The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership Problem

Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority.

Tyler Farrar, CISO, Exabeam

December 13, 2022

5 Min Read
The word "leadership" on a compass
Source: le Moal Olivier via Alamy Stock Photo

Around the world, employees have been experiencing extreme stress due to the ongoing pandemic, business disruption, and the faster pace of work. 

This is a mental state and lived reality that cybersecurity staffers experience day in and day out. When new hires start work on Day 1, they know what they are signing up for. Most organizations today face an unrelenting fusillade due to the accelerated pace of digital transformation. New threat patterns are emerging, credential compromise is raging, and cybercriminals are cooperating on strategies. 

So, for analysts in security operations centers (SOCs), there's a thrill of the chase and rewards that come with stopping would-be attackers from damaging a company and its customers. However, there are also thousands of alerts to review each day, as well as the agony of defeat when a data breach occurs on their watch. 

Processes and Technologies Are Improving. Why Are We Still Talking About Stress in Cybersecurity? 

Despite this reality, many teams have best-of-breed platforms at the ready. So, it's actually getting easier for cybersecurity professionals to do their work. Behavioral analytics detect attackers rapidly and separate the noise from signals of malicious behavior, so that analysts can triage alerts faster. With automated workflows, analysts can focus on higher-level duties. A survey conducted by Chartered Institute of Information Security (CIISec) in 2020/2021 found that 53% of analysts said their organization is getting better at protecting the network and recovering from attacks, while 56% said their team was more adept at responding to cybersecurity incidents and breaches. 

The Many Factors of on-the-Job Stress for Analysts

First, it's important to acknowledge that working within the cybersecurity industry is inherently stressful. Some 51% of analysts said they're kept up at night by job stress and challenges. Factors include forced cancelation of education events due to the pandemic (66%), overwork (47% work more than 41 hours per week), insufficient budgets (53%), and increased difficulty executing key security processes such as reviews and audits due to remote work. 

Survey results don't capture the distinction between good stress and bad stress. Good stress includes learning new skills, problem-solving on the job, collaborating with teams to track adversaries and respond to threats, and gaining new professional opportunities. Bad stress includes feeling unsupported by organizations and leaders, not having the tools needed to do the job, and experiencing a poor work-life balance. And then there's situational stress, such as trying to execute processes remotely that are better done onsite, such as performing audits. 

Servant Leaders Can Make a Difference

Many of the cybersecurity issues raised in the CIISec survey point to a need for strong leadership that proactively identifies and resolves issues. But cybersecurity teams need servant leaders, not those who lead by establishing command and control structures. 

Servant leaders create authority by — you guessed it — serving their employees. Cybersecurity executives of this ilk are concerned about the well-being of the team, regularly checking in with team members on how they are doing, and removing roadblocks that harm operational performance. They'll go to bat with upper management to get an increased budget for new tools and additional staff to smooth out workloads for teams. Servant leaders take turns serving on call to understand work conditions from analysts' perspectives and hold regular team meetings to discuss key trends and issues. They're also likely to look ahead to anticipate market and business developments and reposition their organization to get ready to meet them. As a result, these leaders' teams feel supported. Analysts are not afraid to share problems or new ideas, as they know their leaders will listen, consider them carefully and, most importantly, respond.

Further, servant leaders develop their teams. They understand that cybersecurity analysts want to develop their knowledge and skills to progress their careers. Analysts cited job growth as the No. 1 reason they leave their existing roles and the No. 2 reason they take new jobs; right behind compensation. Respondents named taking training, cross-training across other technical and business areas, and working with experienced staff as high on their wish list for accelerating their careers. 

Looking Ahead and Prioritizing Growth

Given that professional development took a back-seat to fighting threats during the pandemic, cybersecurity leaders should push forward with career planning for their teams this year. Some 41% of analysts say their career development plans are only partially planned, while 11% say they aren't planned at all. As a result, firms that excel in these areas can poach staff from less development-oriented firms, building their teams at a time when competition is keen for top talent.

The events of the past two years have put an undeniable strain on cybersecurity teams. Risks have grown, increasing teams' workloads and weakening their sense of control. In addition, budgets haven't kept pace with hiring, training, and tool requirements. 

What organizations need now is for servant leaders to step forward and make their cybersecurity teams' professional effectiveness and personal happiness an important priority. Whether it is simply listening to analysts' concerns, making strategic investments in improving operations, or fostering career growth, servant leaders gain authority by putting others first. With humility, accountability, and consistency, servant leaders create greater organizational cohesiveness, break down barriers to execution, and help their teams outperform, even in the most challenging market and business environments.

About the Author(s)

Tyler Farrar

CISO, Exabeam

Tyler Farrar is the Chief Information Security Officer (CISO) at Exabeam. In this role, he is responsible for protecting Exabeam — its employees, customers, and data assets — against present and future digital threats. Farrar also leads efforts in supporting current and prospective customers’ move to the Exabeam cloud-native New-Scale SIEM and security operations platform by helping them to address cloud security compliance barriers. With over 15 years of broad and diversified technical experience, Farrar is recognized as a business-focused and results-oriented leader with a proven track record of advancing organizational security programs.

Prior to Exabeam, Farrar was responsible for the strategy and execution of the information security program at Maxar Technologies, which included security operations, infrastructure governance, cyber assurance, and USG program protection functions. As a former naval officer, he managed multiple projects and cyber operations for a multimillion-dollar US Department of Defense program.

Farrar earned an MBA from the University of Maryland and a Bachelor of Science in Aerospace Engineering from the United States Naval Academy. He also holds a variety of technical and professional certifications, including the Certified Information Systems Security Professional (CISSP) certification.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights