Unsecurity Podcast

With Brad out this week, Evan is joined by the founder of the PsyberResilience Project, Neal O’Farrell. The PsyberResilience Project is an “ongoing effort to address the prevalence and impact of stress, burnout, and mental health challenges in the cybersecurity workforce.” Evan and Neal chat about what mental health is like in the information security industry, and what challenges need to be addressed.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: Yeah, Everybody. Welcome to another episode of the Un Security Podcast. This is episode 102. The date is October 20, 2020 and I’m Evan francine, your host. Unfortunately, Brad by my good friend and regular co-host is out with a sinus infection I think. I don’t know if he’s been to the doctor to confirm that diagnosis, but he’s not here today. So it’s me flying solo, but not really. I’m very, very excited to introduce you to a great guy and a tremendous asset to our information security community, Neal, O’Farrell. Hi Neal.

[00:00:59] Neal O’Farrell: Hey Evan, how are you? Thanks for inviting me back for yet another one of these conversations.

[00:01:05] Evan Francen: Oh man. It’s uh, the last couple conversations we’ve had have been so uh rewarding for me. So it’s a great honor to have you here. I’m excited to talk awesome. Uh, so thanks for joining the podcast. Um, I’d like to start off, you know, some people, you know, obviously don’t know security people were not, you know famous. So neal, tell me, tell us a little bit about kind of your juror, you know, in information security. Tell me about your background.

[00:01:36] Neal O’Farrell: Yeah, I I started in information security the same way as everyone else did. Uh, I went to marketing college college to study branding. So I should be a dressmaker. So there’s nothing, nothing I do are different in my past, But but it’s true, I mean that’s uh you know, that’s that’s not a lie. I was studying, I wanted to be a fashion designer, I was going to be the third generation to take over a famous irish fashion business, 100 year old business. Uh Some really famous clients. Coco Chanel leaves are wrong, The queen of Siam nancy Reagan. But more than that, I was going to inherit this little estate. So there’s AA 400 year old estate, there was a farm, there were gardens, there were servants, there was a gardener called mr peacock and I was going to inherit this because I was none of the other siblings had any interest in this. And I only realized later how much I wanted it because it was mental illness. It wasn’t just that I was a creative type. I had a particular type of mental illness that uh you know, it’s a form of social anxiety. Um and it comes with something called avoidant personality. So it wasn’t just that I had an avoidant personality, but I avoided personality. So I went in. So, so I went into college with this whole, you know, dream in mind that I would live in this magical kingdom and and I wouldn’t have to deal with people and I wouldn’t have to have a proper job and wouldn’t have to have bosses and coworkers, I would be automatically boss. That didn’t work out because and for some reason you americans thought that polyester and island was so superior to finally woven irish tweed. So first year in college, some guy, 1980, years, some guy show me how you put a floppy disk inside a computer with a little bit of cold in it. You can steal passwords. And my talk was not um wow. You know, I could make a great, I could be a great spy. But I thought that these computer things ever take off, someone’s going to have to protect the world against people like him. So that’s where the sea was was was was planted. I felt there was nothing much happening in computer security in Ireland in the 1980s. So I ended up in encryption, military encryption concept. Um wanna be covered the contract with the irish banks. I encrypted the entire entire national 80 M network when I was 27 28 which is young for an Irishman um and ended up going head to head with the en esa uh we took on their 23 secure phone. They didn’t like what we did. It was it was right at the birth of the crypto war. So do you think Phil Zimmerman, you know, had his knuckles broken. You had two years before that. We were we were we had bomb threats. We had remember that I’m working on a book where I, you know in the last days of my encryption started when I walk into the office and the reception says what the F is on with your knees and I looked down at his wet patches on my knees and my routine every morning was to get on my knees and look on your car my car for a car. But because it was Ireland in the The 80s and 90s terrorism was very very complex. Car bombs were not unusual but we’re getting threats we assume from the Americans but start making unbreakable crypto. So I worked with G H. Q. For a while after that. They apologized long story there. But when I moved to the states in 2020 20 years ago I decided to go to the camp side of security. So I was appointed director of education for a small security start up in san Francisco called zone alarm. Zone alarm very quickly acquired by a checkpoint. And that got me into the human side has secured. I’ve kind of been stuck there ever since I Consumer security. Uh 20 years ago I was building employee security awareness courses. I was writing about what I call the human perimeter for search security. Remember that part of tech target back in 20 are Uh 2000 2001 built a bunch of security awareness courses and then it’s just been really people ever since then and it’s it really I think help calm me down because you know, when you’re working with military and government and banks in the intelligence community, it’s ugly. It’s just an encryption to is cold. There’s nothing human about it. So that was probably the first time I actually treated myself in the sense had my mental illness is treated because I just switched. I love this word Palin genesis rebirth. I just reinvented myself. I’m not a crypto guy anymore. I’m not a spoken spy guy. I’m a people’s security guy. So there’s the I could I could go on and I’m not going to, you know, your eyelids are beginning to true.

[00:06:38] Evan Francen: No, no, no, no, no, but not at all man, this is fascinating. I think people’s uh people’s backgrounds are just amazing to me, the people in our industry. The fact that not one of those who likes polyester man. So I’d go with irish tweed, you know, so if you would have gone that route, I would have bought your stuff.

[00:07:00] Neal O’Farrell: Well you wouldn’t Well yeah, I mean you were you in a tweet dress and blouse.

[00:07:06] Evan Francen: Okay? It’s 2020 man. I mean everything goes,

[00:07:11] Neal O’Farrell: it is called the guilt and move on.

