I

can't put my finger on your voice." And now I would immediately break into bad Santa. And then they would immediately peg me for Billy Bob Thornton. So I decided each year at Christmas Eve, I would just start calling random random homes as Billy Bob Thornton is bad Santa and just see what the outcome might be. which is great because my father actually is Santa Claus.

Um I'm also going to share that this is going to be um a bit of an emotional one for me. Um I travel a lot um about 40 45 weeks a year. Um, I give a lot of public speaking and talks about mental health and Zeke and cyber security and all the bits, but this is the first one where my daughter is here, which Nicole, so um, it's a pretty neat day for me, but this is how I feel pretty much all of 2025. So, you know, we started out and now we have fewer resources and we have more fires and there's more stuff going on and there's less sleep and now we're just going to change everything. Come on

in. It's nice to have you. Yeah, it's like there and there and there. I was an usher in a past life. Um, and I feel like this just keeps compounding and compounding because we're not exactly printing t-shirts right? I used to work at Chick-fil-A. When I finished, I would go home, you know, even when I was touring as a drummer in bands, you know, we would get up off the tour bus, we would go do um soundcheck and we would do load in and when we'd do the show and then we would leave and we would just turn all of that stuff off. But in cyber security, we don't actually turn any of this [ __ ] off. Even when we go home, you

know, we roll over and if you get up at 2 or 3 in the morning like I do, you roll over and see if there's any text message on your phone that tell you tell tells you that your entire life has been upended in the last four hours. And what makes it worse is now we're getting rifted. So last week, CISA, we lose more people. So on top of it, you know, I work in critical infrastructure most of the time. That's power, water, gas, 911, all the things we need to just like survive. And we're losing people there, too. And we're losing resources there. And, you know, to quote the movie Red, um, you know, everyone is actually out to get

us. And that's kind of a tough place to be because now we're afraid to disconnect. We want to. We hear these things like unlimited PTO, which to me is like the equivalent of what, like riding a unicorn to work each day. You know, two things that don't exist. I mean, I know Santa exists. We got that going for us at least. And now you do, too. Um, but we're always afraid of being held accountable for things that we don't even have complete control over, let alone the resources. And then by the way, we have this thing called digital transformation which hasn't gotten any better since the pandemic because I've been here a long time. 1996

is when I started and back then everything lived inside of my office. Like we were barely even doing email at this point in time. Web pages were done in front page. Like it was way way old school. And then we progressed through time and now all of our stuff lives everywhere. And the amazing thing behind it is now we don't even have visibility in the most of the places that it ended up because when the pandemic hit, we got in this very big hurry because before the pandemic, we had 40 gig core switches and we had all of our young file servers and everything else. And it was very easy to move data across very

large swats of network infrastructure and then we all send them to their house and we can't really give them everybody laptops because we don't have enough laptops to give everyone to go home. So now they're using their own machines. And I would love to do 2FA, but how do I do 2FA when someone has to stay six feet away from me at their house and I'm on lockdown? So I got an idea. Let's just connect it all to the internet and see what comes out of it. And that's been the last several years. But here's the issue. 87.5% of all digital transformation projects fail, but 100% of them crush our souls. I was speaking uh I'm a frack CISO and I

was sitting with a CEO a few weeks ago and and he's like you know what do you want in your organization? He said well I want AI immediately. Cool. What do you want to do with it? Yes. Back it down here. We have to have a plan. Um because we sell this stuff as it's going to speed up and it's going to make our life easier. But that doesn't actually happen. Like if I go all the way back to when I began, all the things that we built that was going to make our lives easier didn't really. We got wireless, but with wireless, we never got to leave. And we got a smartphone instead of a flip phone. But

with the smartphone, that means that we didn't get to leave. And now when I get on an airplane and I fly around, we have Wi-Fi on the airplane. So, even when people would leave me alone at 32,000 ft, I have Slack. And now you can get on a cruise ship, which is great. But even Verizon Voyage has high-speed Wi-Fi, so you're not getting out of that one either. But we talk about burnout and stress, right? Is it all bad? The answer is no. So, if we look at Euron Dawson, right? So, on one side of it, we have total boredom. I come in every day and I do the same damn thing every day of my life. It is groundhog

