Health and Wellness in InfoSec

Most of us know that being a hacker isn’t exactly the lowest stress gig out there. With the holiday season fast approaching, thinking about taking care of our well-being and that of our colleagues, family, and friends becomes even more important than usual. I’d like to have a quick chat about ways I personally have approached health and self-care, some lessons I’ve learned after nearly two decades in IT, and some suggestions for caring for yourself and those around us. Of course, I’m not a doctor. I don’t even play one on TV.  I can only speak to my own personal experiences coping with extreme and long-term stress. I hope they provide some food for thought.


Eating a portioned, balanced diet is an oft forgotten but very important element of our overall physical and mental health and longevity. How we eat is also very important. Let’s start with some really easy changes.

I’ve personally found great value in (whenever possible) ensuring I eat on a regular schedule. I also try force myself to eat a minimum of a couple meals a week at a table (not in front of my computers or my TV), from an actual plate. This forces me to eat more slowly, control portions, and gets my focus away from work and news during the meal.

It’s no secret that I’m a pretty incompetent chef, which sometimes hurts my eating habits. I’ve worked hard to balance this out a bit by eating more steamed and raw vegetables and fresh fruit, carefully reading nutrition, preservative, and preparation facts on microwave meals, and occasionally utilizing delivery services with semi-prepared or pre-prepared healthy meals. I also try to get together for shared meals with friends or family on a regular basis (they cook, I bake, everybody lives 😉 ) Check out MealSharing if you don’t live near friends or family, or arrange something with your local hacking group. I saw a lot of Hacker Family holiday meals out there this year.

I’ve never seen a ‘fad diet’ or non-FDA-approved weight loss pill that worked long term – I’m not even terribly keen on excessive meal replacements. Be cautious about anything that seems too good to be true. We’re hackers, and we are some of the best out there at uncovering bad science and scams. Never forget to research while looking for a quick fix. Unless your doctor says otherwise, start with simple things like portion control, balanced nutrition, fresh foods, and avoiding too much added sugar and sodium. Eating sensibly and reducing portions is a lot easier to stick with than drastic dietary changes and lack of variety, in the long term.

Finally, try to drink more water. There are tons of reasons to avoid the added sugars of soda and the sugar substitutes in calorie-free drinks, as well as excessive caffeine and alcohol consumption. Drinking more water can make a huge physical and mental impact on our health. Using reusable water bottles instead of plastic soda bottles or cans is also great for the environment.


Many people in information security work long hours and travel extensively. This makes getting regular exercise difficult. So, let’s have a little chat about the exercise that wiser experts than I say you should be doing at a minimum.

The American Heart Association currently recommends the following for healthy adults:

For Overall Cardiovascular Health:

  • At least 30 minutes of moderate-intensity aerobic activity at least 5 days per week for a total of 150


  • At least 25 minutes of vigorous aerobic activity at least 3 days per week for a total of 75 minutes; or a combination of moderate- and vigorous-intensity aerobic activity


  • Moderate- to high-intensity muscle-strengthening activity at least 2 days per week for additional health benefits.

For Lowering Blood Pressure and Cholesterol

  • An average 40 minutes of moderate- to vigorous-intensity aerobic activity 3 or 4 times per week

Obviously, 75 – 150 minutes of exercise can be pretty hard to get when we’re working long nights and sleeping at airports. Hotel gyms get really old. That doesn’t mean we shouldn’t still make an effort, because not only does exercise provide physical benefits, but it can get our minds off troubles as well.

In my personal experience, getting involved in group exercise classes in which missed attendance is noticed and checked on was a great help. I chose martial arts and yoga. Martial arts gave me a structured, moderate to vigorous intensity activity with concrete goals to achieve, and strict attendance and coaching requirements. Even if I’m exhausted and flying out the same night, I have to make my classes or provide a valid excuse.

Yoga provides me a low-medium intensity stress-relieving exercise activity I can do almost anywhere I travel. Finding yoga schools wherever I go for work has become an exciting adventure – I always meet new instructors with new ideas and perspectives. There’s no reason national or international exercise programs like crossfit, BJJ, or aerobics can’t provide the same for you. Find an exercise routine you find fun and captivating, not something that’s a chore you try to get out of. (Always consult a doctor and research the routine before starting a new exercise program – we’ll talk about this shortly.)

