Erik Avakian, former chief information security officer for the Commonwealth of Pennsylvania, has set a record for having an impressive tenure in his role. Avakian not only outlasted three successive governors but also managed to exceed the average tenure of CISOs, which typically ranges from 18 to 26 months. Despite facing the common struggles and burnout experienced by many in his industry, Avakian thrived off the challenge of thwarting hackers until he decided it was time for a change last fall.
In a recent survey conducted in 2024 by BlackFog, it was found that nearly 1 in 4 CISOs are considering leaving the profession due to stress. This issue has been escalating for the cybersecurity community, with many professionals feeling overwhelmed and undervalued in their roles. The root causes of these problems include feeling stuck in thankless jobs, lack of visibility within the organization, and the pressure of accountability without authority.
Many CISOs report to CIOs and are often seen as obstacles to innovation rather than enablers. They operate as cost centers rather than revenue generators and rarely receive positive recognition for their efforts. This lack of support and recognition from leadership can lead to feelings of frustration and isolation.
In addition to the challenges of their role, CISOs also face the constant threat of cyberattacks and the growing complexity of cybersecurity threats. Automated hacking tools that utilize artificial intelligence and machine learning have made it increasingly difficult for security teams to defend against attacks. The lack of resources and support further exacerbates the stress and pressure faced by CISOs.
To address these challenges and improve well-being in the cybersecurity profession, experts recommend several strategies. CISOs should negotiate for better terms of employment, including clear expectations around budget and staffing. They should also focus on developing soft skills to communicate effectively with senior leaders and gain support for their initiatives.
CISOs are encouraged to prioritize work that aligns with their values and motivations, as well as prioritize mental and physical health. Investing in therapy, exercise, and other mental health activities can help CISOs maintain their well-being and effectiveness in their role. By taking proactive steps to address the root causes of stress and burnout in the cybersecurity profession, CISOs can better navigate the challenges of their roles and extend their careers in the field.