day, but it is in cyber security. This is not interesting. It is not fun. You will burn out in doing it because you will determine that your life has no purpose which is equally as depressing as if we go to the other side which everything is on fire. You have no time. You have no resources and you're responsible for everything. There's a place that we want to land in the middle of it where we have purpose because life is really really short. I'm halfway through mine unless something happens which I travel a lot. It's possible you know at 48 I'm I'm pretty much halfway through and it's been a quick ride. So how do you want to

spend it? You don't want to spend it all the way on one side where you're not engaged. You don't want to sit it on the other side where you always feel like you're going to fail. Because here's the thing about burnout and this is a problem that's pretty deep meaningful to me. Because has anybody gone to the lake, gone to the ocean, went swimming? You can. This isn't You're not giving up any PII by telling me that you've been into a body of water. It's okay. Okay. This is crowd participation. You can jump in or we can make it happen. Go with option one. Okay. So, if you're at the lake and let's say someone jumps

into the water and they did not observe the mandatory 30 minutes from when they ate and they get a leg cramp. Some of you are as old as I see. I see you back there. You're as old as I am. Well, if they start drowning, do we just sit there and stare at them or do you go in? I got some dark people in the room. Some of y'all are like, "Yeah, I've been waiting a while for him to drown." It's okay. I mean, just just don't say it publicly. We're near the NSA. We go in, right? Because we don't want someone to drown. But in burnout, here's something interesting. The people that burn out,

they believe that they are solely responsible for their burnout because they are weak. and they are also solely responsible for recovering from their burnout because they got there because they were weak. How screwed up is that? If you look back to where I grew up, where we had marble miners, you know, we had people that went down into the ground and way way before I came along, they had canaries. Canaries were there to tell you when fumes added up and carbon monoxide and things that would kill you. And if the canary died, we would leave, right? You might not have seen it, but you at least know about it. So, let me ask you this. Did we decide

when the canary started dying that we would just go create like a Monsanto bio canary? No. No, we didn't, did we? So, why do we believe now that individuals are solely responsible for burning out, solely responsible for becoming unburned out, and we're going to just stand around and watch it happen? Because here's the B sides edition. That's [ __ ] up. We don't watch our people go down in flames. So, here's the issue with burnout in the way we have it. It's not typically on the side where we're bored to death. It's on the frenetic side. So, I was woken up at 3:00 a.m. because the CEO CEO couldn't get onto the VPN. So, I

created him a screen connect login because he's somewhere and he's the boss. So, I go back to bed. I wake up at 6:00 so I can get the kids to school, so I can be at the office at 8 so I can fix a printer issue and a login issue. And then once I'm done with that, I'm going to look at the 700 alerts that came out of Serakata. And when I get through at the 700 alerts that came out of Serakraata, I'm going to look at the four emails that someone clicked on something and now they're spamming the rest of the organization. And then I might be able to get a second cup of coffee before I come back and go

check on a power station. And then when I'm done with that, I'm going to read the insurance questionnaire that we have to fill out so that we can actually do business. But now I have to go back and decide, am I going to be honest about being breached or not? Because I haven't actually finished the investigation about the business, the business email compromise. It's all back and forth. It's not like when I worked in a restaurant and we would see, you know, 40 tables at one shot and they were trying to push everything through our expo at the pass and just get it out the door before it dies. This is a totally different reality that we're in.

And the issue with this is that it creates trauma because as you see 46% of the failure points are not technical problems. They're people problems, but they're typically people problems because of technical problems. Like, hey, let's do digital transformation on eight different platforms all at the same time, and let's not buy any professional services. You have a Corsera account and you have YouTube. Figure it out. Or even better, let's just go to chat GPT and have it write our GPOS and our caps for Office 365 and deploy it. Go with God. Go with the devil. It's almost It's almost Halloween. It's your choice. But here's where it starts to really work on us. There are individuals that

have spent decades getting very, very good at what they do. They know it inside and out. They can tell you what part of a packet and a payload you they can tell you everything about the handshake on TCP. They can make give you all the UDP jokes that you're never going to get. But now we say you have one year to get all of this pushed into AWS or Azure. And I hope this works out really well for you. And while this is going on, I need chat GPT or OpenAI. And then please make sure that we don't lose any data. And we're going to need a policy for that too because the lawyers have no idea what data privacy is. They