Community & Friendship

Introversion is pretty common in hackers; I’m no exception. As unappealing as it can feel, there are good reasons for us to have a community of support and a little regular interaction with other humans. We’re very fortunate as hackers to have a tremendous community of practice with many local, regional, and international events, which we all should try to attend if able. However, those don’t ensure that we aren’t isolated on a day-to-day basis. Folks who work from home are especially vulnerable to the trap of staying home surrounded by hobbies, games, and gadgets, frustrated with other people.

Ask yourself, “Have I spoken out loud to another human today?”.

There will be Really Bad Days in your life where the escapism of books, games, and the toys, and what box you popped aren’t enough. You will eventually need some support to dig out of a dark, overwhelming place. The best way to ensure that safety net is there is to build it right now, even as watching Netflix or con videos might seem a lot more fun and less stressful. Be part of the hacker community, your local community, and your communities of interest.

Yes, the internet is a great resource for friendships, especially when we’re geographically isolated from folks with similar interests. If possible, don’t rely on the internet alone. Make sure you have a couple real phone numbers to call on the Really Bad Day. Make sure somebody relatively local can pick you up at the hospital, or bring you a can of gas, or bail you out of jail on that Really Bad Day. Be that person for your friend’s Very Bad Day, too.  It can be very wearing to put yourself out there, but it’s easier to meet people with common interests and hobbies than ever before in human history. Join your local 2600, CitySec, or DEF CON local group.  I also highly recommend for finding or starting low-key hobby and geekdom groups in your area.

Remember that we have family that we are born with, but we can also have family that we choose – and sometimes those bring us much more compassion and care on the Bad Days.


I promise, no matter what you think, you really, really do need it. Even if your 3 energy drinks tell you that you don’t. If you start crashing hard on your days off, repeatedly, you are probably pushing yourself too hard. The National Sleep Foundation recommends between 7-9 hours of sleep for adults. Below 6 hours isn’t even considered healthy on their scale. I know a lot of people in infosec talk about living on 4 or 5 hours of sleep routinely as a matter of pride, but you’re only hurting yourself (or your employees, if you promote this). You will very likely notice a physical and mental performance improvement when you get enough rest.


Kindness, service, and volunteer work not only help those around us, but they improve our personal well-being as well, and get us involved in local and global communities. A small act of kindness, like showing honest appreciation to people around us, or showing compassion to somebody in need, can make endless difference in another person’s life.

Quite a few of you might be surprised that I (a humanist and an atheist) go to church on a regular basis. Let me endeavor to answer the immediate questions raised by this. Firstly, I attend a humanist church that doesn’t promote any specific religious ideology (Unitarian Universalist). Secondly, it forces me to listen to people with varied philosophies about their concerns and their perspectives, which gives me a more nuanced and human view of worldviews that are different than mine. Thirdly, it allows me to be part of a supportive community of humanitarians who are also interested in helping less fortunate people in organized ways. Some problems are too big to tackle alone.

No matter your philosophical and spiritual views (or lack thereof), the idea of the golden rule is pretty universal. I personally ascribe to the concept of leaving the world a little better than I came into it, for future humans. Others did it for me, and we all benefit from random acts of kindness. Find a way to give back to the communities you are a part of by choice or by chance.

Seeing That Doctor

I honestly can’t count the number of friends in infosec, including myself, who have ended up in the hospital after ignoring health problems due to high pressure, fast-paced lifestyles. Nobody likes going to to the doctor, and health insurance can be a nightmare in the US. I can’t stress enough – learn from our mistakes, or suffer the consequences.

Even if you’re in your 20’s or 30’s, go to your yearly physical. Make sure you have routine blood work done to check for stuff like vitamin deficiencies. Vitamin D deficiency is super common in IT and shift work, and as many can attest it can have a huge impact on your physical and mental well-being. Get screened for cancer and hereditary conditions appropriately for your age, gender, and risk factors. No job is ever worth your life.

I’m Still Really Stressed, What Now?

Here are some thoughts for you.

  • Try to reduce excessive caffeine intake. It raises your heart rate, and artificially reduces your desire to get (needed) rest.
  • Have a cup of herbal tea. Take the time to put in some honey or lemon, and try to relax for a few minutes while drinking it.
  • Remove your social media apps from your phone if your feeds are stressing you out. Social media vacations are okay.
  • Actual vacations are okay, too. They are not a mark of shame. The things you did out of the routine are the things you will remember in a decade.
  • Call a friend, and chat for a while. Even better, chat with a friend in person.
  • Try a new hobby. Groupon Local is great for this. It doesn’t have to be something intense like skydiving. Try something low-pressure that you’ve always wanted to learn more about, like photography, painting, sushi making, or home brewing. It’s a big world out there, full of endless things.
  • Meditate. This doesn’t necessarily mean sit still on the floor, cross-legged. Moving meditation is a thing, too. Sweeping can be meditation. Lockpicking can be meditation. So can music or art. For something more traditional, Tai Chi, Hatha Yoga, and Qi Gong are organized moving meditation. We’re just talking about calm, repetitive motion activity that allows you to focus your thoughts and breathe without getting frustrated.
  • ASMR videos, however silly-seeming, help some folks relax.
  • For the “Type-A” hackers: find something to plan out that doesn’t stress you out. It can be a totally mental, pretend exercise. For example, plan out a vacation, a CFP submission, a research project, a business you’d like to start, or a job change. Have fun working out the logistics or details, and don’t worry about the real life roadblocks or requirements. If you get inspired, that’s great. If not, move on to something else.
  • Read an actual, physical book that you enjoy. Or replay an old game that you enjoy, that won’t stress you out. Something you equate to happy memories.
  • Finally, and most importantly,

Professional Help

There is no shame in seeking professional help when you’re in a dark place. While I’ve offered a few suggestions of possible ways to improve the quality of your life, health, and support structures, there are truly long term and short term conditions that can best be worked through with a licensed professional. Depression and substance abuse are sadly huge problems in the hacker family, and they call for proper care. We don’t want to lose anybody else. Please do not hesitate to seek out professional resources when you need them. You are valued. You are important. You can do good in the world.

The National Suicide Hotline: 1-800-273-8255
SAMHSA Substance Abuse Hotline: 1-800-662-HELP

11 thoughts on “Health and Wellness in InfoSec

    1. The erroneous instruction for people to drink 8 glasses of water per day was based on 1ml of water per calorie of food consumed, but didn’t consider water contained in food. In other word the ratio is probably right, but the instructions are wrong because they forgot about food composition.

      The body is very capable of making us drink when necessary; thirst works. 😉


  1. *gasp* Try to reduce excessive caffeine intake. It raises your heart rate, and artificially reduces your desire to get (needed) rest.
    Have a cup of herbal tea. Take the time to put in some honey or lemon, and try to relax for a few minutes while drinking it.

    what blasphemy is this?


      1. It can be really hard to do any or all of those things. Sometimes you just can’t eat, or sleep. They’re merely suggestions of things to try when you are able. I wish you the best in the future.


  2. Another awesome post. It is also more than just the jobs that cause the problems though. One thing that I see missing, and I am very guilty of, is trying to do too much. Going to Cons, Family life (especially with varying interests and children), hobbies, even exercise and meditation require time. Spreading yourself too thin over many things, even if they are suppose to reduce stress, can create even worse stress than before. For some, they like to use the block of time system, but even then you can overstress if you are late or skip something due to other issues. We all have to remind ourselves there are only so many hours in the day and not to try and do too much at once.


  3. […] Whilst not directly DFIR/InfoSec related I feel this is important to share, Lesley Carhart has written her thoughts on the importance for folks in the IT industry to look after themselves. Neglect your health as much as you want, but it’ll catch up to you eventually, and it won’t be pretty. Health and Wellness in InfoSec […]


  4. Sometimes Professional Help isn’t an option due to costs, I’m a widower and trying to put 1 daughter through college and trying to help my son with his mental problems, I don’t have time or the funds to get my own help.


Leave a Reply to Mark Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s