Around the time of RSA in February, I wrote about the risk of burnout for security professionals, and offered some warning signs — including feelings of stress, exhaustion, or a lack of self-efficacy — that might indicate you’re on the burnout scale.
At this year’s Gartner Security and Risk Management Summit, the Tenable team decided to dig a little deeper and conducted a survey that explores a number of security issues, including some of the causes of burnout.
Keep a look out for the official numbers in the coming weeks. In the meanwhile, here are three questions you should ask yourself — based on the early survey findings — to prevent security burnout before you’re on the scale.
Are you working too many hours?
The study found that working 50 hours a week isn’t just ordinary — it’s the minimum for most security pros. In fact, the vast majority of respondents said they work between 70 and 80 hours every week.
There are two schools of thought to consider here. First, security pros see the economic turmoil that surrounds them and are willing to do more to keep their jobs. Or second, security pros have more work (and responsibility) than they can realistically handle. The second option feels more realistic to me, which leads me to my next question…
Are you being stretched too thin?
How many security pros are strictly security pros? Hardly any. The survey found that the vast majority — nearly all respondents — are also responsible for another aspect of IT, including networking, operations, and infrastructure. Based on conversations I’ve had, it's even common for security specialists to experience job creep — being called in to work on firewalls or other security tasks outside of their area of expertise.
This problem also highlights another substantial concern in the security industry. There’s a significant supply and demand issue when it comes to smart, seasoned security talent. New threats continue to emerge daily (who am I kidding? hourly) and security professionals need a team and solid technology to stay on par with attackers. In fact, our survey found that 80 percent of respondents said that the one thing they need most is smart security professionals on their team.
Do you feel fulfilled?
Stopping the bad guys can be rewarding, but IT security can often be a thankless task. With things moving so quickly, a well-deserved pat on the back is often overlooked. Also, for every virus or attacker thwarted, there's another one right around the corner. As a result, security pros hardly get their “mission accomplished” feeling.
I usually advise security professionals to take up an outside project — mentoring, education, speaking, etc. The key is to seek out that feeling of accomplishment, and remind yourself that you are smart, you’re good at your job, and you can help others outside of the day-to-day grind.
Economic and employment concerns aren’t always in our control, but we are capable of putting ourselves in situations that make the hard work worth it — and that goes a long way in warding off burnout.