just know what billable hours are. This hurts. And this is where we're beginning. AI, machine learning, predictive analytics, I mean, and and most of this stuff has actually been around a long time, especially AI, large language models, um, I mean NLP, I mean Jeff sitting over there, I mean, we started working on those bits what, eight years ago. So, you know, AI and and machine learning and predictive analytics is not new. Neither is blockchain either. It's just called distributed ledgers, and we were doing that in 1995 at Georgia Tech. We just didn't have enough bandwidth to make it work. Sorry to kill the buzz on that one. But here's how burnout works. And this is why I want everybody to kind of lock

in for this one for a second. Okay? So, you have someone that gets into the industry very first time. They've never worked in cyber security before. They walk through the door, they've got a degree, they're surrounded by a dozen people that have been here forever. And immediately, they feel like, I have no right to be here. I don't know enough. I can't possibly learn enough. So, how do you over how do you overachieve? You overexert. So they work harder and they start to feel for a glimmer of a moment that they're catching up until the work person next to them or maybe Dave Kennedy gets a new PR on Twitter today and then they immediately feel like

maybe I'm not good. So they work harder because they don't feel like they belong here. So then they actually keep going to the point that they burn out. And when they burn out, it actually validates all their original emotions that they don't belong here because they burned out. because no one actually stopped and looked them in the eye and said, "Hey, you've been here for a whole week. You're doing good. You're here. You're making it." And I'll try to stay in camera range. I'm sorry. I'm driving this guy crazy. But as a manager, writing leaders and those that have been here for a while, you actually have to go to the new folks and look at them and say, "Hey, listen.

You're still here. You're kicking ass." Like, just keep going. When we started, we only had to One thing at a time. We grew up as it went, one piece at a time. We have handed you the entire ocean. Take your time. You're doing fine. Because burnout's more common than you think. Tom Hanks. Tom Hanks got an award for a movie where he spent the entire time on an island by himself talking to an inanimate object with a bloody handprint on the front of it. And he still feels like he has imposter syndrome. How does a guy that's sitting on an island that got an award talking to himself, no cast, no one working with him and he gets that and feels that way.

But I'm the same way. I'm identical. There's a whole life that led up to cyber security. There's a reason I talk about mental health. There's a reason I talk about complex PTSD. There's a reason I talk about mentoring and helping kids. It's because I know what it is to be one. My line did not follow a straight order. And so there are days that I wake up even as an owner. Hi, it's nice to meet you. Even as an owner of a cyber security company that's doing well with I mean I have a whole family sitting over here at this table and I still go, what the hell am I doing here? I'm driving in on the way to work and I'm

going I don't like these people are better at me than everything at everything that we do. Like he's a better pentester. He's a better at at data lake. He's better at detection engineering. He's better with a customer. That guy's just happy all the time. I have no idea how he's doing that one. Oh, a drug test, but no. So, you have to you have to have things around you that remind you that you belong to be here. And sometimes those are as simple as just having an award on a table or a flag that you have that hangs from a rafter that reminds me of a place of time where you did something incredible so that you do not have to

start back over 51st dates style. So I want you to read through through these real quick because sometimes this is what I deal with internally because I want to share something with you because this is how we work. You know, when we're younger, anyone in the room have kids? Okay. And everyone in the room, I'm presuming, has been a kid. So, when we're younger, we're near NSA. Sorry. Um, you know, when we're younger, right, all the messes on the outside. You ever try to feed a kid the first time and like all of the pumpkin stuff just ends up all over everywhere and like somehow it ends up in places where it just shouldn't be physically

possible. But then as we get older, all that mess moves on the inside because now we got to figure all this out and we don't want to talk about it and screaming and throwing a temper tantrum in the middle of the floor is no longer acceptable. I think we would be a lot better off, by the way, if we brought back nap time. But we'll take a poll on that later. Here's the thing about burnout, though. It is contagious, just like chaos theory, just like a butterfly butterfly effect because humans have this thing called mirror neurons. If you ever sat at a table having lunch with someone, you might notice that when they lean in, you naturally want to lean

in. When they cross their arms, you naturally want to cross your arms. Maybe they put their hands in your pocket. So, you do the same thing. This is actually natural. It's part of the lyic system. It's the very very beginning of your fight or flight. Does your body feel danger or does it not feel danger? And quite often you can sit and watch in a crowd like go to a food court if you still have one and you'll watch people start mirroring each other. It's because of mirror neurons. And when we're going through these advanced DT projects where we're doing two and three things at a time, you also have this massive risk of collapse and this is going to start to

