A few months ago there was this whole thing about the stress of security jobs, CISOs self-medicating, and a whole range of burn-out talk. Ok, yes, security is a tough job. A very tough job.
To do the job well requires broad and deep technical/risk skills, leadership augmented by a wide range of emotional intelligence, and a whole lot of personal resilience. Despite efforts to be 'never silently awesome', it can be most visible when things go wrong. Wrong can be both sides of the line: too much of the wrong security impacts customer experience and business agility, or too little and you see incidents of varying impact. But, to be honest, it’s not a uniquely stressful or difficult job, there is a myriad of similarly tough or much tougher jobs from military, health care, emergency workers to sales people with a tough target or software developers with a deadline. [not an exhaustive list]
But hold on, it’s also one of the most fantastic jobs, perhaps call it a profession or a vocation, that has ever existed. Here’s why:
- You get to be involved in pretty much every part of everything your organization does – with natural focus on the customer.
- You get to take both broad/deep technology and business perspectives and rapidly learn the interplay between them – up and down the organization.
- You learn how to spot the failure modes of anything.
- You have extraordinary personal resilience – and (this sounds crazy) an innate long-term optimism that things will keep getting better, perhaps because of our implicit short-term pessimism.
- You are unusually good with incremental approaches, recognizing complexity and taking a systems-wide view of solutions.
- You need a multiplicity of skills not always found in other roles, which are individually portable and collectively indispensable.
- You get earlier career exposure to disproportionately senior people, inside and outside, and you become intimately entwined with the core processes and assets of your organization and its mission.
- You have fascinating and quickly evolving adversaries and you are forced, as a result, to be constantly learning and developing.
- You have a higher purpose. You are defending the flow of capital and ideas that are essential to human progress, adding value to society, protecting people’s information and livelihoods, and in some cases actual lives.
- You are part of an amazing community (not always perfect though!). Until you’ve stepped out of security into another risk, IT or business role you don’t realize how unique the camaraderie among security people is. I remember in various industry or geographic disasters over the years that when different companies' IT staff needed to work with each other it was often the security people (who were already connected with each other) that facilitated that connectivity.
Bottom line: security is an incredible job in fantastic times. Pause, look back at the progress made, enjoy the privilege of working on hard things. Then remember that, as the saying goes, 'we are careering into the future at the speed of light, relax and enjoy the ride'.
21 September 2020
CISO at Goldman Sachs
A specialist in enterprise risk, information & cyber security, technology risk and business resilience with significant experience in multiple industries and multiple geographies.
Latest Blog posts
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
15 September 2021
Analyzing the CVE-2021-40444 exploit
13 September 2021
Take the power back: Tool-up against a notorious global threat group with our new FIN7 series
13 September 2021
Episode 44: Rotten Apple or Privacy Nuts?
2 September 2021
Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare
10 August 2021
Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator
27 July 2021