It’s no secret that the security leaders, especially chief information security officers (CISOs), have one of the most stressful jobs in the C-suite. They are bumping up against high demand, high risk, and often unrealistic expectations for their work. As we see security leaders leaving the profession, citing burnout as a key contributor, and a talent shortage to fill these vital roles to keep organizations safe, we find ourselves amid a mental health crisis for CISOs and other security leaders.
I first started writing about this crisis at the beginning of the year in a two-part series for Dark Reading (Part 1, Part 2), which was then followed by a webinar discussion I had with my colleague Mike Anderson and Neuroscientist Marcia Goddard. It’s clear that the external expectations and compounding risks are driving security leaders to the point of burnout, which I addressed in recent articles at HelpNet and VentureBeat.
Shining a light on this industry-wide problem and starting conversations about shared experiences is just the beginning though. While more PTO and taking time to disconnect is one suggestion many make, we need to take it a step further.
Beyond what I’ve written and spoken about already, I’ve had conversations with a number of CISOs who are running into these situations too and looking for options to help. With a talent shortage in the industry, and burnout on the rise, security leaders’ mental health and well-being should be just as big a priority to an organization as having the right technology in place to make sure their sensitive data is properly secured. There need to be resources available for security professionals to turn to help them manage the high levels of stress that come with their position and help them to prioritize their own well-being. I see this as a holistic balance between mental health and technology.
From my view, the next step in this journey to finding that holistic balance for mental health in security is to understand what resources would be the most helpful in the CISO community.
In an effort to continue leading this conversation, I am hosting a lunch at RSA on June 7th at 11.30am to bring a few select members of the CISO community together to discuss the topic and next steps. Starting this conversation from the existing community of security leaders and moving outward will serve to make these resources more effective and mainstream in the future.
Whether you are going to RSA or not, let me know if you want to continue the conversation about improving the CISO mental health crisis please reach out to me at [email protected] or connect with me in the comments over on LinkedIn.
