When You Just Can't Take It Anymore in Cyber

What are the factors that lead to burnout in cybersecurity? Is the industry getting more stressful, or are we finally opening up about the stress we've always experienced?

Check out this post on reddit for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Shawn M Bowen, vp, deputy CISO - gaming, Microsoft. Joining us is Patty Ryan, senior director, CISO, QuidelOrtho.

Recognizing humanity

Cybersecurity professionals are not superhuman. When organizations assume they can do the impossible, it pushes people away. For one Redditor, being asked to secure end-of-life hardware with no end in sight was too much, citing, "Legacy unsupported hardware and software with 1000s of unmitigated vulnerabilities that the organization refuses to upgrade because it's too expensive or too hard." The "myth of the security person being a super hacker is equally draining.” It’s one thing for your organization to have faith in your abilities. It’s another thing to throw everything at you and expect you to be the expert. 

Death by a thousand meetings

Meetings were a constant sore spot for the community. In many cases, it wasn’t the content of the meetings that would drive them crazy; it was how much of their time got tied up in them. One Redditor from a small organization summed up the issue, saying, “70% of my days are in meetings, and the other 30% is focusing on our security posture and roadmap projects.” Actual user support felt like something they had to advocate for. Another issue is the rest of the business not pulling cybersecurity into meetings until too late, leaving them hopelessly playing catchup. “You get pulled into a meeting where all other attendees are 4 meetings ahead of you and you are expected to render a verdict or pull the top risks out of thin air having heard a 30-second speed read of the project.”

What are we looking for?

There are a lot of reasons why people get out of cybersecurity. Some get out even knowing they’ll take a significant pay cut. But what does an ideal cybersecurity job look like? When you’re interviewing, what would be your dream scenario? One Redditor summed it up nicely: "The best place to work for cyber is one with potential for steady, but not rapid growth, solid ticketing/ workflow process, and mature/established IT shop. But you’re not going to properly understand IT staff capabilities in an interview. It's been a crap shoot for me, honestly."

Find your value

Balance was a big theme that resonated with those wanting to stay in the field. This isn’t just the typical work-life balance conversation, although most said that was important, too. Another thing that can keep you going is finding a job where you can see yourself going beyond the tasks of the day and bringing value to your organization. One Redditor said, "Make sure that it's just work, but you are here for a reason to bring value. Most big enterprises, who are above 50k employees have big portions of people who are there to work but NOT make a difference. If you see value: communciate your plan and stick to it."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now. Thanks to GitGuardian.

Huge thanks to our sponsor, GitGuardian

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Join us this Friday (10-04-24) for "Hacking Job Stagnation"

Please join us on Friday, October 4, 2024, for Super Cyber Friday.

Our topic of discussion will be “Hacking Job Stagnation: An hour of critical thinking about what to do when you're stuck in a rut.”

Joining me for this discussion will be:

• Keith Townsend, chief technology advisor, The Futurum Group

• Steve Zalewski, co-host, Defense in Depth

>> REGISTER for 10-04-24 Super Cyber Friday "Hacking Job Stagnation" <<

Cyber Security Headlines - Week in Review

Make sure you register on YouTube (insert updated link) to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jonathan Waldrop, CISO, The Weather Company. Thanks to SpyCloud.

Thanks to our Cyber Security Headlines sponsor, SpyCloud

Jump in on these conversations

"Is defcon or blackhat worth going to in Vegas?" (More here)

"Which cybersecurity tools do you think are required by corporations, but they for some reason don't know about them or don't have them?" (More here)

"How is everyone doing job wise?" (More here)

Coming up in the weeks ahead on Super Cyber Friday we have:

• [10-04-24] Hacking Job Stagnation

• [10-18-24] Hacking the Hype of Zero Trust

 Save your spot and register for them all now!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.