Surviving cybersecurity burnout: Tips from industry experts
Cybersecurity burnout is a fact of life. One survey found high levels of stress and burnout to be the two most significant personal risks faced by CISOs related to their role. Sixty percent of CISOs cited stress as their top concern, followed by burnout at 53%. These two dwarfed all other worries, such as cybersecurity turnover (33%), losing their jobs due to a breach (25%) and feeling underpaid (21%).
The survey unearthed a possible factor behind burnout. In organizations with cyber teams of 50 or fewer people, teams shrunk compared to the previous year. A surging number of attacks being faced by weaker teams is a recipe for attrition.
“Larger teams may, over time, reduce burnout — a key concern among CISOs,” stated the 2022 Global Chief Information Security Officer (CISO) Survey.
What should you learn next?
Beyond growing the team, what can be done to lower cybersecurity stress levels while staying on top of incoming threats? Yoran Sirkis, co-founder and CEO of risk management vendor Seemplicity, believes a key point is reducing the time spent fighting fires. This can come about because there are always vulnerability backlogs of one kind or another to address.
Security teams, therefore, should prioritize their address to threats and optimize processes for remediation to regain control and live a calmer life.
Turnover is inevitable in cybersecurity
Bureau of Labor statistics indicate that the average employee sticks around for about four years. With burnout being a definite factor in cybersecurity and veteran staff taking early retirement, using AI-based sentiment analysis tools is a smart strategy to stay on top of how employees feel about working for the organization. They can help both the CISO and HR to spot growing concerns among cybersecurity personnel, the danger signs of an eventual departure and indicators of burnout and dissatisfaction.
Insight into employee sentiment enables HR and management to take steps to assess job fulfillment, prevent employees from heading out the door and reconnect better with the workforce as a whole.
"AI's sentiment analysis feature can be valuable in gauging how employees feel at any given time," said Dr. Sameer Maskey, founder and CEO of AI talent platform Fusemachines.
Surveys can be done to determine how cybersecurity professionals feel about workloads, career growth and company culture. By comparing responses with historical data and industry benchmarks, AI systems can predict quit rate contemplation, burnout rates and satisfaction or dissatisfaction. Maskey added that the insights gained can be harnessed to launch initiatives that boost employee morale, foster engagement and enhance retention of cybersecurity personnel.
What should you learn next?
Sabbatical from cybersecurity
Another way to alleviate cybersecurity burnout is to allow long-term personnel to take a sabbatical. Karen Worstell, senior cybersecurity strategist at VMware, took a break from cybersecurity's constant grind to complete a master's degree in theology and 2,000 hours of chaplaincy. That gave her perspective on the need to be considerate to employees, provide honest feedback and voice concerns to management about unacceptable work conditions.
“The main reason people don’t speak up is because they’re afraid of the stigma of being declared unfit for service,” said Worstell. “If you don’t suck it up, you can become marginalized, sidelined, demoted or managed out.”
Company culture should permit people to speak up. Leadership must care enough about employees' state of mind so they don't pass the tipping point.
Managing work-life balance
Many in cybersecurity are dedicated to their jobs. They think nothing of working nights and weekends to deal with the latest emergency. Over time, though, the lack of a work-life balance catches up to them.
Worstell has people rate on a scale of one to 10 their physical, mental, spiritual and emotional health, their relationships, the state of their finances, their contribution to society, how they like their job, their career path and other factors. Such an approach can be a useful exercise in spotting imbalances that can lead to burnout. If the numbers for work are far above those in the person's personal life, a good idea is to have the person name out some personal, family, hobby or charity goals beyond the workplace.
“When we are focused only on the work goal, we get out of balance,” said Worstell.
Far from detracting from work, a healthier work-life balance can lead to better performance on the job. At the very least, the person is far less likely to suffer from burnout.
What should you learn next?
Positive attitude
A positive attitude to work and home life is essential. But it must be supported by positive language. For example, an apologetic attitude toward spending time with the family can damage mental health. Instead of being sorry you can't make a weekend engagement due to the kids, couch it positively and unapologetically.
"Our body believes every word that we say, so we have to be mindful of this and avoid saying things in the negative," said Worstell.
Burnout may be a fact of life for some in cybersecurity. Security personnel are generally determined and diligent people who want to get to the bottom of a situation, find the cause of a breach and prevent future incursions as thoroughly as possible. That mindset can lead to staying late, coming in extra days and devoting more energy to work than home.
That said, cybersecurity leaders and colleagues should be on the lookout for an awry work-life balance and the early signs of burnout. By helping each other and using some of the tips suggested here, fewer valuable professionals will be lost in the industry. At times like this, we will need them all.
For more on cybersecurity burnout, listen to our Cyber Work Podcast episode with Karen Worstell of VMWare.