Mental health: Is it a big issue in cybersecurity?

Credit: ID 125812078 © Tatiana Stulbo |

This article is going to be a little different to my normal style. I really want to do my part in highlighting a problem in the security industry that we all need to consider and discuss openly so we can help each other in tough situations. Stick with me and let us advance this conversation in our circles, it will be a benefit to us all.

I am a security professional / would-be ethical hacker and I feel that the glorified image our society has of my profession is all wrong. Movies and TV shows have depicted us as nerdy types who have little to no social skills gamers (I am personally not much of a gamer) and general techies who wage battle with all sorts of foes to fight injustice in our world. One day we are taking down big evil conglomerates or some mythical bad people that save us all from the impending doom.

What about Abby from CSI who can bypass encryption on suspects systems and have all the answers they need to crack open a case in minutes (it is so not that easy, we wish it were). We then would have dramatic battles in cyberspace to win the fight (if many of you saw how it was really done you would lose interest quickly but Hollywood does this very well). Okay, I admit I am being a little dramatic here in trying to paint a picture of this mythical creature they call a cybersecurity professional (Going all Hollywood on you).

What we really do most of the time is dredge through millions of logs (if we are lucky we have a SIEM which makes that much easier), respond to the flood of alerts from port scans through to a stopped email attachments that may be malicious. Our job is mundane most of the time and really is not so Hollywood dramatic. We have a workload that never ends and in many organisations, it actually seems to be climbing constantly which makes you feel like you are fighting a losing battle. Yes on occasions, we get to do penetration test engagements or red team projects (where we get to pretend to be the bad people) and get to have a bit more fun.

On those rare occasions, being in a security professional or ethical hacker is awesome but most of the time we can be very isolated and have minimal interactions with the rest of the world. We can work 60+ hour weeks and just honestly are pretty stressed out with the avalanche we call our workload. These issues are exasperated by the skills shortage and the seemingly difficult to clear roadblock for people to join our ranks. I am not going to talk about that issue in this article as I have already covered that with my previous articles “you want a career in Cybersecurity, are you crazy?” or “What to look for when hiring Security Talent: Hidden talents”.