A role in cyber security, while rewarding, can also be extremely taxing psychologically.
Chris Schueler, the senior vice-president of managed security services at Trustwave, began his cyber security career in the US military, when the field itself was still in its infancy.
Though cyber security has changed a lot since then, Schueler feels that his military background has remained relevant – in both the military and in cyber security, you’re on the front line, be it a digital or literal one.
An attack can happen at any time
“Today may be your worst day,” as Schueler puts it. “You may log into your computer and see absolute chaos. [You may] be called out of bed at two in the morning to quickly realise that the worst thing has happened: your environment has been breached, your data is spread across the internet. That reality used to be few and far between. Now, it’s not a matter of if, it’s a matter of when it’s going to occur.”
In an industry as tight-knit as cyber security, news of large data breaches, travel “at the speed of the wire”. Schueler added: “The minute something happens, your personal reputation, not the company’s, is now on the line.”
As one might expect, constantly being braced for ruin, and the feeling that this ruin will instantly become very public, will put knots in the stomachs of even the most zen of people. This is why, Schueler argues, burnout and stress overload are endemic in the cyber security industry.
Nobody wins when employees become stressed. It’s bad for the workers themselves, of course, but Schueler argues that it is disastrous for employers and managers, too. “The scariest thing [an employer] can have is a cyber security team that is burnt out, because now they’re so overwhelmed, [they] can’t care any more. That’s your worst-case scenario.”
Managers can ensure that employees aren’t faced with a workload that increases their stress levels. The working schedule should be peppered with appropriate breaks and managed so that the most intense elements of the job don’t fall too consistently on any one employee. If need be, Schueler suggests, outsource elements of the cyber security strategy as a way of calling in extra reinforcements to address threats.