[00:07:14] Evan Francen: Exactly. No, I think it’s because a lot of us, I think, you know, you and I have talked before and you know, we’re both kind of old timers, right? And we’ve been in this industry for a long time. It’s crazy how, you know, when he started off with, you know, your background and you’re like, well everybody else, it’s like that was and I don’t know how many listeners caught on to that, but there is no like everyone else, right? We all come into this industry in such weird ways. I I have a degree and geology rocks. What the hell is that? What am I gonna do with that?

[00:07:49] Neal O’Farrell: You get your money back. Mhm.

[00:07:51] Evan Francen: No, it was a public school. They’re not giving me my money back. University of Minnesota.

[00:07:57] Neal O’Farrell: All right, Well, you are the product of your mistakes. So,

[00:07:59] Evan Francen: I am the product of my mistake. That’s very true. And then, uh but I started on the tech side too. I was a that was a network guy very deep into networking and how networks work, how communicate, you know, how computers communicate with each other. Yeah, I stole, you know, it the statute of limitations has run out, but you know, I stole my copy of Windows 95 of a Microsoft bulletin board server, just like a bragged that it was the first one who had it. All right. Um but then you come to this realization that, you know, to me, information security isn’t about information or security as much as it is about people.

[00:08:41] Neal O’Farrell: Absolutely. You know,

[00:08:43] Evan Francen: when we get things wrong, people suffer. Right. And so I’m just fascinated by the fact that here we are, you come at it. You know, you come from away. I mean, we need to talk more man. I’d love to hear more stories about what it was like in Ireland in those days. I can’t imagine ever getting on my knees looking under my car for a bomb. That’s crazy.

[00:09:09] Neal O’Farrell: I used to get phone calls and it started off just silent and then they went to, you should look under your car and I thought it was my friends. I mean we we already knew. So we were working in encryption we had been told so we had been told by the irish military intelligence that what we’re because Ireland was a Washington secretary to co con. So Koken was this american global agreement that classified encryption as ammunition. So essentially if you were producing uh encryption you were considered essentially an arms dealer dealer. So Ireland wasn’t the statement co come so we could make encryption as powerful as encryption could be. And yeah, it was, I don’t think you get that too much anymore in security. I don’t think there are, you know what you mean? You’re building a better firewall, you better look under your car, pound. You know, it’s it doesn’t, it doesn’t really happen, but it’s but remember then back then security was also a lot easier because we didn’t have this internet, they need, we didn’t have email, we didn’t have mobile devices. I mean I remember, you know, most of the hacking back then. So I was a wire man for a long time and that’s a polite term we had for a bugger. So most of the hacking back then was fantastic. So that was the paranoia. So your biggest fear is an executive was someone missing into your home. So I got I made a lot of my early money before I actually got my first computer security contract either installing wiretaps legitimately from companies who are trying to find who’s on the take on the inside or sweeping their offices or a book. So you know, security was so much easier than, but there’s no wasn’t called the word crypto hadn’t been invented. In fact that the word cyber had been invented. Life is a lot easier. And we were pioneers because we had that we knew something was coming because these computer things were happening and people are talking about network, you mean they could talk to each other. Um so we knew something was coming and we saw people with the first poems walking around in this case these Motorola briefcase homes. We knew something was coming. So it was very exciting but particularly challenging. It’s uh not as much heartburn as there is today. That’s what

[00:11:31] Evan Francen: well and you know you talk about crypto. One of my favorite books that I read about crypto was applied cryptography by Bruce schneier. Right? And Bruce said, you know back in, I don’t know what year it was, it was a long time ago that complexity is the worst enemy of security. And so you just keep right in on that life was simpler than it was easier to secure things because we didn’t have so much damn stuff everywhere.

[00:12:00] Neal O’Farrell: Yeah, your access has been such has done so much how we want to access to everything all the time. But that’s that’s that’s doors are too late, you know, that you can reach out, they can reach in it and it’s it’s never ending. Its that’s again part of the incredible special security. Well, you know, this one band and we’ll talk about that later. Some things do end like stress. You can make an end job, doesn’t threats, don’t, but you can you can change the way you survive the person.

[00:12:33] Evan Francen: Well, that’s a great segue. So, tell me about So you’ve been, when did you start the cyber resilience project? And tell us about it? Tell me about it.

[00:12:43] Neal O’Farrell: Yes, So shit. Um so late, so late last year. I I’m only starting to tell the story. I found myself and I hope my wife and here, well, she’s heard the story. So I I’m sitting on the bed crying my eyes out, Uh creating a three year. So done. I’ve done. I was my first time and I was absolutely certain that um it would be my last time and not a good way. And so it was a combination of 40 years of doing security of of 30 years of chronic stress, 50 years of mental illness, a lot of the crowded stress was part self imposed, I agree do in this industry, part of it was a, just a mental exhaustion of hiding my mental illness is hiding them for myself, being in denial about them, hiding them from friends and family, but hiding them from the industry because I thought if they find that out, but I, you know that g soft chronic depression, it’s not such a big deal now, but for years, you know, any mention of mental illness could have ended your career. So I found myself absolutely burnt out, just burnt out to the point of checking out. And so I had this kind of, you know, come to jesus moment with my wife and I decided to quit security. Um and most people are insecurity that work, we don’t actually know that, but I really have quit security, although in two hours I’m having a conversation with the caesar who wants me to build an employee security awareness course. Um but you know, you you it’s like the mob, you’re never really out, you know? And so I just, I was trying to for me and I think you’re the same admission and passion are really important and I lost that security. I was floundering. I I was every, it was groundhog day, every day I said I’m I need something else. So mental health was the thing, so I’m now involved in a couple of major national mental health initiatives I can talk about later. But my transition to mental health with security as well, what can I do in mental health is going to be good for me, but it’s going to leave something behind for all my comrades, all the people that I’ve spoken to insecurity and open up with, I can’t just, you know, pull off this cabin, walked away. So I thought cyber resilience project. So it started earlier this year, is nothing more than a survey, 20 question survey, let’s just ask people in the industry, is it true, is it as bad as we think it is, isn’t hurting in the way that it is a long before. As soon as I launched the survey, I think we’ve got a couple of 100 responses who wouldn’t it? And so I thought, well, you know, I pulled the survey, well everyone stresses elevator now, we’re not going to get good data, we’re not going and they’re too busy to respond to serving. So I kind of left of the fat and focused on other mental health initiatives that I was involved in, but it kept coming back, you know, I get emails, so, so what happened, you know what next, you started this, you know, you got to keep it going and that’s when I start talking to people like you and others are saying, well, you know, we know it’s an issue, let’s let’s one of the greatest therapies is talking let’s talk about this and see if we can create necessary change, figure out what that change has to be and do so by getting more and more people to ask about it, to talk about it, to open up about it. So the project has evolved from simple questionnaire to I really don’t know what it is anymore except that we need to talk about it and ultimately we need so in my wildest dreams, my greatest fantasies and object to know that that I really weird fantasies about CAesar’s especially, but I want mental resilience, cyber resilience, mental health to be as much a part of the security strategy. Is this? No, it needs to europe Again, we talked about this before you pay for that 3lb of of motion fat magic above the shoulders, protected, invest in it. Um if you don’t it will deplete, you’ll you’ll you’ll you’ll you’ll lose money on your in your investment. If you if you protected and nurture, you will get the best out of your people and security model. So those are my fantasies, Sorry that I had to, you know, go out there at least you know, now you can edit those irish.

[00:17:13] Evan Francen: No, no, I like those, the man, I’m in this. You know, I’ve said it before and some people get offended by it and you know honestly and you and I prior to starting this show, you know, we talked about the importance of being real just being you, you know, uh people introvert. You know, I’m I mean it just means that people exhaust me, but it doesn’t mean I don’t love people. I really do. Yeah. People, some of the crew and I’ve said before and I said, what’s that?

[00:17:46] Neal O’Farrell: It’s part of the cruelty of it. You you you love people but you can’t stand up.

[00:17:51] Evan Francen: Yeah. Yeah. It reminds me of chris roberts, you know, you and I have talked about him too. He’s kind of the same way I’ve called, you know, bs on him a couple times. He’s because he’ll come off like he hates people. I’m like, man, if you hated people, you wouldn’t be doing what you’re doing. Yeah. You know, you wouldn’t be helping people.

[00:18:09] Neal O’Farrell: Yeah. Yeah. It’s you know. Yeah.

[00:18:14] Evan Francen: When it’s uh when I said before, you know, for me where I’m grounded and grateful for it and I understand that not everybody thinks the same way I do that it’s ok for people not to think the same way I do, but I’ve said before and I and I say it again and I mean it that jesus is the ceo of my of our business. And so what that means is that that’s where I go for my answers, right? When you’re the ceo of a company, uh there’s a lot of challenges that people don’t really grasp. You know, one there’s a saying the wind blows the strongest, the top of the mountain. That just means that you’re the one catching, you’re the one catching the wind? I mean I think if you’re a good leader um but without that and another thing is like people had two more things and I 80 HD if you can’t tell us my thing. Uh Right. The you mentioned you know being a standard as nest and um because you’re absolutely right if I’m if I’m a businessperson and I’m paying for the mental horsepower of my team and my team is broken mentally. Uh I’m not getting what I paid for. But also there’s a risk there. So one of the things that we do at security studios were trying to simplify information, security as a risk management thing, right? Make it simple so that everybody can do it without losing its effectiveness. And after you and I talked last week or two weeks ago um I need to figure out, I want to figure out, I will figure out with help what is the risk uhh impact of, You know, if you’re, you know, and I was telling us with with uh you know pat Joyce, you know, run from you just to see. So at medtronic I said, you know, let’s say you have 50 people on your security team and 10 of them are stressed out, burned out. three of them are dealing with um depression in five are you know have significant A. D. H. D. Would you want to know that? And would you factor that into the decisions you make, would you factor that into, you know risk, would you want to help? Uh And he’s like, yeah, absolutely. And I said, well that’s where we need to go. We need to figure out because the message is going to resonate. One of the things that to that just drives me crazy is the fact that people start off with the right motivation here. And then it, you know, it’s sometimes these things die on the vine. We have mental health hackers, which I think is a fantastic organization, but it’s run on donation. Uh they’re always struggling for money. They’re struggling to get into conferences there. It’s run as part time, right? All these people have full time jobs, great. You know, he’s gonna die. Yeah. Yeah.

