Post AP46yD6dwz2PmxgaS8 by SandPaper@infosec.exchange
 (DIR) More posts by SandPaper@infosec.exchange
 (DIR) Post #AP46yBexKRIRInixeq by tara@infosec.exchange
       2022-10-29T14:11:00Z
       
       0 likes, 0 repeats
       
       How do you balance being burnt out from overwhelming regular job duties with needing to keep up with all the new information/learning coming at you everyday? I feel like a wrung-out rag at the end of each work day (and the weekend).. #grc #worklifebalance
       
 (DIR) Post #AP46yCA9SSFYrYJsHY by jerry@infosec.exchange
       2022-10-29T14:12:33Z
       
       0 likes, 0 repeats
       
       @tara I have yet to find that balance. Commenting to follow along
       
 (DIR) Post #AP46yCfLaTCgQIumuG by tara@infosec.exchange
       2022-10-29T14:14:29Z
       
       0 likes, 0 repeats
       
       @jerry Hah! I feel like I'm running a never-ending marathon a lot of days. From the time I log on until I log off, someone needs something. And security isn't thought of at the beginning of a lot of processes, so sometimes things get backburnered. So I end up with stuff like "Hey, here are 16 draft policies we need your feedback on by Monday." (Actual example from this past Tuesday.)
       
 (DIR) Post #AP46yD6dwz2PmxgaS8 by SandPaper@infosec.exchange
       2022-10-29T14:55:29Z
       
       0 likes, 0 repeats
       
       @tara @jerry that’s A LOT of policies. At a prior company, I walked into 100+ policies. Had a consultant help me consolidate them down to 28. Still too many at current $company but at least the mantra is “how can we make this fewer?” And “this is more of a standard / guideline than a policy.”As for my own burn out, it hit hard in 2018-2019. I was wearing every hat at a small company. Finally, I just had to move on and I was lucky enough to find somewhere great. It still took about a year to come back to even mentally and it still goes up and down. I imagine there’s no One Size Fits All solution but I find these help me but aren’t perfect:- I block off my calendar for the start and end of my day to avoid meetings bleeding into the transition. This helps set a hard stop at the end of the day. This is hard. There’s always one more thing or my perfectionism/desire to help others accomplish their goals gets in the way. - I also block off consistent chunks of my week in a recurring series for my own work / plans to do. This gets edited or shuffled as needed as things come in or I plan my week. But at least having it blocked off helps keep it more available to me when people are throwing meetings around.- I don’t accept meetings that don’t have an agenda. I have a detailed agenda in my own. Tell me what you want to get out of the meeting or why you need my time. If no agenda, I ask for this info before accepting. It’s usually “decide on X” or “answer these questions.” This helps keep a meeting from derailing. Too many or bad meetings can kill your feeling of accomplishment because they suck time from your progress on work.- Empathy. So how does this help burnout? A lot of my job is driving others to remediate things. I need them to do something. Having empathy helps build rapport and people are likely to complete tasks on which I depend. It’s also reciprocal and they understand my challenges. This leads to less stress. - I set a weekly list of things I want/need to accomplish. I’ve learned to keep this short. If it’s long and incomplete at the end of the week, this can appear like failure mentally.- This may be counterintuitive, but avoid doing things yourself that are the responsibility of others. Let’s say you need something accomplished from someone and they’re unresponsive/behind but you have the ability to do it. If you do it once, it’s likely to always be on your plate moving forward.I could probably keep brain storming and typing but this is already a lot. This doesn’t touch on things you could do outside of work to help burnout. Hopefully it’s on point and you find it helpful.
       
 (DIR) Post #AP46yDfNropLWhwKbQ by TurdFerguson@noagendasocial.com
       2022-10-29T16:42:13Z
       
       0 likes, 0 repeats
       
       @SandPaper @tara @jerry One way is to have a sunset date that is monitored by your controls team and then when it's due that team contacts them to do a technical review.  The other way I can think of is to do slow roll offs.   That is where an arbitrary limit is set on the number of policies and in order to add a new one the need to get rid of an old one or combine it into an existing one, keep in mind there are exceptions
       
 (DIR) Post #AP495tfKJVgfighYxc by tara@infosec.exchange
       2022-10-29T17:06:01Z
       
       0 likes, 0 repeats
       
       @TurdFerguson  @SandPaper @jerry Gosh, if only I had control over how many policies folks make at my work. :D I've been begging the policy writers to please consider how many policies/standards/specs they're putting out compared to how many I can get in front of my technical team -- especially since they work in 2-week sprints, and those sprints are sacred and holy -- and the policies greatly impact my team. But it's all fallen on deaf ears.
       
 (DIR) Post #AP4nYP8wrzntcZhnBw by TurdFerguson@noagendasocial.com
       2022-10-30T00:39:24Z
       
       0 likes, 0 repeats
       
       @tara @SandPaper @jerry I feel you.  My work has never budgeted or way under budgeted for unforseen projects in the last 5 years at least so around the 1st qtr of the last 5 years they remove all of our BAU sprint points and move all story points/hours for the year out of our process