Most people outside the cybersecurity profession have no idea how stressful the job can be. To help them understand, I give them this analogy: Imagine having a job where every day you came to work and you had strangers trying to break into your desk, steal your stuff, or just create general havoc for you. Most agree that’s a pretty stressful situation.
With new zero-days, spear phishing attacks, ransomware, hardware vulnerabilities, data breaches, evolving compliance requirements, and advanced adversaries trying every day to make your life miserable, there is almost too much for a cybersecurity professional to keep up with. It’s no wonder that 57% of tech industry workers are currently suffering from burnout. And 65% of SOC professionals say stress has caused them to consider quitting, according to the Ponemon Institute.
When you combine the numerous demands and complexities of the job with the high travel expectations for cybersecurity consultants, some employees on Glassdoor have stated, “Average life expectancy: less than a year.”
As a cybersecurity consultant for almost four years, I’ve found a few strategies that help me keep up with the demands of consulting, traveling, and navigating the cybersecurity profession.
1. Find Your Niche
In this profession, there are so many different specialties and niches you could fill – it’s important to choose one or two and do them well. Remember the adage, "jack of all trades, master of none?" You can’t be a penetration tester, risk assessor, CISO, consultant, manager, ICS assessor, SOC analyst, insider threat analyst, and compliance guru and expect to do everything well.
For me, I’ve focused on performing enterprise-level assessments (proprietary and industry frameworks) and consulting with executive leadership on enabling change in the culture of a cybersecurity program. It’s been a lot of fun, and it’s allowed me to focus on specific areas of my professional development.
2. Continue Your Learning
Do something that engages you and teaches you something new. If your organization offers training opportunities and reimbursement programs for continuing education, take advantage of them.
Great ways to continue learning include:
- Take training or educational courses
- Stay connected (through podcasts, industry groups, online articles, etc.)
- Shadow a coworker
- Expand your technical skills (e.g. penetration testing, coding, web design)
- Attend a conference
- Get a mentor and be a mentor
For my own personal journey, I have attended a SANS conference (SANS Security Awareness Summit), taken a SANS course (SANS SEC401), and I'm currently working toward passing the GIAC GSEC Exam. I’ve also become Project Management Professional (PMP) certified through the Project Management Institute. I’m thrilled Revolutionary Security provides support for training and development in a thoughtful way, enabling me to continue learning new skills applicable to my job.
3. Take on Work That Ignites Your Inner Creativity
Humans are creative creatures, and let’s face it, sometimes cybersecurity work can be tedious and even monotonous. It’s important to take on work that sparks your inner creativity and enables you to express it in a meaningful way. The good news is your boss will never be upset if you ask to take on an additional task that benefits the organization and satisfies your creative needs. This could include:
- Marketing and branding
- Training and development opportunities (e.g. internal training, conferences, public speaking)
- Developing new templates and service material
- Working with sales on new business opportunities
4. Openly Talk About Stress
There is a lot of pressure put on cybersecurity professionals – pressure from clients, management, and adversaries. It’s crucial to talk about your stress with your management team and coworkers in an appropriate way. Don’t bottle up things you’re stressed about hoping they will get better. Addressing the issue in a healthy way will often help; it feels good to be heard and relate with someone else when you’re stressed out.
If all else fails, don’t hesitate to try therapy. Get professional advice. Just like we expect our clients to rely on us for professional advice, we too should seek out medical experts when we need their services.
5. Find Some Breathing Room
This may be the most important item on the list. It is imperative to find the time and space to disconnect. With all the noise we face on a daily basis, you must take time to find stillness. Do something during your daily routine that enables you to disconnect from all the craziness and focus on your body, your breath, and how you feel in that moment. This could include:
- Yoga or Tai Chi
- Get a massage or facial
- Listening to podcasts/music
- Taking a bath
- Going for a walk/run/hike
- Totally unplug by turning off ALL electronics
The cybersecurity profession is demanding and stressful, but also exciting and rewarding. The keys to avoiding burnout are to not spread yourself too thin, keep the job exciting, talk about stress, and most importantly, manage stress and information overload. I hope you find my suggestions helpful. If you have other tips and tricks for managing stress, let me hear from you.
How do you keep up with cybersecurity trends?
Our security analyst, Nick Toncheff, documents his go-to list of bookmark worthy resources.