[00:21:29] Neal O’Farrell: Yes. And I I still haven’t figured out why. I mean, I think if you’re not, if you’re a security leader, if you’re seaso and you’re not taking the mental health of your team seriously and yourself seriously, I think you’re or I think you’re an idiot, but that’s part of the problem and and I’m going to piss off a lot of caesar’s, but I’ve met very few jesus um who are leaders. Most of the seizures. I bet first of all the majorities and look at the exchange some of the best cheeses I met recently I women and they’re they’re it’s like a light bulb moment? Um but the majority of skilled middle aged conservative fight men who do not like sentence like so how does that make you feel? You know the idea of connecting with the emotions are talking to grow and then about the emotions it’s not something that particularly comfortable with but most of them that I know of because they’ve been in it that long, they didn’t come in after the industry started. They migrated from I. T. But essentially I. T. People are either The boss said we need something to do security Europe or this or are they thought wow you get 20% bump in salary, I’ll do it. So they’re not the kind of leaders that we expect them to be uh which is which is unfortunate but leadership to some extent. Can we talk? So I I would love to see mosquitoes recognize not only the the harm is ignoring this for themselves and for the team but the incredible value of addressing it’s a no brainer to me. I mean it is a brainer because it’s all in our heads but it’s a no brainer to embrace mental health security. Is that even if you if you just understand how the brain works how the chemicals in the brain work particularly consult. So we’re just looking at stress didn’t aside mental mental illness but I mean they do connect, they do insult to each other but stressed particularly the killer is cortisol that that when cortisol remains high becomes toxic and then each, I mean quite literally eat your brain cells. So not only is he creating physical, it was, it’s uh, it’s hurting everything from your respiratory system to your moon, your immune system to your reproductive system. But its greatest impact is on your cognitive function. It’s hurting your memory, your decision, making your attention, your focus aren’t all those things that you’re paying your security team for. You know, you’re not paying them for how they look. You’re paying them for their ability to make decisions, to spot trends, to spot anomalies to react quickly to remember stuff that you pay them a fortune to training. And the stress that you’re not addressing is killing all that I’m not. So you’re not going to do your team, do it for organization because that’s creating holes in. If you’re stressed, unchecked leads to burnout burnout leads to check out. People just stopped caring. They show up at the present is um, um, so if they’re not engaged, that creating a more vulnerabilities for your organization and we know our adversaries are noticing that we’re seeing chatter that if if they keep wearing down security people, that’s gonna blow a home effect. So you know, just from the security strategy, just from wanting to reduce your vulnerabilities is a good enough reason to address mental health apart from the fact that it’s a good, decent, honorable, ethical human thing to do for your bodies.

[00:25:05] Evan Francen: Yeah, absolutely. And thank God we don’t get paid for our look because you know, that’s why

[00:25:12] Neal O’Farrell: that’s why I that’s why I wear a beard. I mean, you know, so they don’t see what I really look like. I mean the first I I shave this off once and my girlfriend ran away. You know, that’s for me. The one outside of Covid is that I hide this when I’m out in public. So yeah, they are not paying us far. That’s for sure.

[00:25:33] Evan Francen: Well, I’d be broke for sure. You know, I’d be homeless. But you know, the uh, Yuki on some really good points. You know that that’s another reason why I love talking to people like you because you spur thought, right, there’s nuggets of real wisdom and the things that you’re saying, well, you talk about leadership in our industry now, Pat Joyce, the person that I mentioned, my name is an amazing leader. I mean incredible. He didn’t grow up as a security person. He grew up as a leader in the military and learned security stuff, right? I mean, he’s, I would, I would work for that guy any day. And so those are people that I like to, you know attached to because one you can use them. You know, it sounds weird, but for noble causes, right if we can get Pat Joyce and open his doors to other csos because they’re all peers, right. He knows Jim O’Connor the sea. So at Cargill and so on and so forth. And so let’s get this group, Let’s not let this die on the vine. That is a real significant issue. And we can lead every other industry. You know, I know other industries have their own stresses, they have their own things that they deal with. You know, I can only imagine first responders, you know, my son’s a police officer in Kansas and I drove down there in the summer, uh, specifically to ask him face to face, how you doing? How’s your head? Yeah, getting help. And it was sad like, you know, he’s doing okay and the Police Department has help, but nobody goes to see that help because if you go to see that help now goes on your record now, something bad happens on the street that’s going to be held against you, you’re going to get cut down for a promotion. It’s like that is the exact opposite we need to be doing with people. Yeah. That are self aware enough to get the help they need to be healthy.

[00:27:39] Neal O’Farrell: And it’s it’s a workplace injury. He’s only that way are there only that way because of the incredible risks that they’re taking for a pretty pitiful salary.

[00:27:51] Evan Francen: It’s nuts. And I like the way you you’re also you give me thinking too about how what message is going to resonate, right? Different messages resonated with different people, You know, thinking that there’s one message if I just nailed this one thing because the why, why hasn’t this been addressed? Why isn’t this being addressed on a more, it’s being addressed here and there. But on a more like global, you know, everybody’s scale. It’s not one messages, there’s got to be different messages for different people for business leaders. What’s the message? Well, you mentioned, I’m not getting what I paid for the security people might be, hey, you’ve got a bunch of vulnerabilities that you’re not even accounting for, right? I mean, this is gonna be fun figuring these things out.

[00:28:40] Neal O’Farrell: Yeah. And there’s, I mean there’s so many Vulnerabilities, uh, what one is, is a staffing vulnerability. If you break the click, who, you know who, who fills the spot, who steps up to the line and takes the place, there is no one. And also there’s a good chance of the most, the most burned out of the people who have been there long enough to be burned out, which means that your most talented, so You know, you can, you can lose someone who’s been in the soft for 12 months because they decided this is too stressful. I don’t like the shift or whatever. But when you’ve got two members who have been doing this for 20 years and then decide, decide I’m done. I need to, I need to mind my mind, you’re losing your most valuable people unnecessarily. And I, so I, I think we, I think we have to in order to get security leaders to really buy into and and buying into it means uh all the time for a long time. Not just you know, let’s do it. Let’s let’s send them to a webinar seminar and check the box and move on. Um, but I think they need to move beyond just the personal aspect of it that these are humans that your friends, they usually take your family. You should be taking care of them and make it a security imperative and risk management because that allows them to justify to their superiors why you guys are all, you know, taking a half day off every friday just to come together and vent scream and you know, what do you mean? You want a budget for a crying room, you know, You know? Well, I guess it works. Um, I think we’ll see those two. I think we have to almost give them a kid. So we can I think the biggest resistance, I’ve seen two resistance. One as it doesn’t matter. It doesn’t work. And I think that’s just inhuman. It shouldn’t be a boss or CAesar or have a job. And the other is we don’t know how to do. We don’t know where to start. So maybe start there said, Okay, well, you know, just accept, take our word or I’ll see you talked about last time or else we will unionize. Um, but take our word for it that that this has tremendous benefits. And 50 years of science that shows, you know that you can manage stress. You can tame the demons on the range, but give them a kick, give him a system that they can just plug in and say, okay, Here are 10 things that we can do to, to mind the minds of our security teams and it’s going to make everything better and just just rinse and repeat. And so many of them were so easy. You know, I mentioned about the crying room. Um, there’s a lot, there’s a lot of good science that that that that that supports the idea of just giving people an opportunity to vent and to scream and bitch and moan is incredibly cathartic. It lowers cholesterol, It raises dopamine and and and and endorphins and serotonin and oxytocin all the good homes. It makes you feel a lot better. Well, if it makes you feel better, do it often. So a lot of the solutions are incredibly simple. So there’s no excuse and they’re free. You don’t need to bring it up a team of psychiatrists and therapists. Um, Commander security team. A lot of it is just acknowledging to your security, for example that you recognize that what they’re going through and that you’re going through the same thing. You have stress to come from different places that have different forms and shapes, but you’re just as burnt out as they are. So it’s um I know you can sense the frustration. The solutions are very easy. What’s absent is the leadership, The recognition that this is for the threat and an opportunity.

[00:32:23] Evan Francen: Yes, Yeah, I think so. Who you’re a leader? I’m a leader. Let’s get more leaders, right? Let’s do. Because, you know, first time we talked, you know, it was the first, it was just an introduction. You know, steve Marston made the introduction and you know, okay, you have the meeting and it’s like, wow, there’s something here I want to attach to this, I want to be part of this. And then you get another meeting. It’s like, okay, here’s some things ideas that are floating around in my head, your head, our head and then it’s like, okay, let’s get a podcast, let’s talk about it. Let’s let’s just continue because you’re right, it has to be consistency. This isn’t about um a flash in the pan, you know, that doesn’t lead to good habits. These are habits in order to be habitual in order to be healthy. You have to have good habits and those take time. That’s a lifestyle. And uh you know, I’m there’s still a ton of ideas, you know, floating around, but I think we can lead every uh you know, sadly, uh I’ve lost two coworkers too. Suicide. Um I don’t know if it was, I don’t know if there were other mental health issues. All I know is there not here anymore? They checked out. Yeah. The ultimate check out and but I cared deeply about both of them. I would have done just about anything for both of them had I known one of those was Robbie. You know who I every talk I give. You know? Well we 30 40 talks a year. Um He’s the first two sides are dedicated to this. They’re dedicated to mental

[00:34:18] Neal O’Farrell: health.

[00:34:20] Evan Francen: We cite the first the first slide is these are the statistics. These are the sad sad statistics and the saddest statistic I think on that slide is 41% only 41% of us people, not just security people, only 41% of us ever get help.

[00:34:41] Neal O’Farrell: Uh huh.

[00:34:44] Evan Francen: Second that means 59% of the people with mental health issues are trying to fight this by themselves.

[00:34:51] Neal O’Farrell: And most of the 41% to get help. Don’t get much helper in the help. Mhm. If they tell us helps expensive.

[00:35:00] Evan Francen: Well that was another thing that you and I we talked about. Okay if I have a mental health issue which I do and I think most of us do at any given point in our life and it’s better ebbs and flows. Some days it’s better some days it’s worse. But when I pick up the phone and I’m ready to hit that red button, I don’t want to talk to. Hr I don’t want to talk to a therapist. I don’t want to talk to a doctor. I want to talk to somebody like me who’s been there been through this.

