cross-posted from: https://lemmy.capebreton.social/post/506912
More than a dozen cybersecurity professionals shared with CyberScoop similar stories stemming from the intense work demands of an industry that involves often 24/7 vigilance against a growing tide of cyberthreats. Despite a growing awareness of mental health struggles within the industry, sources said there still aren’t enough resources inside companies or across the broader cybersecurity community for professionals dealing with burnout, stress and the intense anxiety of working in a high-pressure environment…
For three years in a row I did not get a full 24 hours that I didn’t have to think about the firm unless it was my annual vacation. I said something for two full years and all I got were platitudes and word salad.
Then they forced everyone back into the office for zero reasons other than they do business like it’s 1962 and couldn’t wait to get back to it.
I left them this May and at this point I have zero interest or intentions to returning to the field, let alone a position.
I’m so f*cking burnt out.
I’m not a cybersecurity admin, I do sysadmin and network admin work mainly. I’ve taken more time off this year from burnout than I have worked this year.
The problem isn’t exclusive to security, and it’s not getting better. The entire IT support industry is grinding it’s workers to the bone and there’s already a need for more workers. By the time this grinder is finished, there won’t be anyone left to do support.
Unionize
I agree, but so far that’s not been very possible…
The scenario I’m in is a relatively small organization, and if we tried to unionize, I’m certain the company would either replace all staff, or simply cease operating.
For large non-tech focused companies like fortune 500s or something, the IT staff is a very small percentage of workers, and even if there’s a union, often the language of the Union contact explicitly excludes IT from the unionized workers; putting them more on par with middle management, which, as IT support, we’re definitely not.
The only viable unionization IMO, is in tech-centric firms. Things like software shops, or large telecom operations.
The only viable alternatives I can think of, which would not happen, is to have an association which acts like a union. Something like the stonemasons but for IT. The other option here is to have everyone in IT basically work for a placement agency, which brokers all employment, so whether you’re working for a fortune 500, or a <100 employee office, you’re going to be paid the same for the same work. The employer would be forced into getting their IT support workers from this organisation which would act like a union (not for profit type deal).
The reason I believe neither would happen is because for either to have any real teeth, there would need to be significant buy in from all tech workers, making it difficult or impossible for organizations to get their IT staff from anywhere that isn’t associated with the union.
There’s pitfalls to an industry-wide union like this too, since if you want to depart from the Union, as a worker, for any reason (or the union refuses to have you as a member for some reason), then you’re basically screwed… if there’s enough buy in for the “Union” to work, then the vast majority of companies won’t bother soliciting work, except from the Union…
I could keep going, but I am in favor of unions. If I’m ever in a position to join one, I will. And if I find an IT job that has a union attached, I’ll apply.
So far, I haven’t seen it.
That’s fucked. Companies need to treat their operational infosec folks way better than that.
Meanwhile over here on the engineering side, where I have zero operational responsibilities, the last 20 years have been quite nice. Please join me :)
I worked in IAM and then IAM software dev for JPMC back in the day, so I worked with the cyber Sec people a lot. I was burned out, those people were fried. I felt so bad every time I had to bother them. Walking up to someone’s cubicle and they would be so startled and you could tell their nerves were just toast.
I ended up being an application security engineer for a while at a different company and I was the only one. After 6 months I went back to just software dev and got out of security all together honestly. I love the stuff but the lack of resources and funding but with massive expectations is a nightmare.
I think this is a problem in tech/it careers in general
I completely agree
I feel like cybersecurity should specifically be addressed in terms of it though; The responsibilities & all that get even more insane and I’ve noticed my friends working in the field are especially stressed out
We have an entire set of rules for mandatory time off, max hours between rest and sabbaticals between large projects, and it is still a struggle to keep staff healthy. It is just a brutal line of work. It takes a toll on your body too. Shit, I had to get four stents on my heart at 44 and cancer at 49.
The joke is, ‘Oh you’ve been in cybersecurity for five years, what’s your addiction?’”
Shits sake if thats the running joke imagine trying to therapize yourself with coworkers bringing the invasive thoughts right back to the table
colleagues at his first security job sharing an affinity for the show “MAS*H"
aw yes!
I don’t find this article all that discouraging, however there must be a human cost to this. There are gonna be colleagues who will need more social care and attention, and perhaps mental health services. Good to keep in mind!
My firm has been in operation for almost twenty years. The most common addiction, even if you don’t get physically hooked, are uppers. Ritalin, focalin, energy drinks, etc. Anything that gives you hyper focus.
As far as consequences go, I had four stents installed at 44 and cancer at 49. It should have been a bypass but my surgeon is a fucking rockstar. Had I not given up red meat in my twenties, I probably would have had a massive heart attack before forty.
Mental health is always a struggle, but we try to implement as many safeguards as possible. It’s still not enough.
Wow. Good on you for doing so much for your health. I lost my Dad to that surgery. Was meant to be stents, turned into an emergency bypass. He was 65. He was a high school + college teacher though, no doubt intense but one step below the explicit demands of cybersecurity outlined in the article.
I am very sorry about your dad. That scares the shit out of me and I think I won’t share that tidbit with my wife. She had a rough time with it as she was not expecting that I would have such major health incident at such a young age.
You will be okay. My dad was meant to get it done at your age, if he had been less stubborn… heh. Take care!
I’m sorry to hear that and I hope you’re ok
I’m alright, thank you. I’d like people to know these are real and mortal concerns - we live with stress and you can’t just ignore it!
Have we learned nothing from the Right To Repair war?
Why fix when you can replace?
Employee’s burnt out? Get a new one!
/s of course. I’m sick of the inhumanity of business
If alcohol is your relief you need to rethink your job