author photo
By Clare O’Gara
Tue | Apr 14, 2020 | 6:15 AM PDT

Are you a cybersecurity professional experiencing burnout?

Are you living in constant fear of an incident? Can you sense simmering frustration at always being understaffed? Do you feel like you can never really leave work stress behind, even on a day off?

You are not alone. And a new initiative might help.

What is the PsyberResilience Project?

A new effort called the the PsyberResilience Project wants to determine what is creating so much stress in the professional lives of cybersecurity practitioners.

The PsyberResilience Project defines itself as "the first comprehensive and ongoing study of the prevalence and impact of stress, burnout, and mental health challenges in the cybersecurity workforce."

And here is the overarching goal, according to the project:

"The more than 700,000 professionals that make up America's cybersecurity workforce are increasingly being described as our digital first responders—a first and unflinching line of defense against an unrelenting wave of cyber-attacks against businesses, governments, and entire communities.

Like all first responders, there's increasing concern about the mental wellness of this workforce. Not only has cybersecurity become a very high stress and quick burnout industry, many of those working in it entered the field already burdened with mental health challenges like anxiety, depression, and PTSD.

As these mental health challenges take an increasing toll on the an already strained cybersecurity workforce, it's time to build psyberresilience into your risk management calculations."

What are 10 top reasons for cybersecurity professional burnout?

According to PsyberResilience, here are the top 10 most common sources of cybersecurity professional stress:

  1. Unrealistic and unhealthy expectations about outcomes and results, expectations set both by employers and by the individual defenders
  2. Little time to pause or decompress because of the relentless waves of attack, with some reports suggesting anywhere from 10,000 to more than 1 million security alerts per day and up to 80% false positives
  3. Simmering frustrations—with understaffing, insufficient budgets, employees who continue to undo and undermine security efforts, and a leadership not taking the threats seriously enough
  4. Exhausting schedules—security professionals complain about always being on the clock and on the job, at least mentally, compounded by no real downtime, long hours, long weeks, and even long weekends
  5. The fatigue of trying to keep up with a constantly changing environment, from new threats, tactics, and technologies, to new laws, regulations, guidelines, frameworks, and standards
  6. Personal and professional pride, and the constant fear of personal failure, of being the one who lets the team and organization down by missing that one single threat amongst thousands
  7. The emotional toll of constantly fighting and being exposed to the worst kinds of criminals, and witnessing the cruelty they inflict on their victims
  8. An increase in cynicism and a decrease in trust amongst security professionals, often permanent emotional changes that they bring home with them
  9. Security teams stretched too thinly, which results in heavier workloads, pressure to take on too many tasks, and not being allowed to focus on the most critical or relevant challenges
  10. Pre-existing conditions—many security professionals come into the industry with existing mental health issues, and especially with an increase in military and law enforcement dealing with anxiety and PTSD

How many of these can you identify with?

It's important for cybersecurity professionals to keep the digital world healthy. But they also need to prioritize their own health.

Contributing to the PsyberResilience Project survey can help develop a better baseline for the InfoSec community. Will you take it?

"The PsyberResilience Survey consists of 20 questions, is completely anonymous, and takes less than 5 minutes to complete. And you don't have to be struggling with stress, burnout, or mental health challenges to participate. We want everyone in security to share their experiences, good or bad."

Take the PsyberResilience Project survey here.

It will inform how the PsyberResilience Project tackles the most significant parts of security team burnout.

Related podcast: cybersecurity frustrations

This new project, and the top 10 causes of stress and burnout for cybersecurity professionals, reminds us of a recent SecureWorld podcast on cybersecurity frustrations.

Is it possible that some of the responsibilities in security actually belong on someone else's plate? That's the contention of our featured interview. Listen to the episode below or on your favorite podcast platform.