echo out across your organization because the turnout turnover is going to spike. Now since it is a collective one with marinaraons and emotional contagions, we will all get exhaust all get exhausted. We will all get burned out. We all become irritable with much reduced patience. Now, is anyone familiar with a pressure cooker? Awesome. >> They're called Instapots now. Well, see, that's going to kind of ruin this next story. >> It's all good. You know, I've got a core childhood memory of when I was sitting in the Insta on my grandmother's floor and I could smell what she was cooking in the Insta Pot. And I always knew that when the whistle started going off that we

were going to have this great meal and it was very comforting and it was a happy place to be. But do you know what happens when you take the pressure valve off of a pressure cooker? Anybody familiar with the Boston Marathon? >> Okay, it could also just be Joe at your at your workplace. I mean, it's been fine all this time and then film cameras come around. Could you ever imagine him shooting up a building? No. Like, he played squash. I mean, he was, you know, he was always happy. The body keeps score whether we want to or not. Also, when we talk about insider threats, let's be honest about what they are. I know that we are seeing sim farms

and people are buying access to get into places like Salesforce. And I don't want to say that that doesn't exist, but most insider threats are actually fatigue. Why did we get breached? Because the CEO called me at 3:00 in the morning and had to get on the network, so I installed Screen Connect. And I didn't put 2FA on it because he has the intellectual width of a set of windshield wipers. And so we got him in there because I like to have a job. And then I went to bed. And when I got up the next morning, it was a shiny new bonfire. And somehow, as the glow of it spilled over into my world, I forgot about 2 a.m. From an

insurance point of view, that's an insider threat. And it leads to I can't step away. I can't step away because a team needs me. And that always happens right after a ransomware event where you have people that have 20 and 30 years of institutional knowledge and they don't want to leave because they don't want to be responsible if something happened and after 30 years they probably are the only one that knows the environment because the budget didn't even allow us to get an intern. But here's where it connects and understand where it goes and how to fix it. You have to understand how your brain works. So, we start at the very basic level of the lyic. You're all

sitting here breathing. I'm looking around the room. None of you have turned blue yet, which tells me that the lyic system is still working. You're breathing. You're looking around. You're sitting upright. So far so good. I haven't killed anyone with this talk yet. The next is going to be the emotional side of part of your brain, which is fight or flight. So, if anyone's been a combat veteran, you're probably very familiar with fight orflight. We're going to talk about another group that's very familiar with fight or flight in a moment. But then above that one is logic and reasoning. Now pay attention to that order, right? Because once we move the fact move past the fact that we can balance on our own

feet and breathe, the very first thing that we're going to see is emotional. How do I respond to this? That's going to happen before the reasoning side of your brain tells you what to do about the stimulus that you put into your head. Because your brain does not work the way you think. Your brain is not a file system and AI is not an emulation of our brains. If I put a word document on a file server and I come back in 20 years, the file is going to be identical. Nothing is going to change. The recollection to that file will be identical. But if I think back 20 years to Brian Adams, summer of 69,

I'm in Gulf Shores with a beer in my hand and I can feel it. I can hear it emotionally. I'm there. I'm time traveling. It wasn't just for Marty McFly. You can do it, too. But that also means that when we recall things years after it happens, it's not going to be the same. And that's what I'm seeing in instant responders. Folks that are fighting fires day after day after day after day, when they open up their email and go look at it, they're already anxious. It's not because anything has happened yet. It's because there's been enough time that it always has. Let's talk about Fourth of July. I'm fairly certain that if you take a

combat veteran and he sent him with his kids to the 4th of July that he did not forget that he was not in Fallujah. I'm fairly certain that he remembers that he's in Augusta. But the minute that the firework goes off, he's somewhere else. But here's the other group, and this is one that I wish that I could fix. maybe time traveling. So the best operators that I have in cyber security are female. Let me tell you why it's related that very top one hypervigilance. In the United States, women are more likely by a great measure than males to be subject to domestic violence. They know exactly when the footfall coming down the hallway changes. They

