May is Mental Health Awareness Month, and I want to take this time to reflect on something we don’t often talk openly about in the security community: mental health. Nearly half of CISOs turn over every two years. Almost 100% of CISOs report feeling stressed at work, with about two-thirds saying stress issues are compromising their ability to protect their organization, and 100% saying they felt they needed more resources to adequately cope with current IT and security challenges.
This is a recipe for burnout: we’re in a stressful field that changes on a daily, sometimes hourly basis. We all have targets on our backs—externally, because of security threats to our organizations, and internally, because of how we shoulder the blame for a challenging security incident. We fight for resources, and are being asked to do more with less, and in the midst of protecting our organizations, defend how we spend our money and show more ROI. To many CISOs, this feels like an untenable situation.
I don’t have an instant remedy for this dilemma—none of us do. But my 30 years of experience in security has taught me that it is vital to prioritize mental health, and that we can no longer stay quiet about the constant threat