Sign up to save your podcasts
Or
Share The Cavalry is NOT Coming
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Cavalry is NOT Coming
Show Notes: https://justinfimlaid.com/the-cavalry-is-not-coming
Sponsor: https://www.nuharborsecurity.com
Contact Me: https://justinfimlaid.com/contact-me/
Twitter: @justinfimlaid
LinkedIn: https://www.linkedin.com/in/jfimlaid/
I hear it all the
time, security burn out is high. I wasn’t until this week that I realized that
folks got the reason for burn out completely wrong. After listening to someone tell me that a
large tech company burns out their staff due to work volume and rotates the
staff every 2 years I realized we have it twisted. I don’t know about you, but most security
folks I know love doing security and a 60 hour week hasn’t burnt anyone out
when they do what they love. If a 60
hour week does burn you out, then I'd recommend changing your work profession
as a matter of mental health. Go do
something you love to do, then no one would have to pay you to work because
you'd do for free because you love it.
As a former CISO I
can say first hand that the work never burnt me out. The environment and people are what burned me
out. What I mean by that is that having
accountability for security and no direct responsibility for security in a $6B
organization was incredibly stressful. Most security folks I know are in this
spot. They have accountability for enterprise security but the role and action
of security is distributed across the organization.
Also - there should
be some segregation of duties between IT and Security. Since security is often monitoring an
environment they often see mistakes make by peers in the company outside of
security. Those mistakes can make security challenging, but those same peers
often have little motivation to clean up those mistakes unless it directly
impacts their job. So, security having
to feel like they are in the position of digital janitor and clean up can be
exhausting. There's only so many times
you'll clean up the spilled milk before you just leave it spilled.
Security leadership
has become a political position, evangelizing for security, educating you work
colleagues on security all so those same company peers when faced with a
security decision will self-select the correct decision related to security
when no one is looking.
To amplify matters,
you don’t have all the budget you need or want to do your job. Nor likely do
you have all the actual authority to make that decision you want to. The threat landscape is also shifting so
tomorrow is always a new type of cyber attack.
All this is to say
that it's a tough job. Not because of
work load only, but the surrounding intangibles of working in organizations who
probably are excited to pass off security can be draining.
I've got news for you, the Cavalry is NOT Coming. You are on your own.
For those of you
listening to this maybe not grasping the challenge, let me propose an
analogy. We’ve all been out to dinner at
a restaurant.
View all episodes
By Justin FimlaidShow Notes: https://justinfimlaid.com/the-cavalry-is-not-coming
Sponsor: https://www.nuharborsecurity.com
Contact Me: https://justinfimlaid.com/contact-me/
Twitter: @justinfimlaid
LinkedIn: https://www.linkedin.com/in/jfimlaid/
I hear it all the
time, security burn out is high. I wasn’t until this week that I realized that
folks got the reason for burn out completely wrong. After listening to someone tell me that a
large tech company burns out their staff due to work volume and rotates the
staff every 2 years I realized we have it twisted. I don’t know about you, but most security
folks I know love doing security and a 60 hour week hasn’t burnt anyone out
when they do what they love. If a 60
hour week does burn you out, then I'd recommend changing your work profession
as a matter of mental health. Go do
something you love to do, then no one would have to pay you to work because
you'd do for free because you love it.
As a former CISO I
can say first hand that the work never burnt me out. The environment and people are what burned me
out. What I mean by that is that having
accountability for security and no direct responsibility for security in a $6B
organization was incredibly stressful. Most security folks I know are in this
spot. They have accountability for enterprise security but the role and action
of security is distributed across the organization.
Also - there should
be some segregation of duties between IT and Security. Since security is often monitoring an
environment they often see mistakes make by peers in the company outside of
security. Those mistakes can make security challenging, but those same peers
often have little motivation to clean up those mistakes unless it directly
impacts their job. So, security having
to feel like they are in the position of digital janitor and clean up can be
exhausting. There's only so many times
you'll clean up the spilled milk before you just leave it spilled.
Security leadership
has become a political position, evangelizing for security, educating you work
colleagues on security all so those same company peers when faced with a
security decision will self-select the correct decision related to security
when no one is looking.
To amplify matters,
you don’t have all the budget you need or want to do your job. Nor likely do
you have all the actual authority to make that decision you want to. The threat landscape is also shifting so
tomorrow is always a new type of cyber attack.
All this is to say
that it's a tough job. Not because of
work load only, but the surrounding intangibles of working in organizations who
probably are excited to pass off security can be draining.
I've got news for you, the Cavalry is NOT Coming. You are on your own.
For those of you
listening to this maybe not grasping the challenge, let me propose an
analogy. We’ve all been out to dinner at
a restaurant.