RSA Conference 2012: Stress and burnout in infosec careers

IT security professionals are experiencing extreme levels of stress and burnout, but they have few places to turn for help

Career stress and burnout is as common among information security professionals as it is among professionals in other high-stress fields, such as medicine or law. But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant.

"If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and managed services consultant. Yerrid was one of several panelists who took part in a talk focused on IT security burnout and stress held Monday at the 2012 RSA Conference in San Francisco.


The group, all information security veterans, spoke to a packed room about some of the causes of burnout in the info sec field, how to recognize the symptoms, how to seek help and how to reach out to others who may need assistance.

"For me, burnout manifested itself as rage," said Yerrid. "And when you are a six-foot-one, bald guy having a bad day on the job, that can give some people a bad impression."

"I've seen a high level of burnout. A number of colleagues in this field, fighting the good fight, who have exhibited signs of burnout," said Martin McKeay, a security evangelist with Akamai Technologies.

Moderated by Jack Daniel of Tenable Network Security, the panel mentioned several reasons why they thought levels of stress were high within the info sec field.

Security consultant Gal Shpantzer noted an individual he had met several years ago who had once been in law enforcement and took part in drug raids and other types of high-stress and adrenaline-filled missions as part of his job. But when his friend transitioned to a job in information security, his level of satisfaction was much lower. Shpantzer said his friend felt like he could measure success, and knew when he had done a good job at the end of the day, in law enforcement. In IT security, there are very few concrete measurements for success, Shpantzer said.

"It's like a fungus," said Shpantzer. "You're trying to get rid of it, but it keeps growing."

Others on the panel cited the types of personalities that the info sec field attracts which make working in the profession hard.

"We are a nasty group of people. We turn on each other," noted panelist Joshua Corman, director of security intelligence for Akamai Technologies."We spend so much time worrying about malware and woes in this industry that we forget to take care of each other."

Panelist Stacy Thayer, executive director of SOURCE Conference, noted info sec is an isolating profession and that lack of human contact on many days can make things seem bleak.

"We work with computers. It's not like they are warm and fuzzy," said Thayer.


Daniel presented the results of a "Burnout Survey" he and the panel conducted in 2010. Although a wide range of respondents took part, the data only contained about 124 valid responses, which Daniel noted was insignificant from a research perspective.

"It allows us not to draw conclusions, but to make observations," said Daniel.

The data focuses on three indicators of burnout: level of exhaustion, level of cynicism and self-efficacy. Low levels of self-efficacy is where security professionals differentiate themselves from other high-stress professions, he said.

Among the responses, Daniel said the data revealed almost 13 percent of those surveyed were in what he called a "red flag" area for level of burn out and were clearly in need of some intervention. Several panelists urged audience members to reach out to those who may be in need of some support, or to ask for help themselves if they felt they were at a critical point and nearing burnout. Other advice included taking on a mentor or mentee role or getting involved with teaching or speaking about an outside passion or hobby.

The goal of the talk was to raise public awareness and support about the risks associated with burnout among infosec professionals and build a community of support. It is an ongoing effort led by the panel. More information can be found at Interested professionals are also asked to fill out a career attitudes survey at

Join the CSO newsletter!

Error: Please check your email address.

More about Akamai TechnologiesAkamai TechnologiesetworkGoogleRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts