Feeds

IT staffers on ragged edge of burnout and cynicism

Stress survey says companies failing staff

Protecting against web application threats using SSL

RSA 2012 A survey of stress levels among IT security staff, thought to be the first of its kind, has shown that an alarming number of staffers are suffering dangerous levels of cynicism, leaving them depressed and unable to function properly.

The survey (securityburnout.org) was organized by Jack Daniel, founder of the Security B-Sides conference, joined by friends in the industry who are becoming increasingly concerned with the lack of support within the IT community for staff. So far, only 124 valid survey samples have been returned (which the team admit isn't good on a sampling level ), but the results are worrying.

Less than half of those surveyed felt that they weren't exhausted by their job, and 13 per cent reported levels of exhaustion and cynicism that are highly deleterious to someone's health. As an industry, IT – and particularly IT security – showed an average score for job cynicism that was at the extreme edge of what's healthy. Over a quarter of those surveyed felt that they were not achieving their job's goals.

"Other professions know that this is a problem and have strategies to deal with it, but there's no recognition of this in IT," Daniel told The Register. "In part it's because we're a very young profession that's constantly changing. But this needs a doctorate-level study, not something put together by six security professionals in their spare time."

He pointed out that security professionals are known for workaholic tendencies – joking that most people loved 40-hour weeks so much they worked two of them every seven days – but warned the risk of staff burnout is very real. The nature of the job was also an issue, in measuring the effectiveness of what you do – with IT security it only takes one mistake and the end result can be disastrous.

"There's a real business case for this," team member and cofounder of the SOURCE security forum Stacy Thayer said. "Five year ago, when I looked at what underperforming staff cost the industry, the figure was $90bn in lost productivity. Now it's $328bn."

IT pros = rampant substance abusers

Thayer remarked that alcohol abuse was rife in the industry, and as an organizer she was constantly being asked to set up bar facilities in events at all hours. Team member Martin McKeay, security Evangelist at Akamai Technologies, agreed, saying that alcohol and drug abuse was common in the industry.

"When you go to conferences you realize how much stress behavior we show," he said. "How many people get drunk and then get fired because of behavior at conventions – it happens with every ShmooCon and DevCon. That's an indicator that there's a problem."

Some companies are at least recognizing there is a problem. Josh Corman, director of security intelligence at Akamai and a team member, praised companies like SpiderLabs and Trustwave, which allow staff to take time out during the week on research that really interests them. Staff were happier, he said, and the work fed back into the company.

Management may also be the problem, not the IT worker. "As an experiment," Corman said, "explain to your children what it is you're trying to explain to your chief security officer. If they get it and he doesn't, then the problem isn't with you."

He also pointed out that security staff are at a premium at the moment, and there is zero unemployment in some sectors of the market. Staff shouldn't be unwilling to jump ship – indeed, spending too long at a company is seen by some employers as a sign that a staff member has reached their intellectual limits.

IT staff should also learn from other high-stress professions. Security consultant Gal Shpantzer pointed out that in careers such as piloting or military special operations, people never work alone, and always worked in pairs at minimum. The industry could learn from this, he said.

"Despite the media portraying elite troops as lone wolves, in fact they never go out in units of less than two. It's OK to ask for help, and it's usually a really bad idea to rely solely on yourself – you can't win this battle alone."

The presentation, given at the RSA conference in San Francisco, was a popular one. RSA's opening day is traditionally slow, with low attendance ahead of the main keynotes tomorrow. But Daniel's session was packed, leaving many unable to participate due to overcrowding – and indicating that he could well be onto something. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.