Listen Up: CISO Burnout Is Tough – Not Talking About It Is Tougher

This week we’re talking CISO burnout, the mounting stressors for these vital security professionals – SEC ring a bell? – and how they need to flip the perspective on their role.

Maybe you feel a lot of pressure in your job. For chief information security officers, the heat turned up to SCORCHING last year when the U.S. Securities and Exchange Commission, for the first time ever, brought charges against a CISO in connection with a cybersecurity incident. That kind of scrutiny, plus the increasingly challenging attack variables propelled by AI and the new generation of cybersecurity tools (also propelled by AI), have driven an alarming spike in burnout rates and mental health issues.

Steve Zalewski has been there.

The future of IT and security is autonomous. But most organizations don’t know which manual processes are easy to eliminate. This is where you start.

When he was CISO at Levi Strauss, he’d be on alert 24/7, get woken up at all hours to solve cyber issues, deploy the appropriate technical tools, then try to get back to sleep – all to secure the legendary jeans company. He jokingly says his job was to “inflict friction in a perfect business process to make it inefficient, in order to stop attacks.” He knows that’s the common misperception other employees grumble about, and he’s done his fair share of grumbling too. He burned out multiple times – and left the profession.

Now head of cybersecurity advisory S3 Consulting, he sees how the expectations of the CISO have become even more demanding: They’re now being held accountable from an executive risk perspective, so they need to rethink their job in terms of business impact, he says. (In his case at Levi’s, how could he help them sell more jeans?) “That’s an aha moment for a lot of people to now realize what it means to have a business-risk conversation and position your security program as that component.”

[Listen to the full episode: Ep. 15 – It’s Tougher Than Ever to Be a CISO, and It’s Time to Admit It]

He’s open and willing to talk about the brutal truths. And yet he still remains upbeat. “When you hear this, don’t think, ‘Wow, why would I ever want to be a CISO?? It’s the best job I’d never want,’ but rather, ‘This can be incredibly satisfying, personally and professionally, and we are going to figure this out.’”

FOR MORE EPISODES

By tuning in to Let’s Converge,you’re joining a community of like-minded individuals who are passionate about cybersecurity. We’ll drop a fresh episode every week – and at just 20 minutes or so, it’s easy to stay informed without hours of listening.

• Ep. 14: How to Lead a Threat Intelligence Team | Tanium
• Ep. 13: Do You Need to Hire a Chief AI Officer? | Tanium
• Or check out our gallery of earlier episodes here – Informative and provocative discussions about data privacy (why it pays to take it seriously), ChatGPT (the hype and the hope), automation (security’s best kept secret), ransomware negotiation (to pay or not to pay), and much, much more.