IT security professionals are experiencing extreme levels of stress and burnout, but they have few places to turn for help Credit: Illus_man/Shutterstock SAN FRANCISCO – Career stress and burnout is as common among information security professionals as it is among professionals in other high-stress fields, such as medicine or law. But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. “If you do a Google search for info sec burnout, you’ll find nothing,” said KC Yerrid, an information security and managed services consultant. Yerrid was one of several panelists who took part in a talk focused on IT security burnout and stress held Monday at the 2012 RSA Conference in San Francisco. The group, all information security veterans, spoke to a packed room about some of the causes of burnout in the info sec field, how to recognize the symptoms, how to seek help and how to reach out to others who may need assistance. “For me, burnout manifested itself as rage,” said Yerrid. “And when you are a six-foot-one, bald guy having a bad day on the job, that can give some people a bad impression.” “I’ve seen a high level of burnout. A number of colleagues in this field, fighting the good fight, who have exhibited signs of burnout,” said Martin McKeay, a security evangelist with Akamai Technologies. Moderated by Jack Daniel of Tenable Network Security, the panel mentioned several reasons why they thought levels of stress were high within the info sec field. Security consultant Gal Shpantzer noted an individual he had met several years ago who had once been in law enforcement and took part in drug raids and other types of high-stress and adrenaline-filled missions as part of his job. But when his friend transitioned to a job in information security, his level of satisfaction was much lower. Shpantzer said his friend felt like he could measure success, and knew when he had done a good job at the end of the day, in law enforcement. In IT security, there are very few concrete measurements for success, Shpantzer said. “It’s like a fungus,” said Shpantzer. “You’re trying to get rid of it, but it keeps growing.” Others on the panel cited the types of personalities that the info sec field attracts which make working in the profession hard. “We are a nasty group of people. We turn on each other,” noted panelist Joshua Corman, director of security intelligence for Akamai Technologies.”We spend so much time worrying about malware and woes in this industry that we forget to take care of each other.” Panelist Stacy Thayer, executive director of SOURCE Conference, noted info sec is an isolating profession and that lack of human contact on many days can make things seem bleak. “We work with computers. It’s not like they are warm and fuzzy,” said Thayer. Daniel presented the results of a “Burnout Survey” he and the panel conducted in 2010. Although a wide range of respondents took part, the data only contained about 124 valid responses, which Daniel noted was insignificant from a research perspective. “It allows us not to draw conclusions, but to make observations,” said Daniel. The data focuses on three indicators of burnout: level of exhaustion, level of cynicism and self-efficacy. Low levels of self-efficacy is where security professionals differentiate themselves from other high-stress professions, he said. Among the responses, Daniel said the data revealed almost 13 percent of those surveyed were in what he called a “red flag” area for level of burn out and were clearly in need of some intervention. Several panelists urged audience members to reach out to those who may be in need of some support, or to ask for help themselves if they felt they were at a critical point and nearing burnout. Other advice included taking on a mentor or mentee role or getting involved with teaching or speaking about an outside passion or hobby. The goal of the talk was to raise public awareness and support about the risks associated with burnout among infosec professionals and build a community of support. It is an ongoing effort led by the panel. More information can be found at secburnout.org. Interested professionals are also asked to fill out a career attitudes survey at https://www.careerstudy.org. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Network Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe