Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Craig Hinkley
Craig Hinkley
Connect Directly
E-Mail vvv

Preventing PTSD and Burnout for Cybersecurity Professionals

The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.

June — Post-Traumatic Stress Disorder (PTSD) Awareness Month — has come and gone, but mental health is a topic that needs to be continuously talked about throughout the year. The condition is often associated by the public with veterans and first responders, but it can afflict someone from any walk of life.

PTSD can occur when someone experiences or witnesses a traumatic event, and its symptoms include acute anxiety, flashbacks, and intrusive thoughts. This condition isn't always understood properly by the medical community or general population, and it is important to raise awareness about the issues that individuals face when struggling with PTSD. Throughout the entire year, we need to help raise awareness about the many different forms of the disorder and help seek treatment options for those affected.

Cybersecurity PTSD and Burnout
While not as serious as PTSD for the likes of veterans recovering from war, cybersecurity professionals can face a different type of PTSD. Many are firsthand witnesses to cyberattacks that leave lasting damage to the organizations they help protect and can carry over into their work in the future as a reminder of the worst that can happen. Panic can set in when security pros see signs that remind them of past incidents. It's's best to deal with these issues and stress before they become lasting problems that keep them from doing their best work.

Cybersecurity burnout and job fatigue are both a reality, and they are a growing, troubling problem that our industry faces on a daily basis. When compounded with the current cybersecurity skills shortage and the constantly growing threat landscape, burnout is amplified.

As the CEO of a major cybersecurity organization myself, it's important for me to face these issues head-on by creating a culture of individual well-being and self-care. It's imperative to have a close relationship with my team members to help evaluate their state of mind and provide them with support. Support must come from many different areas, such as implementing counseling and stress-relief programs.

Organizational leadership starts with the CEO, and it is my goal to consistently show team members that we care about them and empathize with their daily struggles by constantly making an effort to invest in their well-being. This doesn't always need to come in the form of hands-on training and team building; it sometimes can mean simply listening to the team members to make sure they understand that their contribution is valued and that their work has a purpose.

Cybersecurity Mental Health
Possible issues like depression and anxiety aren't new in cybersecurity, and stress is often rampant. Infosec professionals work long hours and are under constant pressure to protect critical networks from the latest in digital threats.          

As the pace of cybercrime continues to grow, demand is outpacing the supply of security professionals who can help combat the ever-increasing threats. Cybersecurity Ventures estimates the total of unfilled security jobs will reach 3.5 million by 2021. With these global staffing shortages, some departments may only have 10 staffers when the number to adequately do their jobs should really be teams of 15 or 20, directly leading to increased stress levels.

The Effect on Us
The skill shortages represent a widespread threat to the security of all of us. Not having enough trained workers for the organizations that we trust to protect our data leaves us all vulnerable in one way or another. Furthermore, the organizations that are adequately equipped with enough cybersecurity professionals tend to still be overworked, highly stressed, and prone to burnout.

Anecdotal evidence also suggests a high prevalence of mental health concerns in the cybersecurity community, perhaps heightened by the hacker subculture attracting people from a variety of backgrounds, some of which may involve pre-existing mental health conditions.

This topic is extremely personal to me as well. As a teenager, my son suffered a horrific event that left him struggling with PTSD for two years. I saw the effects PTSD had not just on my son but his friends and family, including myself. PTSD is very real with the impacts reaching far and wide. With treatment there is hope, and with compassion and understanding we can help someone affected by PTSD get on a path to recovery.

What to Do Next
Burnout in cybersecurity will likely never completely go away, but it's currently causing our industry to lose out on too many hardworking professionals. Thankfully, by becoming more cognizant of the mental health struggles the industry faces, and with a little more attention to detail, we'll fight back against burnout. Please join me in talking to cybersecurity professionals, whether you are a CEO of a leading organization or simply a friend or family member of someone who works in the industry. The safety of our digital lives is at stake, and we all need to do our part in raising awareness of these issues.

If you or someone you know needs help, contact ADAA, a nonprofit national organization committed to the prevention, treatment, and cure of anxiety and mood disorders, including PTSD.

Related Content:


Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Escaping Email: Unlocking Message Security for SMS, WhatsApp."

Craig Hinkley joined WhiteHat Security as CEO in early 2015, bringing more than 20 years of executive leadership in the technology sector to this role. Craig is driving a customer-centric focus throughout the company and has broadened WhiteHat's global brand and visibility ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
9/16/2019 | 2:40:16 PM
PTSD is not correct here
Trauma neither - this is standard stress within the computer industry and all careers can have it from a help desk (problem and ticket overload) to server admins (nothing like a failed data center on a Friday) to ransomware across the entire firm.  Stress is common enough in life as it is.  My own qualification for PTSD is that my data center crashed down 103 floors in the south tower on September 11 and I was only 2 floors down from 103 and made it down to the ground and live.  THAT is PTSD my friends.  Plus I saw 3 people fall from the north tower and die.  That is a room I do not go into very often.  I want remain sane.  Every September 11 it hits me hard from 8:46 a.m. to 10:29.  Severe PTSD attack so I have no sympathy for an over-stressed sys admin or security consultant being defined as a PTSD case.  Stress?  Mega-stress?  Fine, been there, done that.  But to use this argument for cyber sec is just wrong and does ill to those of us who have been through a living hell and survived. 

BTW - many of my response posts relate to disaster recovery and business continuity scenarios which do not exist whenever a ransomware attack happens.  I am strong on this subject precisely because of September 11.

Update - I realize that this note seems really mean and nasty to the article which does have good points all over - I am just strong on this subject for obvious reasons so take my commentary with a big grain of salt and a shot of Dewars.  Thanks
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-19
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
PUBLISHED: 2021-04-19
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files.
PUBLISHED: 2021-04-19
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service.
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.