know when the breathing changes. They know when the size and the voice change. They know this because at some point in time, someone has endangered them, which makes them very, very good at cyber security because they're always looking out for things that can harm them. This is a harsh reality. They're great at constant, you know, they're great at detection, but they're always anxious. And if you look at the MRIs of someone that was a combat veteran to someone that's been through domestic violence, it's identical. The same areas of the brain light up when you introduce that stimulus. So, we move to emotional regulation. They're really good until they're not. Life's great. I'm above ground and

breathing and the suppression of emotions goes away. Pattern recognition through the roof. absolutely amazing in these groups of people, but they're always mentally fatigued. You have to care and have to take take time and care for them because what they're going to do is they're going to push too hard and they're not going to neglect their self-care, which means they're going to burn out. Now, how this works inside of your body is that you have a huge impact, huge push of cortisol. So, anybody that's wondering why they only eat half a meal a day at their cyber security post, but they never lose weight, it's because you're punching your body full of cortisol, which means you're

always in fight or flight. It's going to burn as little of what you're putting into your body as possible because all day long for 11 to 12 hours, you're telling it that you're on the verge of being killed. That leads to inflammation, heart attack, many strokes, cardiac events, leads to disrupted sleep cycles. Anybody else wake up at 2 o'clock in the morning and remember something that they forgot to put in a ticket tracker or forgot an email they were supposed to answer. Sucks. And then there's m there your memory and learning deficits because now you're inflamed, you're unhealthy, you're always stressed out, everything's always out to kill you, and you're not sleeping. So now you can't remember what

happened yesterday. By the way, I still believe we are in Augusta, right? Okay. So when's the last time that you actually unwound from any of this? Didn't you go on a vacation and just didn't look at your phone? I'm seeing more people that just are not about that than are, which means you're in the right talk because here's the thing. We have to start coping with it. And we're doing a really, really terrible job. When I go and I look at Slack communities that I'm part of, every one of them has the bar drink bourbon, um, after hours, but only one when I first started this talk 18 20 months ago had one for mental

health. Now, let me explain why that is. It's because alcohol actually works. does. So, alcohol induces GABA. GABA slows your body down. That's why on a Friday when you go sit down at the bar and you have that first drink of wine or first glass of beer, that's why you feel better. It's because it's slowing your body down. It is a chemical response. I'm not advocating drinking. We're going to get to the other side of that in a minute. But you need to understand like why did you get here? Why did you use this stimulant? Why did you use this opiate? Why did you start drinking? When did it get out of control? It got out of control and you

started because it worked and it was the answer that you had in front of you. And here's a little hot take for you with the condition of our health care system. I kind of figure out the rest, right? But you have to ask yourself at some point in time, are they working for you or are you working for them? So if you're going home on a Thursday or Friday and you're having a beer and then you're relaxing, you're going to plan with the kids and your home's good, then I would say that your coping mechanisms are probably working for you, whether it be this or kickboxing or what have you. But what if you're already thinking

about stopping at the liquor store at nine o'clock on the way home so you can get a beer and then you can go ahead and finish the rest of them when you get to the house. They're not working for you anymore. You're working for them. And when you get to the point where you're working for your coping coping mechanisms, that's where we have to take a look at things. Here's how I like to do it. Here's another hot take. I think your unlimited PTO is [ __ ] I think it's a lie. I think it's an absolute joke. I think that some people take a lot of PTO and the rest of the people don't

take any of it because they're afraid to take it. I think it's a really great creative way to get people to come work at a company because they believe that they care. Because there's unlimited PTO that you're never going to take. I don't believe in rolling over PTO either and I don't believe in cashing it in. That's not what it's for. PTO is for you to leave and rest. Jaco Willlet, Navy Seals, the most effective team is a well-rested team. And I'm gonna give you a a really tough one for me. Acknowledge I run two startups. It's all we can do to get PTO in. It's not perfect. You have to try and unlimited doesn't do it.

It's kind of like the open door policy, which in most places I also think is [ __ ] If your open door policy is where you go into your office and you leave the door open and you sit behind your chair, that that open door policy is not for your staff, it's for you. So that when they leave, you can say, "Well, the door was open. They could always come talk to me." So you want your employee to come to terms that there's something wrong with them and that it's affecting their work. And then you want them to leave their post that you put them at to walk into your office to sit across from your desk

and tell you something's wrong. that's impacting their work performance. That's never going to happen. A really good open door policy is one where you actually get off of your butt, walk out of your door, and go meet the people where they're doing the job that you task them with. And when you do it, be genuine. Look them in the eye. Hi, I care about you. How are you doing? And if the answer is, man, I'm way ahead on this project. That's not the question you ask. You ask them how they're doing. They don't have to give you all the answers. You don't have to make an H HR issue out of it, but you can hear them

and you can guide them in the proper directions if you need to. You chose to be their leader. It's on you. So, make sure you're good at it. Journaling does not mean that you have to write war in peace. Journaling can be 2:30 in the morning when that ticket comes up in your head. And instead of staring at the ceiling at the fan going round and round and round and round for three hours trying to think about what you're going to do at 9:00 a.m., just go write it down and go back to bed because we already talked about the CEO connection at 2:33 in the morning. That didn't turn out well. This won't be any different. So, the whole

idea is that you want to get that rumination out of your head so you can move on and get some rest. Also, I had the luxury of sitting down and talking to Sir Richard Branson for about an hour. That was fun. And one of the first things that Richard said was, or Sir Richard was, you have to daydream. Go sit in your car. If you can spend half an hour listening to a demo about an AI product that is not going to improve your life in any way, shape, or form, then you can spend 30 minutes sitting in your car just wandering off in space. It's not soft. It's a reset button. So, take the time.

So, I want you to think as you go through, and we're not going to do an open dialogue because there's a camera running and I'm not having anyone answer questions and it's whole privacy thing, but think about ways that you can cope better than you are today. Now, why are we going to measure this? What's the point? I'm going to be very clear with you. The point that I decided that we needed to measure burnout is because no one could figure out how to deal with my staff as burned out. The default answer was bring pizza. Bringing pizza doesn't help or you know let's sit down and ask them what's wrong. That doesn't help either. What

helps is when you quantify it. What does burnout actually cost the organization? What risk does it impose? If someone is fatigued from burnout and they make a stupid decision that would be an ordinarily smart decision that they would make, it's going to cost the company a lot of money. Especially if it's a BEC, which in the billions of dollars, the last person said, or ransomware, which could be in the millions of dollars, the last person said, all of which is way more expensive than someone taking their PTO. So, we start measuring it because burnout doesn't start on Monday. I'm really overwhelmed. I'm going to quit my job on Tuesday. How it actually starts is on Monday they get very very tired

and then they start using up all of their sick time and then they start using their PTO for sick time because they're still sick. They're still sick because they're burned out. Insurance premiums go up, mistakes go up, churn goes up, retraining rehiring goes up. This is a problem that actually has a quant a quantifiable answer to it. And I spoke with the folks at Moslock Burnout and they're really, really great people, but everything they do is licensed so I could show you the Mosak burnout inventory, but I couldn't give you any way to use it. So I migrated it back to Copenhagen Burnout Inventory, which gives you the entire program for free. So instead of going and having to buy

Moselock burnout inventory and then write all of your policies and write all of your questionnaires and write all of your calculators and then figure out how you deploy it and then figure out how to get it past legal and then learn what to do with it. I just built it in Copenhagen. I'm giving it away and here's what you get. It's defined it is actually designed for operators and defenders. So the version that I'm doing on the CBICS is directly related to cyber security. It also gives us some metrics around operational stress and socket context and it is non-punitive. I want to be very clear when you start doing the CBICS it has to be communicated that

this is non-punitive. This is why you cannot administer the CBICS on your own team. trade with another department lead. Otherwise, the data that you're going to get back is going to be biased and you want to have a clear understanding what's going on in your organization because it's going to measure the exhaustion cynicism, but it is going to offset it by personal accomplishment. If we start everything with it being terrible, then it cannot be good. So, if we measure the the detachment, we measure the exhaustion, but we can show the offset of it with the personal accomplishment that the work's meaningful. remember Jüks and Dodson? That's where that part comes in. So, here's what you get with it. You get

the run guide on how to use the calculator. You have the run guide on how to do the cost calculator to the organization. I've given you both calculators. So, you can do the questionnaires, feed it in, it's going to give you the number on the burnout for that particular individual at the bottom of that calculator. If you feed that into the cost calculator with some information you're going to have to add. I do not know your average salaries. I don't know what the cost is of your insurance. These things I don't know. But if you put those into this into the cost calculator, it's going to help you get an understanding of exactly how much