[00:35:32] Neal O’Farrell: Yeah. Yeah a comrade in arms. Someone who someone who gets it. Someone who’s lived it. Not just someone from the outside who’s clinically this thing but it brings up something that’s very important. I was just thinking about it area there are two sides to the solution. One is I called it cell culture, environment and leadership. So so that’s what your your employer your workplace is doing or should be doing a culture of supporting mental wellness, self identifying those who are suffering up of removing stigma of encouraging them of making them know that it’s safe to come forward to put your hand up to speak up but the other itself up there are so many things that we can do to manage our own demons now whether there where whether it’s mental illness or stress work related stress. There are so many tools and techniques and I I started trying them for myself. Uh I found I started doing mindfulness for example now. So so you can picture this I died in the world. Card carrying irish Civic who’s told just to stood up sit down and breathe for 10 minutes minutes and it’s going to change your life right? And of course A. D. H. D. I can’t sit still for 10 seconds. So I mean I always have to tie myself down to 10 minutes. But I did it. I tried it and I had and the phone by my side with the timer on it and I had you know and the earphones and I was listening to some music and I kept looking at the phone over there yet. Are we there yet? Are we there yet? Kind of stop this. But I have to say I stood up from that 10 minutes and it was the most euphoric sense of calm and peace that I have ever discovered. And it got me hooked on mindfulness completely as a way to lower my stress. My stress was killing me. I blood pressure, high blood pressure for 20 years. My cholesterol was so high my doctor said my machine can’t read it. You really ought to you know do something about this. I was admitted to hospital because of a suspected heart attack. All this kind of stuff. So now I’m trying so now that I got hooked on mindful or something oh shit this stuff really works. What else what else works? What else have I been missing that doesn’t involve. And I also find that just About two months of of of meditation Ended 20 years of medication. I was able to bring my blood pressure down to such a level. But I no longer needed that medication. It was it really was a fantastic feeling those great mental health building and great for my mental health because he told me this stuff actually works. It’s not, it is in my head, but it’s not in my head, but it is in my head. So now I’m exploring things like positive psychology, you know, most of the resilience and sky breath meditation, have you tried sky breath meditation? I’m still in it. So yeah, I think it was jailed in the study recently where they put a bunch of veterans from Iraq and Afghanistan through sky breath meditation. It took him about a week to learn it. It’s a little bit, it’s breathing, it’s really, it’s nothing more than breathing. That’s amazing how breathing manages your emotions and your chemicals, this brain out to me. But they saw their anxiety level levels reduced to normal within a week and remain that way for a year. Um, so there are incredible tools out there that I’m only beginning to learn was incredibly cynical about it. My wife does yoga and you look at that, there’s no way I’m putting my body through that my body can’t get to that, you know, I can’t do downward dog, I can I can I can do sleeping cow, you know, that’s that’s the best that I can do. But there are so many things that we can do to help ourselves um to manage stress and and one of the most powerful tools and security stopped giving a shit. I think we have too many self imposed, unrealistic expectations and fears. You know, we have to accept the theory of acceptable losses. There are we are going to lose sometimes, you know, but that’s where we’re managing risk. We’re not putting out all the fires were just stopping the burden down the neighborhood. So I think we have to we have to push it from both ends. We have to put persuade our leaders to lead on this or we have to take care of ourselves too. And we and that means learning, taking care doesn’t mean I’m going to eat better and drink less because I like, you know, eating badly and drinking more. But there are lots of ways that we can find our minds are incredibly powerful. We just need to be more inquisitive and less cynical about.

[00:40:25] Evan Francen: I love it. I love it, man, it makes a lot of sense because I don’t think any time and we there’s so many themes here, but they’re all the theme of, you know, you and I don’t know, I can’t remember if we had started recording this podcast yet or not, but we’re talking about the complexity of life and how it was simpler actually. I think it was in the podcast. Um there’s so many distractions nowadays. There’s so many things were bidding bombarded by information all over the place and not just information, but also disinformation. So if you’re confused, Welcome to the party. Were all confused. This is 2020. Uh but the fact that you are, I think it’s really important to be intentional. So it’s not just gonna magically happen. You’re not just gonna magically put those headphones on and magically find yourself where you were with the mindfulness. You have to do it. You have to and there are people who care people who are resources. You know, I’m gonna follow up with you, you know, after this and try to get a list of resources that we can provide to people. Um and it makes a huge difference because your mind controls, you’ve mentioned how your mind, the health of your mind can control your blood pressure, sure control your uh everything, right. It’s the central part of your entire being is your mind.

[00:41:50] Neal O’Farrell: Yeah. I mean if you look at the studies that, I mean, again, we’re going back 50 years, the incredible connection between the chemicals in your brain and everything that you are and do and feel. Um so whatever, you know, as you came chemicals go out of imbalance and for most of us they do were less happy, were more stressed. So we’ve got less dopamine and serotonin. Uh we’ve got more cortisol and that flows down through your body. I mean, you ever wonder why you get fat when you are you put on weight when you’re stressed. It’s not just if you’re eating more is because courses all create glucose glucose sits on the waist and all connected and the more we realize about not just how they connected, but how we can control them. And again now now just this is not some fringy new agey craft. You know I’ve I’ve been through that moment that this is just really this is just ridiculous. This is not science, but when you try it and suddenly it works and that’s to me is the is the addictive part of it. If you know like you 88 steve it doesn’t work. Now I’m gone. You know I want instant proof. Absolutely. It’s a proof of concept or I don’t believe it. I got instant proof. I hope that I keep doing that And it started I don’t have to tie myself down anymore. But the more we learn about how our self imposed stress um uh Guides us kind of everything that we do good and bad and that we are so much in charge of that it just it changes your perspective greatly. I’m lucky I was able to quit security after 50 or four years. Even if I’m not fully equipped like come, on please try to be back but you can’t quit. A lot of what bugs you. And you know 11 thing that I found and I started to teach is recognizing the difference between stress and stress as I mentioned this, people there’s no stress and security absolutely zero. There are thousands stressors, how you process them, how you deal with them, how you let them eat you or not is entirely up to you. And that’s one thing about mindfulness. It’s not meditation. It’s not saying I’m shutting everything out there saying I’m letting everything come in and I’m just saying I don’t care. It’s all right. I don’t care, I don’t care about the long arms. I’m dealing with that. I just you stop the stress or eating at you and it’s an incredibly powerful way to do your world. So you don’t have to leave security to deal with the press. You you you you can you can let it bounce off. You can still get in that enjoyment and fulfillment and enjoy that passion and don’t have to throw away something that you can invest in 20 years of your life. And it’s if there are no absolute you can be insecurity, you can be in a stressful environment and not be stressed

[00:44:41] Evan Francen: right? And when you talk about science, I mean it is legitimate science. It’s observational science, where there’s observational science, there’s historical science, observational sciences, do this and observe the outcome, observe what happened. And so it is scientific. You know, it may seem weird and new a g to a lot of things do when you’ve never tried them on their foreign right? But you need to just do it.

[00:45:10] Neal O’Farrell: The military is now using mindfulness as part of its routine. Pre and post deployment prisons are now using mindfulness teaching uh prisoners to to to use mindfulness to deal with the chaos of prison life. Uh schools are now using it to reduce bully because a lot of bullying comes from internal stress and then you externalize it. So yeah, the weight of science over store and there’s over 1000 studies just online and then there are lots of different types of mindfulness, didn’t touch meditation, there is something for everyone. But when you see, you know, places are tough and cynical as military in prisons, music, you know, there’s something there was exploring.

[00:45:55] Evan Francen: Exactly. Absolutely. Well, two things before we, you know, wrap up, um because seriously we could spend all day talking because I learned a lot and it connects dots, I’m a dot connector too. So if there’s this random thought over here in this random thought over here in this thing over here and I saw this over there, I’m always looking for relationships. So that’s why Covid has driven me absolutely freaking batty because we have got him, we’ll get started the so cyber resilience project for listeners. It’s ps why be er resilience R E S I L E N C E all one word project and we can find you online at the P S Y B E R project dot com.

[00:46:49] Neal O’Farrell: There you go. I was doing, I wasn’t going to use the entire name in the RL because no one would would would never find the site, you know, spending is bad enough for most of it. So yeah, that that cyber project dot com and you know, there isn’t a huge amount there now I need to start filling it up with and linking it to other resources. But I think if we took a conversation like this and magnified it to include 100 people and start actually drilling down to these self help tools. I mean, you know, a a cybersecurity, mindfulness plants, just teaching people, pick one tool that we know has proven efficacy in reducing stress. Just focus on one small battle small wind. There’s a simple and very practical outcome from this more holistic conversation. Um you know, I would love to get sizzles and you know, shipping and issuing the word young, you know, finding, you know, going down hunting for their chakras. Maybe it might be a little bit extreme. But you know, just just just um you talked about mental health hackers. I mean they should do such a fantastic job. They’re they’re they’re working full time. They can only devote a certain amount of time and resources this and they are they’re they’re very thinly funded. Um so I I would love one will be having the bigger conversation and more voices are louder voices to a point that there’s action in the meantime, how do we help those who are struggling? We have two separate mental illness from stress, mental illness is tricky. We have to acknowledge. I mean so full disclosure and I was only, I mean I’ve had this since I was a kid. But severe social anxiety with avoidant personality. That’s one of my demons A. D. H. D. Another one of my demons and chronic depression very common amongst the irish. So on their own that could be pretty devastating when they get together like I spoke about earlier so I could just a nonstop party just ends up being tiresome. Um But when we need more people and I worked in the intelligence community I’ve I was advised I’ve been a security adviser, congressional committee of advised the irish government, the british government, the Bulgarian government. I mean it hasn’t stopped me in my career and I think it might if I decided to stay in security might actually help me. But we need we need our our comrades are hello uh security professionals to feel comfortable saying I am this, I have this now, how can you help me? Um So I think you know hands up skirts up, you know show us what you got. I think that’s a great starting point. I think if we can just get more people to say I’m dealing with this too and I’m no longer ashamed to do it, to say it. And it takes incredible courage. It sounds crazy but it It took me incredible courage to sit down and breathe for 10 minutes. You know because I was so cynical about it and so nervous about anyone finding out that I’m doing this meditation stuff. Um But yeah let’s, let’s see if we can divide and conquer. Finding some things that we really can address now. I I think, I think it’s two things people were struggling with mental illness. If you want to come out and you want to support, we absolutely have to support them and let them know that we will support them and it won’t die in the vine. And we are here in a year or two years whenever they’re spiraling down when they’re in a trough, they’re having a depressive moment, they’re suicidal and whatever it is we are there and they know who we are so they can call us. It’s not just you arrive, but there might be 100 people they can call and then focus on stress. I think stress stress management makes the job the mission a lot easier to deal with and take some of the pressure off the mental illness you can do with that. And particularly pTSd with so many military law enforcement coming into security, they’re coming in broken already and they think that coming from the streets um it’s going to ease the stress and they found that it really hasn’t, it’s just morphed into some a different type of stress. So we have a few things I think to, you know, to do here.

[00:51:12] Evan Francen: Yeah, well that’s and I, you know, it’s like relationships to um so many relationships we have in our industry or transactional where it’s, you know, you have a relationship, you do something and then you both go your separate ways and you know, give me never talk, I think, and I’m saying this to, you know, for us because I do want to stay, I don’t want that to happen here with you in the cyber resilience project and in me and secure studio, because if we’re going to make a difference, we have to stay committed to making a difference. We need

[00:51:55] Neal O’Farrell: to

[00:51:55] Evan Francen: continue to push to overcome obstacles. You know, there’s gonna be plenty of resistance along the way. We’re going to need encouragement, we’re gonna need focus, you know, just to continue to push and push through people’s lives actually do depend on.

[00:52:15] Neal O’Farrell: Yeah, well it’s

[00:52:16] Evan Francen: the truth.

[00:52:17] Neal O’Farrell: Mental illness is like a puppy, it’s not just for christmas is for life and, and, and this is something that I’m very conscious of. You can, you know, this is, you can, it’s not a flash bang, you can’t just toss it in and walk away. Um, if you and I are raising this issue and others are raising these issues and we engage and, and even one person in, in, in, in this audience today says, you’ve got me, you got me, I, you’ve, you’ve said so many things that resonate, I’m ready to confront these demons, I’m ready to deal with that. I’m ready to try something, we can walk away now, we we we have, we have on court this, so now we have to we have to be there and and when I retire from this, someone else has got to be there. It’s almost like we have to train the core of of uh head cases, you know, um to to because more people are coming into the industry not realizing that it could kill you. Uh you know, if not literally figuratively, it will it will hurt you. It will it will change your mind. So we have to maybe our next conversation is how do we keep, you know, Aaron this group? How do we how do we do that? How do we how do we reach out and help individuals? How do we give them tools so that the bigger war is going on, we can help to fight an individual even about,

[00:53:46] Evan Francen: Let’s do that. So, uh are you open next Tuesday morning for episode 103 picks up or should we push you out another?

