Working as a cybersecurity analyst is incredibly challenging. It’s one of the only roles in IT that requires 24/7/365 availability, as suffering a breach has become a matter of when, not if. The constant stressors of the job can overload security analysts, which ultimately leads to burnout—affecting every factor of the job from performance to talent retention.

Recently recognized by the World Health Organization (WHO) as an occupational phenomenon, “burnout” is described by the agency as a syndrome resulting from “chronic workplace stress that has not been successfully managed.” Per the WHO, symptoms of burnout include feelings of exhaustion, cynicism about one’s job and difficulty doing the job successfully.

Despite the myriad security analyst job openings and the promise of six-figure salaries, analysts become exhausted within just a few years on the job—if they even last that long. And I’ve learned through my years of experience in the industry that the burnout filter has no bias for talent. While an analyst experiencing some of these symptoms from time to time is normal, the level at which analysts are burning out industry-wide is a problem that will undoubtedly have a devastating impact on our collective digital future.

What’s causing burnout?

Beyond the current global shortfall of nearly three million cybersecurity positions—placing an increased burden on the overworked and understaffed security teams already working in the industry—a number of other factors contribute to the endemic issue of cybersecurity analyst burnout.

Daunting schedules

Security operations centers (SOCs) are 24 hours a day, seven days a week, 365 days a year operations. The stakes are even higher in MSSP-type environments where teams manage, monitor and manage cybersecurity for multiple organizations. As such, it can be difficult to get holidays off, and due to the constant activity analysis required, overnight shifts are (Read more...)