Security pros hampered by burnout, lack of diversity – how do we fix this?


The cybersecurity profession is in a somewhat precarious state. Not only are cyber pros faced with increasing threats from insiders, but threats from external adversaries also continue to rise and are becoming more sophisticated. At the same time, companies are challenged by a crippling cybersecurity skills shortage: ESG/ISSG recently found that a whopping 74% of organizations have been affected by it. These conditions are combining to take a toll on the cybersecurity profession and the industry.

The most obvious and immediate impact is burnout. As an example, in Exabeam’s 2019 Cybersecurity Professionals Salary, Skills and Stress Survey, 62% of cybersecurity professionals said they found their jobs stressful or very stressful, with only 6% saying their job was not stressful at all. Similarly, 44% said they don’t feel they are achieving a work-life balance. And while 71% said they are satisfied with their jobs and responsibilities, that’s down sharply from 83% just a year earlier.

Burnout is also leading cybersecurity professionals to look elsewhere for career opportunities. In the survey, 40% said they are currently looking for a job, and more than half of those cited poor compensation and unsupportive senior leadership as reasons for their roving eyes.

The demographic makeup of the cybersecurity industry is concerning as well. Despite the tremendous need for more talent, the profession is failing to draw interest from diverse groups. An overwhelming majority (91%) of survey respondents were male, and 65% were white. Less than 3% were African-American. Given that threats are coming from any and all directions, a multidisciplinary approach is needed to build a more complete defense, and having a more diverse team with diverse points of view will help companies accomplish that.

However, embracing diversity is an aspect of culture, and we know that changing corporate culture can take time. While lack of diversity can’t be solved overnight, leaders can support their teams and create opportunities for populations that are underrepresented today. Some examples of how companies can help encourage a more diverse workforce include job shadowing, internships, broadening recruitment requirements and more. Leaders who succeed at broadening their teams will be the ones who ultimately create a more inclusive, comfortable and productive environment where professionals believe they can deliver exceptional work, engaging with confidence and without ego.

Not everything in the cybersecurity profession is gloomy, however. The upside of a skills shortage is that it leads to job security, and 76% of those surveyed said they do feel secure or very secure in their current role. Workers’ salaries were in a median range between $75,000 and $100,000. And nearly half of cybersecurity professionals said they have been building a career in the industry for 10 years or more.

Without question, there is an opportunity for companies to attract top cybersecurity talent by demonstrating support for their teams, building a positive environment and promoting diversity. It’s telling that 78% of respondents would recommend a career in cybersecurity. The stress can be handled – it just has to be done the right way.

As we look toward 2020, companies can take appropriate steps to support their security teams and help them guard against burnout. There are opportunities and rewards to protecting people, privacy and the world’s data, and if the cybersecurity industry can determine compelling ways to invest in people, even more talent will be drawn to this exciting and evolving space.


Steve Moore is vice president and chief security strategist at Exabeam, helping drive solutions for threat detection and advising customers on security programs and breach response. He is the host of the “The New CISO Podcast” and a Forbes Tech Council member. Prior to Exabeam, Moore served as Staff VP of Cybersecurity Analytics at Anthem, a Fortune 30 healthcare company. Moore’s experience includes leading the investigation of state sponsored cyberespionage campaigns, breach response, associated legal depositions, and client management. He’s passionate about cybersecurity, teamwork and leadership excellence.


No posts to display