[00:53:59] Neal O’Farrell: Let me check. But probably and I can I can I can be back to you in in an hour and then, you know, but I can certainly do this weekly. There’s, you know, you know, almost like a dr Phil or for for our community, but none of them would like to like dr Phil, we’re not real doctors either.

[00:54:20] Evan Francen: Right?

[00:54:22] Neal O’Farrell: But

[00:54:24] Evan Francen: doctors healed people, you know what I mean? There’s there’s the accredited doctors and there’s us, we sort of our doctors as we’re helping people in our industry, a doctor can’t do this, A psychiatrist can’t do this. You have to be one of us have to resonate us. You have to understand what goes on in the mind of us to help us. It’s got to be us.

[00:54:51] Neal O’Farrell: It’s again going back, I’m really scientific guy. I like people like evidence and something that’s been done over the long term. But talk therapy is central to mental wellness, but it all depends on who’s in the conversation. And I think you and I could, and we talked like this for days, we could probably rewire a lot of our own thinking because we can learn from each other. So we need just to magnify that I agree. You know, I’m not trying to put their percent of business, but right now in this industry at this time under these circumstances, it really is people like us sharing what we’ve learned and encouraging to others share and to learn. So just more of this could be one of the greatest therapies that we’ve told a girl.

[00:55:38] Evan Francen: Yeah, I totally agree. Alright, well you’re going to check on, you know, uh, next week because it would be because I’m going to go back to the recording and I’m actually gonna pull out the thing that you said for the next steps. You know, keeping air on the boat, getting resources and so we’ll come prepared next week with, hey, here’s, here’s some things. It will be, it will be awesome. I think a lot of our listeners this will be they’ve never heard of the cyber resilience project boom. I have yeah you know it’s a resource that you can go and uh and I get to take the survey. I took the survey myself. I thought it was really good. It wasn’t painful. I didn’t have I didn’t finish drama

[00:56:24] Neal O’Farrell: or no drama, yep

[00:56:27] Evan Francen: nope. I kept my D. N. A. So that’s good. Yeah

[00:56:32] Neal O’Farrell: I just want to say one thing about the survey too that I found just from the feedback is um giving people an opportunity to ask and answer those tough questions can be pretty cathartic. I’ve had a lot of comments from that service saying no one has ever asked me that which means I’ve never had a chance to say that and the fact that it’s anonymous game even more courage to say. But now you know, so anyway. Yeah I mean the study on its own simply asking the questions has triggered things. A lot of people who never thought they were allowed to be asked those and that anyone actually cared. So maybe that’s something that we need to, it’s the crying room. It’s the screaming room. It’s the padded room. Uh So yeah I’m willing to keep doing this absolutely

[00:57:19] Evan Francen: awesome. And again for listeners it’s th e so the cyber P. S. Y. B. R. Project dot com. Go check it out go get it. Um yeah, go take the survey, do whatever. Uh yeah, you need. So, um we’re not gonna do news, uh because we’re running up against time, which is awesome because news is just kind of a filler anyway, so it’s awesome that we’re able to chew that up. Um uh this is episode one or two, and we’re just about complete thanks Neal awesome discussion, man. I uh just so much, uh yeah, good thought things and you’re a good person. Which is nice because if I’m getting this kind of information from somebody that I sense that I can’t trust, well, that can be dangerous too. So, uh, you know, just yeah,

[00:58:13] Neal O’Farrell: yeah, it goes it goes back to our conversation about this information. You have to trust the sort, I’m trusting the sources that I’m getting it from, and so I’m hoping, you know, I’m living it. I’m at the tail end of my career. So it’s I don’t think there’s much I haven’t seen. But yeah, we have to we have to be true. We have to be honest, and people will see through bullshit too. Let’s let’s end this podcast on the word bullshit. I think that’s always a good way.

[00:58:42] Evan Francen: We’ll get through this part first and then we’ll do that.

[00:58:46] Neal O’Farrell: So

[00:58:47] Evan Francen: we’re grateful for our listeners. We always have to say that because we truly are. It’s cool to have them again, email things like that. If you need to send us email, it’s unsecurity@protonmail.com. If you’re the social type, who doesn’t like the longhand email and you like to limit yourself to 140 characters or less twitter. I’m @EvanFrancen Brad’s @BradNigh. Neal, do you have a do you have a preference or a preferred way for people to reach out to you?

[00:59:14] Neal O’Farrell: Uh gee I have 1000 email addresses, which is the prettiest uh neal@psyberproject.com. Let’s try that.

[00:59:25] Evan Francen: Perfect. Perfect. Lastly, security studio, it’s @StudioSecurity and FRSecure @FRSecure for more things about what we do. Uh that’s it. And as Neal, you’ll end it with the last word of wisdom. What is it?

[00:59:42] Neal O’Farrell: Oh, you are, you are in charge of your mind more than you think I was going to teach you how?

[00:59:48] Evan Francen: Okay, But you were supposed to end with the word bullshit.

[00:59:52] Neal O’Farrell: Well, you just did.

[00:59:54] Evan Francen: Oh, okay. Well bullshit then.

[00:59:56] Neal O’Farrell: Thank you. Thanks man. Thank them and good talking to you. I appreciate you shining the light on this.