Enterprises
can
expect
to
see
some
pretty
dramatic
churn
in
their
cybersecurity
departments
in
the
next
two
years
if
they’re
not
proactive
about
countering
security
burnout.
AÂ prediction
out
today
by
Gartner estimates
that
almost
half
of
cybersecurity
leaders
will
change
jobs
by
2025.
More
startling,
the
analyst
firm
predicts
that
one
in
four
leaders
will
exit
the
security
stage
completely.
According
to
Deepti
Gopal,
director
analyst
for
Gartner,
cybersecurity
professionals
are
generally
facing
“unsustainable
levels
of
stress.”
For
CISOs
and
other
security
managers,
the
mental
and
emotional
fallout
from
occupying
the
scapegoat
role
is
not
only
spurring
many
them
to
look
outside
of
their
current
jobs
or
their
professions,
it’s
also
impacting
their
effectiveness
when
they
stay.
“CISOs
are
on
the
defense,
with
the
only
possible
outcomes
that
they
don’t
get
hacked
or
they
do,”
Gopal
says.
“The
psychological
impact
of
this
directly
affects
decision
quality
and
the
performance
of
cybersecurity
leaders
and
their
teams.”
Negative
Unemployment
&
Burnout
Persist
in
Cybersecurity
For
a
long
time
now,
the
need
for cybersecurity
expertise
has
gone
unfilled across
the
entire
industry.
Per
last
year’s
(ISC)2
estimates,
by
2025
there
will
be
a
shortfall
of
3.5
million
cybersecurity
experts.
Even
as
other
jobs
in
the
tech
industry
begin
to
evaporate
in
the
face
of
tech
sector
layoffs,
cybersecurity
appears
to
be
immune
to
this.
A
report
earlier
this
month
from
(ISC)2
showed
that
only
10%
of
corporate
executives
expect
to
lay
off
members
of
their
cybersecurity
teams
this
year.
However,
these
seemingly
positive
numbers
about
job
security
in
the
cybersecurity
world
could
actually
be
a
red
flag
for
what’s
currently
ailing
the
profession.
That
is,
burnout
and
job
dissatisfaction
are
making
it
tough
to
recruit
and
retain
talent.
A
different
survey
out
this
week
from
Magnet
Forensics
shows
this
phenomenon
within
the
rank-and-file
population
of
security
analysts
and
investigators:
More
that half
of
these
security
pros
reported
feeling
burned
out
in
their
jobs.
Often,
the
discussion
of
cybersecurity
burnout
revolves
around
topics
like
alert
fatigue
and
workload
imbalances,
particularly
among
security
operations
center
(SOC)
workers.
For
example,
the
Magnet
report
showed
that
64%
of
those
workers
cited
alert
fatigue
as
playing
a
role
in
their
burnout.
However,
the
news
that
one
in
four
CISOs
will
leave
their
profession
altogether
hints
at
even
deeper
issues.
The
Trouble
With
CISO
Satisfaction
CISOs
aren’t
necessarily
running
down
alerts
constantly
the
way
their
employees
are,
but
they’re
overloaded
with
other
career
fatigue
factors.
“CISOs
are
constantly
trying
to
balance
high
expectations
against
an
absence
of
the
tools
needed
to
meet
those
expectations,”
Gartner
analysts
wrote
in
the
prediction
piece.
“Compliance-centric
cybersecurity
programs,
significantly
low
executive
support,
and
subpar
industry-level
maturity
are
all
indicators
of
an
organization
that
does
not
view
security
risk
management
as
critical
to
business
success.”
One
of
the
big
factors
that
could
have
CISOs
reconsidering
their
career
trajectory
in
cybersecurity
altogether
is
the
fear
about
what
will
happen
to
their
professional
reputation
if
their
company
gets
breached,
says
Diana
Kelley,
a
veteran
cybersecurity
executive
and
co-founder
and
CSO
of
Cybrize,
a
cybersecurity
workforce
planning
platform.
She
says
CISOs
and
CSOs
worry
about
“having
their
name
dragged
through
the
mud”
after
a
breach,
or
even
facing
criminal
charges,
which
feels
more
possible
in
the
fallout
from
the
conviction
of
Uber’s
Joe
Sullivan
last
year.
“I’m
also
curious
if
downward
pressure
on
the
level
of
the
CISO
and
the
salary
are
having
an
impact,”
Kelley
muses.
“CISOs
have
long
been
talking
about
getting
to
the
C-suite
and reporting
to
the
CEO,
but
I’ve
heard
more
CISOs
complain
about
getting
pushed
down
a
level
and
far
fewer
celebrating
leveling
up
to
true
C-suite.”
While
some
media
outlets
have
lauded
compensation
packages
for
CISOs
that
are
crossing
the
$1
million
mark,
the
truth
is
that
most
are
much
lower,
Kelley
says.
“If
you
aspired
to
be
a
CISO
for
the
$1
million
payday
and
now
are
in
a
role
where
you’re
under
extreme
pressure,
getting
up
at
3
a.m.
on
Saturday
to
deal
with
breaches,
and
being
paid
$234,000
—
while
your
buddy
who’s
doing
DevOps
is
making
$250,000
and
sleeping
all
weekend
—
you
might
just
say,
‘to
heck
with
cyber!'”
About Author
