Last week I attended The European Information Security Summit 2019 and spoke on the closing keynote panel at the end of the second day. The topic was “Unacceptable personal pressure: How senior Cyber Security Executives safeguard their own mental health, and those of their teams”, and as a panel we were surprisingly open about our experiences. Afterwards a number of people spoke to us about how pleased they were that we had been open and honest about a subject that is so often swept under the carpet as too difficult to deal with or just plain embarrassing. I have also seen the LinkedIn articles written since get a huge amount of traction with every comment a positive and supportive one.

I briefly told my story last week, and so have decided to elaborate a little more to a larger audience here. This is not meant to be virtue signalling, or jumping on the bandwagon, but rather a message to everyone out there who has suffered in silence and felt they were the only one with these feelings. These are the “highlights”, and some parts of the story are just between me and, well me, but I am sure this will paint the correct picture.

My last role was challenging to say the least; as a  newly minted CISO I was tasked with building a security team from the ground up (again) in a large global organisation that was as politically charged as it was not interested in security. We did well, growing to over 60 people at last count before I left, and were considered a high performing team who collaborated and never said no. People enjoyed working with us and we took on more and more work and constantly delivered.

The cost though was an intense environment where my main role was PowerPoint and politics, and constant air support for the team. Combine a tough travel schedule and the global, always on element, I never truly switched off. That said, one of my mottos was “Work Hard, Play Hard” so evenings with teams, internal clients and their customers in different countries were long, hilarious and helped us bond even closer to perform even better. Frankly it was exhausting and my sleep suffered.

So I did what every self respecting professional does, and started to self medicate with alcohol. It was, for the most part free from British Airways and Hilton, or on expenses (see above). It wasn’t a problem as I had a good tolerance, was a happy (maybe even hilarious) drunk, and while stupid things were done, it only bought us closer and more effective as a team.

And it wasn’t a problem for a number of years… until it suddenly was.

2017 was a very difficult year for me. In that year I drank almost every single day to excess as a result. I would get up in the morning and carry on working until the end of the day and I would start again. I wasn’t an alcoholic as I didn’t need to drink 24 x 7, so that was OK. I also managed to spend thousands of my own money on nights out with friends and team mates, pushing myself seriously into debt. My anxiety, stress and depression were getting worse, but I was able to medicate for that myself, so no problem.

Then came Rome. I will save you, dear reader, from the gory details, suffice to say that at 5am on a Monday morning at the end of September I found myself at the top of a building incoherent with emotion, raging at the universe, and willing myself to jump off. I had lost my third phone that year from the nights entertainment, had driven myself further into debt and I just couldn’t do it anymore.

Thankfully, an ambulance turned up, I was talked down, hospitalised for a few hours and then discharged. With no phone, in a foreign country, no idea of where my hotel was or where I even was, I managed (in a complete blur) to get back to the hotel, call my wife, get to the airport and get home only to spend the next four weeks in the care of the NHS and my family, and off work.

The irony of my situation wasn’t lost on me; here I was, a successful, well paid, C-Level Executive, ostensibly well known and regarded in the industry, and I am clinically depressed and suicidal. Therefore to say I was scared, lonely and emotional would be an understatement, and I decided to make some changes in my life.

Two of those changes are of direct relevance here;

1. I stopped drinking alcohol. I was classed as a Non-Dependent Alcoholic and as a result was tasked with cutting down my intake dramatically. I decided to stop entirely, a choice I would have considered unthinkable, even laughable, just a few months before. I haven’t drunk alcohol since, not because I can’t allow myself to, but because it simply isn’t an important part of my life now.
2. I decided to be more open about my mental health issues with not only my family, but my friends and work colleagues, and address them proactively.  I was not going to be defined by this event and lifestyle change, and I also wasn’t going to be held to ransom, mistakenly or maliciously, by the events I have just disclosed above. I have yet to discover anyone who I confided in who was at the very least supportive, if not understanding, be they family, friends and especially my team.

There is of course a damn good reason why I am sharing this with you. What follows is my takeaways for everyone who read the above and felt it resonated with them even just a little.

1. Alcohol is a bad way to treat yourself for anything longer than a few days. Talk to a doctor or therapist sooner rather than later and save yourself a life threatening event to wake you up.
2. There is no stigma in sharing your mental health struggles. I am constantly amazed at the overwhelmingly positive response from everyone I talk to about my personal experiences. If your friends and colleagues are not supportive of you, perhaps you should question why you are in the state of mental decline in the first place.
3. If you work for a good company, and/or have a good team, your time out of the office will be dealt with and accommodated for allowing you to recover. When you come back, you will do so with more energy and vigour than most other members of the team. If you are not being supported, see point 2.
4. If a member of your team is struggling, you don’t actually have to do much to help. Communicating to them that they should take whatever time they need to address their issues, and not asking questions is all that is needed. If your team can’t take up the slack, then how are they going to cope during an incident anyway?
5. Be supportive if you can; it is difficult, but even small gestures like gifts of tea and chocolate (you know who you are…) or staying in touch over instant messenger to make sure someone is OK is also a great way to show your support. Humour helps too.

I’m going to close this with a call to action. This isn’t some virtue signalling programme that I will front up on Twitter and Facebook, but rather a call for everyone to include mental health topics in their team meetings, their management reports and metrics, as well as face to face meetings. The financial losses to our industry are probably staggering because of mental health issues, so we should be tracking and probing on it in our organisations as much as gender or racial diversity.

I want to reiterate, again, that if you are feeling it, someone else is feeling it too. Now you know what I have been through, I hope it means you now you have someone you can reach out to as well, or have to courage to seek help and support when before you didn’t.

As for me, I have never been better these last 18 months or so. I sleep better, I work better, I manage stress better, and I am pretty sure my jokes are better too. Therefore, I leave you with this unattributed quote:

I wouldn’t recommend suicide, it’s bloody dangerous. I nearly killed myself…

Note: I am going to be at the RSA conference in San Francisco in a 
couple of weeks time, as well as at a variety of other conferences 
over the coming months. Please do say hello and let me know your 
thoughts on this topic. Should it be as mainstream as I suggest, 
or should we just stick with the stiff upper lip approach?
Can and should we be doing something else?