CSO Magazine: Stress pushing CISOs out the door — “Around 50% of CISOs are expected to change jobs by 2025, according to a Gartner study that found the cybersecurity leader’s job is becoming more stressful.”
The Hacker News: CISOs Are Stressed Out and It’s Putting Companies at Risk — “Employee burnout is spreading like wildfire across security teams. Increased workloads are affecting all levels of the department, creating high churn rates while simultaneously hampering recruitment efforts.”
Business Wire: Cynet Reveals 94% of CISOs Suffer from Work-Related Stress
Similar workforce stress articles go on and on, including new reports in the past year that CISO tenure is getting much shorter as well.
In case you’re wondering, no, this is not a new issue. For more than a decade, stress and burnout have been a top theme in my writing on why security pros fail.
So what has changed since the COVID-19 pandemic ended?
I do believe the problems have become worse in the past few years. From COVID-19 leading to more staff working from home — and causing more security incidents — to an explosion in disruptive ransomware attacks to increased staff turnover on cybersecurity teams (that often lead to vacancies and staff that stay needing to work longer), the challenges and pressures seem to keep mounting for CISOs and other security professionals.
Add to these woes some recent news that worker productivity is down across the board in the U.S., and there is little surprise when top tech leaders say “no thanks” to CISO roles and many current security professionals want to leave their roles or organizations for greener pastures.
WHAT CAN BE DONE?
Being keenly aware of the burnout and stressful situations is the first step in tackling this security career issue.
Advice: We all need to recognize that stress and potentially even burnout come with most cybersecurity roles. If you’re in this industry for any extended period of time, you will encounter stressful situations in the same way that doctors can face long days and stressful situations working in emergency rooms.
Second, just as in police work, cybersecurity work is never fully “done.”
I worry less about security pros responding to major ransomware or big cyber incidents and more about the daily grind of working on cybersecurity issues. Most organizations experience systems outages at some point and management is upset — and perhaps even screaming.
Nevertheless, there are also many security pros that got into the industry for just these “headline grabbing” situations. Good managers will give positive recognition and perhaps time off after these significant incidents are resolved.
Advice: Try to divide tasks into smaller projects and celebrate success when the effort (or project milestone) is complete.
Third, focus on good relationships with team members. Of course, relationships start with the boss — and many security pros leave because they can’t get along with their management and/or do not feel supported.
Advice: Teams that work together well, enjoy the company culture and even play together well — such as attending sporting events or other activities outside the office — usually respond better to workplace stress. For bosses: Saying “thank you” can go a long way.
Fourth, gain a wider perspective.
Advice: Take some time to step back and analyze your situation. Schedule some time to get away, and try to disconnect for at least part of the break. If you do check in with work during vacation, put barriers around your time. Talk about how things are going at work with those you trust but who have a different perspective. Get professional help from a doctor, if needed.
And fifth, recognize that your career is more like a marathon than a sprint. You are not helping yourself or your team if you do amazing things at a breakneck pace but become so overwhelmed by the workload that you suddenly leave. Unexpected security vacancies are a serious problem.
Advice: Find a trusted mentor who can help talk through next steps. Have a plan that can guide career decisions, especially during hard times. If you are later in your successful career, please mentor others.
This story originally appeared in the July/August edition of Government Technology magazine. Click here to view the full digital edition online.
