The Home of the Security Bloggers Network
Home » Security Boulevard (Original) » Cybersecurity Pros Love Their Jobs, but Fear Burnout
The lingering effects of the pandemic and the accelerated evolution of the threat landscape are impacting organizations’ security practices, as well as the role cybersecurity professionals play in defending critical assets.
These were the results of the 2021 (ISC)2 Cybersecurity Workforce Study, which collected survey data from a record 4,753 cybersecurity professionals working with small, medium and large organizations throughout North America, Europe, Latin America (LATAM) and Asia-Pacific (APAC).
The study suggested the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.
Heather Paunet, senior vice president at Untangle, noted as organizations head into 2022, candidates for hire in the cybersecurity field will find that certifications are still going to be valued most, as they act as a stamp of credibility for applicants.
“Having certifications such as Cisco’s CCNA, CCNP or CompTIA certifications will put applications to cybersecurity jobs at the top of the pile,” she said. “However, other skills such as problem-solving, communications, experience, adaptability and willingness to learn will gain importance as cybersecurity as an industry continues to evolve.”
She noted the past two years have shifted the emphasis on enabling and securing remote and hybrid workers.
“Cybersecurity professionals have been tasked with making everything as accessible and secure as possible, no matter whether employees are working at home, in the office or switching between the two,” she said.
Another impact: Since IT administrators transitioned the workforce remotely, the amount of IT infrastructure deployed in the cloud has increased.
Paunet pointed to an Untangle survey which found of those SMBs surveyed, 58% reported having 10% or more of their IT infrastructure in the cloud.
“This has likely been because IT activities and staff were remote and accessing a server room remotely was not a possibility; companies found accessing cloud infrastructure remotely delivered a similar experience,” she said.
However, John Bambenek, principal threat hunter at Netenrich, noted many mid-career professionals are struggling with burnout.
“When professionals are in constant fire-fighting mode but don’t have the mental break of actually leaving work, the stress effects seem to linger into our personal lives,” he said. “Much like first responders, cybersecurity professionals need to manage the unique stresses that can come with this work and make sure they can fully disconnect from work when not on work-time—which was far easier to do when we had to go to an office and could leave.”
From the employer side, Paunet said it’s important that companies provide a path for employees to get training and certifications, and put an emphasis on traits such as adaptability and willingness to learn so that people in IT can get the skills that they need.
“In addition, it’s helpful to choose solutions that are designed with easy-to-use UIs that abstract a lot of the complexity from what the IT administrator needs to do or understand,” she said. “Choose UI-based tools rather than command-line tools.”
For example, being able to set up VPNs with a few clicks from a cloud-based management tool is a lot easier than having to go to each site on the network and configure it individually to talk to other sites. She pointed out tools that abstract the complexity and are designed to analyze and automate configuration will help less-skilled personnel be more effective and reduce the burden on cybersecurity pros.
Bambenek said ultimately, organizations either have to hire more people, rely on vendors for services or invest in automation—likely, the best course of action is some form of all three.
“The work needs doing regardless of headcount, so if automation can handle the easy problems, then you can focus the limited number of humans on those problems that require a person to resolve,” he explained.
The (ISC)2 study also found those currently in cybersecurity roles have consistently expressed very high levels of job satisfaction over the last four years, and they reported sharply higher satisfaction in the last two.
For 2021, this includes the highest satisfaction figures ever reported: 77% of respondents reported they are satisfied or extremely satisfied with their jobs.
“Rather than simply working for a paycheck, a career in cybersecurity ensures that cybercriminals are kept at bay, and businesses and the individuals that work in them are protected from mal-intentioned criminals,” Paunet said. “Having a role in protecting coworkers and your company provides satisfaction and a feeling of doing something worthwhile with high tech skills that has a positive impact.”
Bambenek said from his perspective, working in a company where he has peers he enjoys working with and management who supports the work they have tasked him to do is important.
“This industry has a special blessing in that successful professionals don’t have to settle for toxic workplaces because everyone is hiring so we are very mobile,” he said. “This is not true for many other professions.”
Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.
nathan-eddy has 72 posts and counting.See all posts by nathan-eddy

More Webinars
Security Boulevard Logo White