burnout is costing your organization. If your organization at the top doesn't have the emotional intelligence, which is not an insult, the world's much bigger at the top. But if they don't have the emotional intelligence to understand and how to work with this data, it can quantify it in a way that they understand related to the other things that they're being being given. Okay. I'm also giving you the communication plan, the follow-up and feedback, your employee support resources document that you can fill in with things like um uh 998 um as well as resources that you provide inhouse for mental health. Also, you have a privacy and ethical handling pro policy because you can't just collect

data and not tell people what you're going to do with it. So, I've gone ahead and written that for you as well. Your administration guidance is also going to be in place. So why are you doing it? Communicate it clearly. Schedule it. So you're not going to want to do this monthly, but you're going to do it once and in six months come back and do it again because you want to see how much change you've made in the six months. And then I recommend going to annual because you can line this up with employee reviews and things like that. Once you get into that cadence, you can truly understand what's going on inside of your organization from a from a

quantitative, not a qualitative stance. And here's the goal. We're going to have to adjust workloads at some point in time. So for me, we're we're doing some things with wearables so that if I'm starting to drift or my close rates are drifting, it lets me know that I need to move that workload to someone else. If we can collect ticket times and close rates and response rates to determine if the company is any good and the team is any good, can we not use that same data to make sure our people are good? If you're seeing large swats of drift, there could be problem problems with that individual. And by the way, the problem isn't with the individual, it's

probably with the environment and what it's having on the individual. start with leadership buyin because you're not going to get this done without it. And I was speaking two days ago um to a group that was in Kansas City and they said, "Well, how are we going to address the thought that, you know, cyber security and mental health is a soft topic? How do we get around the soft cell?" It's like, well, it may seem soft on the surface, but I assure you it has very hard outcomes. You might not want to ask about it, but you're going to deal with it one way or the other because the world is accelerating faster than we are. The

evolution in everything. Go back a few hundred years. How long did it take for energy to be harnessed and then for everyone to have it in their homes? 40, 50 years. Cars 20, 30 years. Internet 5 to 10 years. Chat GPT two years. I still have 10 fingers and 10 toes and one head. So do both of my parents and my grandparents. I've not evolved as fast as everything around us is. So we're going to have to make peace with that. The last part is to foster a culture for this. It's actually okay to talk about mental health. I don't understand why it hasn't been so far. If we're banking on people and that's our true asset, then why do we not care?

and why isn't an issue to talk about it. So, schedule it, put it in place, track your projects or excuse me, track your progress and adjust the interventions and if you can integrate this data in any any place that you can just for the overall health of the organization. Now, we have a few minutes and I want to make sure that we have time for questions if you have questions. >> Yes.

I find it's a great place to start. It gets past HR's time commitments. >> Haven't thought about that one. Um, for me, I would probably do the M the CBI because the CBI is probably going to tell me a good bit about what I need to know as a leader. If I go in and I do this, if I do the um evaluation first the way that I've done it up until just a few years ago. By the way, I've not always known this stuff. I made a lot of really terrible mistakes as a manager. Um if I didn't know the health of my of my staff member, then I would probably guide an evaluation in the wrong

direction. So, I would go with use your ears before you use your mouth. You got two of them. But that's just off the cuff. Another question. Are you Rob? Okay, keep going. You look You look like a friend of mine that I've not seen in 10 years >> and I miss him. >> Okay. All right. At the end of this, we'll hug it out.

So this is on GitHub and I hope 10 minutes. Awesome. It's on GitHub. I pray that you will all fork it and go and put it in different directions and go help people. When I looked at the MBI and the fact that you had to pay to play to help people, it pissed me off. It's not that I'm angry at them. They put a lot of time in it. Everybody's got to eat. But I hope that you would fork it and you would commit that back to the repo so that the rest of the world could use it. And I will give you credit. >> Yes. >> You put the URL on the screen. >> Um, yes. In fact, I thought I had it on

the screen. We're going to try something here.

One moment. Here's every tab I've ever had in the world. It's I I live a very honest life. It's okay. Let's at least get the scuba first. Um,

there it is.

So, larger. If you go to GitHub and type that in, that's what it's going to be. Yes.

>> I'm sorry. Give me that last bit. >> So, make sure I got clear. What is connection between burnout and attachment and detachment?

I want to be careful with this one. Um,

so I'm going be honest with you. I feel that that many of us are detached and and striving to be attached all at the same time. Um, I largely think that a great deal of what's going on in our world right now is so that we will become burned out and detached. I think a great many of scenarios that we face from day to day today are built that way. Everything is louder. Everything is brighter, even the overhead than it was five years ago. Everything is in your face. I'm going to go back what, two months ago to something that to me was absolutely appalling. I'm not going to share my opinion one way or the other about Charlie Kirk. I'm

going to share my opinion about the impact of literally anyone logging in to social media to see what's going on with their friends. And there is an actual assassination in 4K streaming on repeat whether they want it or not. So there are people that go to war and they come back and we treat them for decades if not their whole life for seeing that. And we just broadcasted across every social media channel because the AI told us that we needed to because the hits were going up. So I think we're all detached and we're striving to attach and many of us don't know how and we're all exhausted and burned out including me. Anyone? Yes. I'll go here and then here

>> trained

You have to start here. I I mean like you have to talk about that it's actually okay. Like go back to a thing where I said you have to go to where they are and you have to look them in the eye and you have to talk to them. And you don't want to disrupt everything that's going on in their lives and you're not trying to pride. If you want them to feel like it's okay to talk about it, then you have to do it first. Now, here's something that I'm really, really bad at. I suck at taking PTO, and I expect all of my people to do a great job at it. We all have places we have to work. Just

because I'm up here talking about it doesn't mean I've got it all figured out. But to me, how do you do it? One, mistakes should happen. They should got it. Um, so you have to normalize making mistakes because if we're all going to go through the wall, then we're all going to get bloody and breaking people. It should be okay for them to be able to tell you that they're not doing well. And you should be able to tell them that you're not doing well either. But it has to start here by just talking. Nice.

>> Thank you.

So the answer is no. The follow >> uh yes, go ahead. >> I was saying thatcl

a social desiraability scale and that would essentially essentially measure how comfortable.

>> So the answer is no. I have not gotten there. Um the follow on offer to that is I would love to find me any way you can um pkurg.io or through GitHub or through the whole goal of this is to make the world better. I make a living doing cyber security. This is what I do for passion. Um one more question I need to close this out. Yes.

I have one and I cannot share their name. Um I'm sorry. Um what I can share is that um they are already >> Yeah. And they are already in the mental health space. Well, it's not the mental health space. They're in the healthcare space. Okay. Let me close with this, okay? And many of you have not been in the room, so I'm going to make this quick and make sure you leave with it. Um, at the very beginning, we talked about my addiction struggles and I had some things that went on earlier in my childhood that led to that. I didn't cope very well. It led to very, very bad decisions. And what I found is that I ended up

meeting a friend. He wanted me to go ride a horse. I've never ridden a horse in my life. and we rode around his property and we got in front of this creek and he said, "I want you to just sit still on the back of this horse because I don't think you can." He's right. But as I watched that creek, there's a part of it where it bends and where it bends, everything around that bend was flooded and muddy and pushed down. And I asked him why that was. And this is a true story. He said, "Well, every time it rains really hard, it it can't hold it in. So it overflows its banks and it

destroys everything around it. That's why over there everything's grass and greeny and lush and right here it's all destroyed. So we went up and we got a caterpillar and we went down and we trudged a straighter line. But the next day we went down and the water was muddy and dirt was falling in and the water's still trying to go through the same bent because it's the only thing that the water knew how to do. Go look at the Grand Canyon. So, we had to go back down the next day. And we did that for two weeks. And then finally, the water went in a straight line. It went in a way that it didn't know how to go. Wasn't

the water's fault. Wasn't the creek's fault. But we had to go down there every day and pack dirt until the water knew how to go a better direction. I went back there about 10 years later, and wouldn't you know if the grass and everything was growing up on both sides of it, and nothing was destroyed. The point of that story is that you're not going to go back to your org and you're not going to go help yourself by making a single change. 12step meetings have 12 steps. That's because one step doesn't do it. You have to take your time and you have to keep packing dirt. So, be patient with yourself. Okay. Thank you for taking your time to be

here. You could have been anywhere else. Oh, I'm uh I'm supposed to give things