CISOs work in a stressful field that changes on a daily, sometimes hourly basis. The weight of the world is on their shoulders—externally, because of security threats to their organizations, and internally, because of how they might shoulder the blame for a challenging security incident. On top of all this, CISOs are constantly fighting for resources while being asked to do more with less, and in the midst of protecting their organizations, they must defend how they spend their budget and show more ROI. For many CISOs, this feels like being asked to look left and right simultaneously.

Half of CISOs will change jobs by 2025, and 25% of them will seek completely different job roles, according to the Gartner report Predicts 2023: Cybersecurity Industry Focuses on the Human Deal.

Unfortunately, there isn’t a genie in a bottle to wish away this dilemma. But my 30 years of experience in security has taught me that it is vital to prioritize mental health and that we can no longer stay quiet about the constant threat of burnout that stems from what CISOs—and all security professionals—are up against.

Talk is cheap, but actions are priceless, which is why I hope this can serve as the beginning of an open dialogue to identify more useful approaches. Here is some practical advice that, from firsthand experience, I can say has helped foster positive mental health.

Spend Time on Things you Can Control

As CISOs, we have to spend our energy on the things we can control, and too many of us waste energy on the things we cannot. By proactively identifying my scope of command and getting buy-in from stakeholders, I’m able to acknowledge the things that are not in my wheelhouse. This allows me to dive deeper into solving problems for which I am responsible while also alleviating the stress and pressure of the things I can’t control. That’s a big difference from saying something “isn’t my responsibility.” It’s a willful acknowledgment of the things that are worth spending time on.

Make Time for Yourself and Your Passions

Allow yourself to block off time in your monthly schedule to reflect on what’s working well and what needs to be refined. If you focus solely on the daily work and pressures of this field, you begin to narrow your sights and only see the negative around you. Spending time with friends, family, in nature, focused on a cause larger than you or on a hobby, can remind us that the good work we do helps protect the things we hold near and dear and that there’s a lot of good out there too. This adage holds true in many areas of life: If I’m not taking care of myself, I can’t help others.

Seek out Self-Awareness and Community in Your Organization

The points above are only possible to apply if you have a supportive company culture that not only values the work you do but also values you as an individual. Actively poll a company about their acknowledgment that stress and mental health play a significant role in the ability to perform and that having a healthy work-life balance is important. However, it is also our responsibility to check in with our colleagues and fellow professionals in the industry. When we are able to share some of the issues we’re facing or struggles we see, we feel less alone. Because we come from such diverse backgrounds, our collective experience can help us solve these problems together.

Though May was Mental Health Awareness Month, I want to encourage others within the security community to break the stigma around this important topic every month of the year. It is now more important than ever to provide our employees with dedicated mental health resources such as therapy, education and other tools needed to foster a healthy mind. We can also use this conversation to encourage leadership to partner with important mental health nonprofits. By being transparent about mental health, we are opening the doors for our colleagues who need support to come forth and ask for the help they need.