ISSA Survey Results – Cybersecurity Burnout

Recently the ISSA (Information Systems Security Association) released the results of a survey they took in December 2018.  There is a shortage of qualified cybersecurity professionals; not enough people are entering the field, and those with ten or more years of experience may be leaving the field due to stress, lack of a career path, and ineffective mentoring.

The survey sample included responses from 267 professionals with a wide range of experience and company size.  According to the survey, here are the 10 most stressful aspects of the cybersecurity job:

  • Keeping up with the security needs of new IT initiatives (40%)
  • Finding out about IT initiatives/projects that were started by other teams within my organization with no security oversight (39%)
  • Trying to get end users to understand cybersecurity risks and change their behavior accordingly (38%)
  • Trying to get the business to better understand cyber risks (37%)
  • The overwhelming workload (36%)
  • Constant emergencies and disruptions that take me away from my primary tasks (26%)
  • The fear of getting something wrong (25%)
  • Keeping up with internal and regulatory compliance audits (25%)
  • Monitoring the security status of third parties my organization does business with (24%)
  • Sorting through the myriad of security technologies used by my organization (17%)

The report comes to some notable conclusions:

  • Cybersecurity teams are participating in data privacy efforts but may not be up to the task.
  • Cybersecurity professionals are dedicated to their craft but need some career guidance.
  • Knowledge, skills, and abilities (KSA) development depends upon face-to-face interaction.
  • Job satisfaction depends upon an organizational commitment to cybersecurity.
  • Training and skills development remain a problem.
  • CISOs need to be more active with business executives.
  • The virtual CISO position (vCISO) is an attractive career option.
  • Lacking employee security awareness training and a growing workload lead to security incidents.
  • ISSA members are pessimistic about cybersecurity in general.
  • The cybersecurity skills shortage is not improving.
  • It’s a “seller’s market” for cybersecurity talent.

Even though the profession is making progress, it is not always keeping up with the pace of change or the abilities of the adversaries.  This should be a concern not just to IT managers, but to business managers as well.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.