A few of years back, Time magazine published an article summarizing CareerCast’s research on the most/least stressful jobs.
At the top of the Most Stressful list: Enlisted Military Personnel. That makes PERFECT sense. High physical and travel demands, ridiculously low salary, and life-threatening situations that leave many physically and mentally scarred for the rest of their lives.
Respect.
What caught my eye, though, was the profession near the top of their list of least stressful jobs. Drumroll please…
Information Security Analyst
… what?
I did a little digging into CareerCast’s methodology, and in that context, it actually makes sense. Cybersecurity professionals don’t put their lives on the line day in and day out. We’re (usually) paid well, and there’s such a RIDICULOUS shortage of qualified cybersecurity professionals that the job market is, well, pretty damned spectacular.
There’s one important factor that I wish CareerCast had included in their methodology, though: Appreciation.
Had CareerCast found a way to measure that variable, I think the end results of their survey would have been a little different.
Let me offer a bit of perspective.
I went to school to be a music teacher. I’ve studied multiple instruments over the course of my life (piano, trumpet, guitar, bass guitar, and voice), and I love both teaching and making music. When a musician delivers a performance, that musician leaves something with the audience: a memory, an emotion, a connection.
Other artists produce more tangible artifacts. Our society has preserved sculptures, statues, and paintings for literally thousands of years. Filmmakers and recording artists have produced visual and audio creations that we repeatedly enjoy, whether in a movie theater surrounded by hundreds of other moviegoers (when we’re not socially isolating) or in our favorite solo spot with nothing but our headphones for company.
Artists produce artifacts.
But what about folks who work in other industries? What do they produce?
Quite a bit, actually.
If you work in manufacturing, that’s a gimme. Medical? You produce life-altering, often life-saving, medications and procedures. Utilities? The power that keeps the zombie apocalypse at bay is kind of important.
Even if you work in a back office or shared services role, it’s likely that you produce something.
HR? Career opportunities, professional development, a positive workplace, benefits… the list goes on and on. Finance? You produce budgets that pay for all the things. Payroll? You produce paychecks. ‘nuff said. IT? As unappreciated as you are, the fact remains that you produce systems and applications that end users rely on.
But what do cybersecurity professionals produce?
Nothing.
Wait, wait, wait… Calm down. Unclench your fists and bear with me for a sec.
When we’re on our game, it’s business as usual. Nothing bad happens.
On a good day, the cybercriminals don’t circumvent application vulnerabilities or system misconfigurations and steal the keys to the kingdom. Websites don’t go down due to DDoS attacks or hardware failures. Malicious employees don’t abuse their access to change data, and overly-trusting employees don’t click on malicious links in unsolicited emails, no matter how desperately they want that $100 Amazon gift card.
Nothing. Bad. Happens.
In other words, cybersecurity professionals comes in early, stay late, work through lunch, work crazy on-call hours, attend professional meetings, attend conferences, attend training classes, chase certifications, read blogs, and practice hacking virtual machines in their home labs (Yeah, we have home labs. Big whoop. Wanna fight about it?), all with one goal in mind:
To make sure that nothing bad happens.
And at the end of another day when nothing bad happened, when we don’t have anything tangible to show for our efforts, that desire for appreciation (both from others and from ourselves) is often left wanting.
That, folks, is the curse of the cybersecurity professional. The fortunate few get decent paychecks and recognition from the powers that be, but all of us… ALL OF US… put in the blood, sweat, and tears necessary to keep the lights on, to keep the websites up, to keep the personal data safe, regardless of whether or not that recognition ever materializes.
We put in the extra hours, driven by a passion to do the right the thing, and we both acknowledge and embrace the stress and burnout that comes with the gig. We support each other both online and in person (no easy task for a bunch of socially awkward introverts), and we keep at it day in and day out to ensure that… You guessed it:
Nothing. Bad. Happens.
Personally, I think a career in cybersecurity is time well-spent. It’s a stressful gig in an important industry, and I’m grateful to be a part of it. Even more importantly, I encourage folks who want to help out to learn more about working in cybersecurity and then apply for one of the thousands of open jobs that we’re trying to fill.
And to all my fellow cybersecurity pros out there, know this: I appreciate what you do. So do the folks who depend on you, even if they can’t always find the words to express that appreciation.
That said, I hope you can find some small comfort in reciting the successful cybersecurity pro’s mantra.
“Do you remember that awful, horrible, expensive incident that NEVER happened? You’re welcome.”
— — —