Super Cyber Fridays!
Join us TOMORROW, Friday [10-04-24], for "Hacking Job Stagnation"

Join us Friday, October 04, 2024, for “Hacking Job Stagnation: An hour of critical thinking about what to do when you're stuck in a rut.”

It all begins at 1 PM ET/10 AM PT on Friday, October 04, 2024 with guests Keith Townsend, Chief Technology Advisor, The Futurum Group and Steve Zalewski, co-host, Defense in Depth. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Defense in Depth
When You Just Can't Take It Anymore in Cyber

What are the factors that lead to burnout in cybersecurity? Is the industry getting more stressful, or are we finally opening up about the stress we've always experienced?

Check out this post on reddit for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Shawn Bowen, vp, deputy CISO - gaming, Microsoft. Joining us is Patty Ryan, senior director, CISO, QuidelOrtho.

Recognizing humanity

Cybersecurity professionals are not superhuman. When organizations assume they can do the impossible, it pushes people away. For one Redditor, being asked to secure end-of-life hardware with no end in sight was too much, citing, "Legacy unsupported hardware and software with 1000s of unmitigated vulnerabilities that the organization refuses to upgrade because it's too expensive or too hard." The "myth of the security person being a super hacker is equally draining.” It’s one thing for your organization to have faith in your abilities. It’s another thing to throw everything at you and expect you to be the expert. 

Death by a thousand meetings

Meetings were a constant sore spot for the community. In many cases, it wasn’t the content of the meetings that would drive them crazy; it was how much of their time got tied up in them. One Redditor from a small organization summed up the issue, saying, “70% of my days are in meetings, and the other 30% is focusing on our security posture and roadmap projects.” Actual user support felt like something they had to advocate for. Another issue is the rest of the business not pulling cybersecurity into meetings until too late, leaving them hopelessly playing catchup. “You get pulled into a meeting where all other attendees are 4 meetings ahead of you and you are expected to render a verdict or pull the top risks out of thin air having heard a 30-second speed read of the project.”

What are we looking for?

There are a lot of reasons why people get out of cybersecurity. Some get out even knowing they’ll take a significant pay cut. But what does an ideal cybersecurity job look like? When you’re interviewing, what would be your dream scenario? One Redditor summed it up nicely: "The best place to work for cyber is one with potential for steady, but not rapid growth, solid ticketing/ workflow process, and mature/established IT shop. But you’re not going to properly understand IT staff capabilities in an interview. It's been a crap shoot for me, honestly."

Find your value

Balance was a big theme that resonated with those wanting to stay in the field. This isn’t just the typical work-life balance conversation, although most said that was important, too. Another thing that can keep you going is finding a job where you can see yourself going beyond the tasks of the day and bringing value to your organization. One Redditor said, "Make sure that it's just work, but you are here for a reason to bring value. Most big enterprises, who are above 50k employees have big portions of people who are there to work but NOT make a difference. If you see value: communciate your plan and stick to it."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the episode.

Thanks to our podcast sponsor, GitGuardian

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jonathan Waldrop, CISO, The Weather Company.

Thanks to our Cyber Security Headlines sponsor, SpyCloud

Cyber chatter from around the web...
Jump in on these conversations

"Is defcon or blackhat worth going to in Vegas?" (More here)

"Which cybersecurity tools do you think are required by corporations, but they for some reason don't know about them or don't have them?" (More here)

"How is everyone doing job wise?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [10-04-24] Hacking Job Stagnation

• [10-18-24] Hacking the Hype of Zero Trust

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.