I can certainly empathize with folks who suffer from burnout, in any occupation. It is miserable and clinical and not to be minimized or swept under the rug. But if this whole mindfulness approach has shown me anything, it is that we control how we respond to situations. So yes, security is a tough job. Yes, you probably can’t win. Yes, your senior management has no idea what you do and can’t understand your value.

But that doesn’t mean you should go reaching for the hemlock at the first opportunity. You have to be able to handle the job – good, bad, and ugly – on a daily basis. Or find something else to do. And I say that from a position of kindness, not to be a dick. If you can’t find happiness, engagement, and a sense of accomplishment from your career, get a new career.


Krypt3ia posts his perspectives on the burnout issue. I am pretty sure he isn’t coming from a place of kindness but he delivers the facts. In order to survive and possibly even thrive doing security, you need to understand the job. And Scot has a great summary in a few bullet points:

– It is your job to inform your client/bosses of the vulnerabilities and the risks – It is your job ONLY to inform them of these things and to recommend solutions – Once you have done this it is up to them to make the decisions on what to do or not do and to sign off on the risks – Your job is done (except if you are actually making changes to the environment to fix issues)

Did you get that last one? Your job is done. Remember the Serenity prayer? I don’t care if you kneel at the alter of the Flying Spaghetti Monster or nothing at all – if you know the difference between what you control and what you don’t, you have a chance.

If you don’t, then you don’t.

Photo credit: “Nice Cup of Hemlock?” originally uploaded by Kova Shostakovich