Infosec blog, ramblings about things, generally just wanting to educate, opinions are either my own or used as reference. Might as well assume nothing is true, but with a little knowledge and reference, you should be able to test to prove for yourselves. That's the goal anyway.
When i saw this say cyber security ptsd, i though: wow did someone just recognize that cyber security is wartime activity? or wow, did someone acknowledge that people are often damaged by previous battles so they find it hard to overcome new battles?
Instead this is a high level overview of how people become burnouts if over or under worked.
Lets play a game here, lets pretend you and i are on a 6 man criminal hacking group together. Neither of us are the leader, but we are both considered appropriate for our ideas. My idea is to make conversation in reference sets only and pgp(rsa4096) encrypt files or data shared. To protect our operarions.Your ideas relate to targets, objectives, etc..
We find someone poking in one of our servers. Fuck, is there anything that can dox us? we dont want them knowing we're in and monitoring so lets step back and find a backdoor. Shit. we had to break in almost the same way as him and escalate up. He's probably setup everything he could by now. "find every inode change for the past 48 hours!" there it is, the orders given. We have to do analysis on a changing machine, while its changing, because some fuck nut forgot to patch services with the latest updates. We quickly throw together two bots, one to observe and remotely report (stdout piping) inode changes, another to pull every file as it is with md5s, sha1s, and the full file contents. Hell, half the team is googling inodes. Fuck. Because this isnt just a bot server but an operational server, we are both getting yelled at and spammed by everyone for how the fuck did we let it happen. At the end of the day, 3 days later, our attacker was just some faggot copy pasting. didn't even know what he was looking at. we destroyed the entire infrastructure and rebuilt, with our same roles. operations became more about tunnels, allusion, encryption, and responsive attacks (socket binding abuse, socket service takeover). Our objectives became to always have reversion and attack back structured plans. Our services became ran through a vm, on a server, through tor, through botnet proxies, then finally to a proxy host acting as an inproxy into our network. We did this because some kid found a single hole and used it. We later had members go back and dox, swat, and destroy that person. He didnt even know why he was going to jail.
When people mention the idea of cyber security ptsd, lets take our little example there and apply it to 5 of 6 members now work in security. 2 of 6 still communicate, sometimes. Everyone wants to forget. wartime tactics destroy innocent people and damage the people involved.
But i guess the purpose of the link is to shed light on soc activities and how it can be bad if alert fatigue sets in. Instead of opting to be in a more active environment where people sitting on ass become targets: lets say they need coffee and snacks. Lets say they're fine with youtube on one screen and 30 ignored alerts on the other.