How to Keep Cybersecurity Pros from Burning Out
What makes the cybersecurity field exciting is often the challenge of solving complex, high-stake problems. In many ways, it’s not an easy field to work in — and yet, incredibly gratifying.
Many join this field because it offers new problems to solve (constantly) and keeps them engaged in the work at hand. It requires strong math and analytical skills but also the ability to think outside of the box.
Whether it’s penetration testing, forensics or governance, cybersecurity professionals must have a varied skill set that they can lean on as the landscape evolves. Yet, it’s imperative they begin building expertise in specific areas as early as possible.
Therein lies a challenge that many face throughout their careers. In cybersecurity, you must learn a lot about a lot — often. It’s a bit of a conundrum.
As one starts out, getting the fundamentals down is important. However, taking the next step in one’s career often requires specialization. If you don’t specialize in cybersecurity — and it’s true for many other roles in IT as well — you limit your potential.
One of the great challenges these professionals face at any point in their careers has to do with the constant need to learn and adapt. For anyone entering the field or advancing within it, it’s critical to find strategies for learning the most relevant material to do your best work — or face a series of hurdles that could stunt your growth, limit your possibilities, and even worsen the problems you’re trying to solve.
Battling Cyber Threats… and Information Overload
Cybersecurity requires professionals to know how systems work. In IT, what a system looks like can take many different forms — hardware, software, even physical security.
It’s not only advantageous for security professionals to have a broad understanding of IT, it’s the very foundation of their careers. If they wish to specialize, they must start with building expertise in the fundamentals. Especially in security, it becomes difficult to progress without this knowledge.
This is where many struggle. Even in the broadest terms, cybersecurity can be complicated. It’s easy to become overwhelmed by the sheer volume of information.
Most security certifications have a common body of knowledge that covers several domains — typically somewhere between five to 10 — that professionals must study before passing their exams. Each of these domains often break down into subdomains, growing the amount of information exponentially.
When some learners enter the classroom, not all are prepared for this level of detail. Cybersecurity professionals are at risk of falling victim to their own stress as they try to take in volumes of information to learn the trade and realize their aspirations.
The Psychology of Human Error Report by Tessian found 50% of employees make mistakes because they’re stressed, leading to compromises in security. Thirty-four percent attributed mistakes to feeling burnt out.
"Why? Because when people are stressed or burned out, their cognitive load is overwhelmed and this makes spotting the signs of a phishing attack so much more difficult," said Josh Yavor, CISO at Tessian, in an interview with ZDNet.
In itself, this contributes to the level of risk organizations experience all over. Not only is there a need for hundreds of thousands of security professionals, but they must be well equipped to handle the job, progress their skill and knowledge, and feel supported along the way to avoid burning out.
3 tips to stave off burnout and stay engaged at work:
- Identify sources of stress – Security is often a high-stakes job, with many experiencing heavy workloads. Factors like these can add a lot of stress day in and day out.
- Know signs of burnout – When individuals experience stress for too long, it can lead to burn out — a sense of despondency that feels like an unshakable haze.
- Prioritize your wellbeing – To remain productive, motivated and driven to keep up with the continuous flow of information that security offers, you must strike a balance. Regular exercise, a healthy diet, enough sleep(!), time for friends and family must become priorities.
Consider squeezing in this 17-minute course on Percipio: Take a Deep Breath and Manage Your Stress
Subscribe to the Skillsoft Blog
We will email when we make a new post in your interest area.
Cybersecurity Professionals Need a Well-marked Path to Proficiency
Having expertise in several domains and being as versatile as possible can benefit individuals and the organization they protect. However, there are only so many hours in the day. For many, it’s easy enough to think, “Where do I even begin?”
Security leaders must find sustainable ways to help their teams grow their skills, nurturing their current abilities while giving them the means to develop new ones. Ongoing professional development — as well as flexibility and work-life balance —help retain employees, and it also pays the organization back by giving employees a chance to apply what they’ve learned.
When it comes to security, specifically, a prescriptive path forward will help employees focus on the most relevant information needed at the various intervals of their career. This will help prevent the spiraling stress that can come with the mountain range of information.
Role-based training that includes a variety of ways to learn — videos, on-demand courses, labs or sandboxes — will help keep their interest, diversify instruction and allow learners to demonstrate their newly acquired skills early and often. What’s worth stressing is the most effective training relates information back to the learner. They need the right information at the right time.
To help security leaders and professionals hone their skills, Skillsoft released Cybersecurity Career Journey. It’s a holistic approach to building a career in security. It’s prescriptive, focused on specific roles and specializations. What likely appeals most to security teams is the ability to practice skills and begin applying them quickly.
See how Cybersecurity Career Journey can help your team build in-demand skills in critical domains, like incident response, architecture, attacks and threats, and governance, risk and compliance.