Burnout, fatigue, and distraction inside security teams quietly degrade judgment, incident response, and resilience, turning human strain into operational and national security risk.
Cybersecurity leaders Jojo D. and Ty Hughes frame employee wellness as a core part of insider risk and defense readiness, shaped by lived experience.
They point to concrete controls like proactive downtime, leadership behavior changes, and motivation-aware management to strengthen retention, preserve institutional knowledge, and harden cyber defenses.
The views and opinions expressed are those of Jothi Dugar and Ty Hughes, and do not represent the official policy or position of any organization.
Security leaders are starting to treat burnout the same way they treat unpatched systems. Not as an HR concern, but as a source of real operational risk. Fatigue, distraction, and cognitive overload don’t just affect morale. They shape decision quality, incident response, and resilience under pressure. In this view, securing the organization starts with securing the people who run it, because a hardened technical stack can still fail if the human system behind it is already compromised.
We spoke with Jothi Dugar, otherwise known as Jojo D., "The Chaos Guru", and Ty Hughes, "The AI Alchemist," two security leaders advancing a human-centric view of cyber risk. Dugar is a globally-recognized executive strategist with over 25 years of experience advising leaders at the intersection of technology, cybersecurity, and human-centered transformation. An international bestselling author, her work focuses on building resilient, high-performing leaders and teams by integrating strategic clarity, emotional intelligence, and sustainable leadership practices. Hughes is a transformational technologist and storyteller with nearly two decades of experience helping organizations navigate complexity and disruption through human-centered technology leadership. His work focuses on the intersection of advanced technologies, emotional intelligence, and resilience, guiding teams to move through uncertainty with clarity, confidence, and purpose. Together, they are reshaping security culture by treating the people behind the systems as a core part of resilience.
"Cyber wellness isn’t something you delegate to HR. It’s something you model as a leader, because your behavior sets the psychological operating conditions for the entire security team," says Hughes. In their view, when individual burnout accumulates across a team, the logic extends all the way to national security. Protecting the human system, therefore, becomes a core security imperative. "If we don't focus on the wellness of our people, we will turn national security into national insecurity," adds Dugar.
Flipping the narrative: That framing directly challenges one of cybersecurity’s most persistent narratives. "The people side of things is often the aspect in cyber that gets missed or treated as a negative, based on the common idea that people are the weakest link," says Dugar. "We're passionate about flipping that narrative to empower our people to be our strongest assets."
“Cyber wellness isn’t something you delegate to HR. It’s something you model as a leader, because your behavior sets the psychological operating conditions for the entire security team.” - Ty Hughes, Executive Strategist, Cybersecurity
For both, the philosophy comes from lived experience, not theory. Hughes’ entry point was internal. His Crohn’s disease turned his immune system against itself, a constant misfiring that he later recognized as the human equivalent of a faulty intrusion detection system flooding the network with false alarms. Dugar’s experience was external. After a mishandled C-section left her immobile and facing a grim prognosis, she rejected a default path of invasive interventions and searched for alternative ways to heal.
Both leaders describe cyber wellness through a shared lens: the human system mirrors the digital one. Hughes’ experience with an autoimmune condition reflects an insider threat—when a system turns against itself under sustained stress—while Dugar’s recovery journey illustrates an external attack and the resilience required to heal. The parallels are striking. Intrusion detection resembles personal boundaries that warn when something isn’t right, firewalls mirror emotional filters that regulate what is allowed in, and encryption reflects the discernment required to protect that which is most sensitive. In cybersecurity, these controls are foundational. Dugar and Hughes argue they are just as essential for sustaining the people tasked with defending the mission.
One size fits none: For leaders, the first step is to recognize the early warning signs of team fatigue, which, like a "check engine light," can be easy to ignore. To get ahead of burnout, Dugar and Hughes advocate for a proactive and individualized approach. "I've used tools with success where you simply survey your team on their motivations," explains Dugar. "Are they looking for more visibility on a high-profile project? Do they want recognition, like public kudos in a town hall? Or is it financial, like a performance bonus? You have to understand what truly motivates them."
After hours: Hughes points to small, everyday leadership behaviors that quietly shape stress levels across a team. "I used to send emails at 10 or 11 at night and didn’t realize what that did until I saw my team’s phones lighting up," he recalls. "I had to reset the expectations I was creating. Now I add a simple note to late emails: 'Not for action right now,' and I tell my staff I need them fresh in the morning. It’s changed the culture. They even feel comfortable telling me to log off, too."
Hollow perks: Dugar stresses that wellness programs fail when leadership behavior doesn’t support their use. "An organization can offer great wellness amenities, but if a direct supervisor isn't willing to let their people take time to use them, those perks are effectively useless. The program becomes something employees can only access on their own time, which defeats the purpose," she notes.
Hughes and Dugar believe that an employee's personal state is indivisible from their professional performance. From this perspective, a distracted employee represents a direct operational risk.
A distracted defender: "If an employee’s mind is stuck on a personal issue when a cyber crisis hits, they aren’t operating at their best," Dugar says. "That’s when risks like absenteeism and attrition start to surface." In her view, pushing nonstop through high-pressure moments only compounds the problem. "Pausing in the middle of a crisis is a strategic necessity. We use the race car analogy: drivers take intentional pit stops to reset and check the car so they can finish faster and more effectively."
Beyond individual habits, cyber wellness requires structural change. That includes addressing burnout drivers baked into operating models, such as the relentless pace of a Security Operations Center. Hughes advises leaders to rotate staff and schedule mandatory downtime proactively, rather than treating rest as something earned only after a crisis. The impact is measurable. Organizations with strong cyber wellness and low burnout report 52 percent higher incident detection accuracy, reinforcing the idea that sustained human performance is a security control, not a perk.
Follow the leader: Dugar points to her own experience launching a structured wellness program inside a large technology organization as proof that the approach can scale when it’s treated as part of leadership, not a side benefit. The program focused on practical, accessible practices like short mindfulness sessions, stress management workshops, and everyday techniques employees could use during the workday, especially in high-pressure roles. "When I started the wellness program, it was just me," she says. "Attendance grew from 50 people to over 500. The turning point was when people saw that a leader genuinely cared. That authenticity is what drove engagement and even brought in volunteers to help."
In the end, cyber wellness isn’t a moral add-on or a feel-good leadership gesture. It’s a force multiplier that shapes how teams perform under pressure and whether that performance can be sustained over time. Supported, rested teams make better decisions, respond more clearly in moments of crisis, and are far more likely to stay. That retention isn’t just a people metric. It’s a security outcome, because continuity preserves judgment, context, and institutional knowledge that can never be fully recovered once it’s lost.
"When you don’t have to recruit a new person, there are actual dollars saved. And as you lose people, you lose institutional knowledge. That knowledge transfer is never 100 percent," explains Hughes. Dugar echoes the same conclusion from a leadership lens. "When we take care of the people behind the defense, we strengthen the defense itself. Ignoring cyber wellness doesn’t just cost morale. It weakens security itself."
