Feeds

IT staffers on ragged edge of burnout and cynicism

Stress survey says companies failing staff

Top 5 reasons to deploy VMware with Tegile

RSA 2012 A survey of stress levels among IT security staff, thought to be the first of its kind, has shown that an alarming number of staffers are suffering dangerous levels of cynicism, leaving them depressed and unable to function properly.

The survey (securityburnout.org) was organized by Jack Daniel, founder of the Security B-Sides conference, joined by friends in the industry who are becoming increasingly concerned with the lack of support within the IT community for staff. So far, only 124 valid survey samples have been returned (which the team admit isn't good on a sampling level ), but the results are worrying.

Less than half of those surveyed felt that they weren't exhausted by their job, and 13 per cent reported levels of exhaustion and cynicism that are highly deleterious to someone's health. As an industry, IT – and particularly IT security – showed an average score for job cynicism that was at the extreme edge of what's healthy. Over a quarter of those surveyed felt that they were not achieving their job's goals.

"Other professions know that this is a problem and have strategies to deal with it, but there's no recognition of this in IT," Daniel told The Register. "In part it's because we're a very young profession that's constantly changing. But this needs a doctorate-level study, not something put together by six security professionals in their spare time."

He pointed out that security professionals are known for workaholic tendencies – joking that most people loved 40-hour weeks so much they worked two of them every seven days – but warned the risk of staff burnout is very real. The nature of the job was also an issue, in measuring the effectiveness of what you do – with IT security it only takes one mistake and the end result can be disastrous.

"There's a real business case for this," team member and cofounder of the SOURCE security forum Stacy Thayer said. "Five year ago, when I looked at what underperforming staff cost the industry, the figure was $90bn in lost productivity. Now it's $328bn."

IT pros = rampant substance abusers

Thayer remarked that alcohol abuse was rife in the industry, and as an organizer she was constantly being asked to set up bar facilities in events at all hours. Team member Martin McKeay, security Evangelist at Akamai Technologies, agreed, saying that alcohol and drug abuse was common in the industry.

"When you go to conferences you realize how much stress behavior we show," he said. "How many people get drunk and then get fired because of behavior at conventions – it happens with every ShmooCon and DevCon. That's an indicator that there's a problem."

Some companies are at least recognizing there is a problem. Josh Corman, director of security intelligence at Akamai and a team member, praised companies like SpiderLabs and Trustwave, which allow staff to take time out during the week on research that really interests them. Staff were happier, he said, and the work fed back into the company.

Management may also be the problem, not the IT worker. "As an experiment," Corman said, "explain to your children what it is you're trying to explain to your chief security officer. If they get it and he doesn't, then the problem isn't with you."

He also pointed out that security staff are at a premium at the moment, and there is zero unemployment in some sectors of the market. Staff shouldn't be unwilling to jump ship – indeed, spending too long at a company is seen by some employers as a sign that a staff member has reached their intellectual limits.

IT staff should also learn from other high-stress professions. Security consultant Gal Shpantzer pointed out that in careers such as piloting or military special operations, people never work alone, and always worked in pairs at minimum. The industry could learn from this, he said.

"Despite the media portraying elite troops as lone wolves, in fact they never go out in units of less than two. It's OK to ask for help, and it's usually a really bad idea to rely solely on yourself – you can't win this battle alone."

The presentation, given at the RSA conference in San Francisco, was a popular one. RSA's opening day is traditionally slow, with low attendance ahead of the main keynotes tomorrow. But Daniel's session was packed, leaving many unable to participate due to overcrowding – and indicating that he could well be onto something. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.