CISO Sentinel

An anonymous CISO shares a raw look at the burnout and pressure of the top job in security. A must-read for every leadership team.

I have the best job in the world. I get to play with the latest technology, I have a brilliant team, and I'm well-compensated. I also have a letter of resignation in my drafts folder, and I've been staring at it for the past six months.

I'm a CISO at a publicly traded tech company. I'm not going to tell you which one, because I want to keep my job, at least for now. But I need to say this, because I know I'm not the only one.

I'm burned out. Not tired, not stressed, but a deep, soul-crushing burnout that makes it hard to get out of bed in the morning.

It's not the long hours or the constant fire drills. I knew what I was signing up for. It's the impossible expectations. It's the feeling that I'm responsible for protecting the company from every conceivable threat, but I'm not given the resources or the authority to actually do it.

It's the board meeting where I'm given 15 minutes to explain the global threat landscape, and then I'm asked why we can't just "buy the AI thing" to solve all our problems. It's the product team that rolls out a new feature with a dozen critical vulnerabilities, and then complains that security is a bottleneck when we ask them to fix it.

It's the sales team that promises customers we're "100% secure" and then I have to explain to a furious client why their data was exposed in a breach.

It's the constant, grinding pressure of knowing that a single mistake, a single missed patch, a single successful phishing attack could cost the company millions of dollars, destroy our reputation, and put me on the front page of the Wall Street Journal.

And it's the loneliness. The CISO is a unique role. You're not quite in the IT camp, you're not quite in the business camp. You're a translator, a negotiator, a diplomat, and a firefighter. And you're often the only one in the room who truly understands the risk.

I don't have a solution. I wish I did. I've tried everything: meditation, exercise, therapy, a two-week vacation where I didn't check my email (a personal record). But the burnout is still there, a low-grade fever that never goes away.

So I'm writing this, anonymously, in the hope that it will start a conversation. To my fellow CISOs: you are not alone. To the CEOs and board members: your CISO is not a magician. They are a human being, and they are probably at their breaking point. If you want to keep them, you need to listen to them, you need to support them, and you need to give them the resources they need to do their job.

As for me, I don't know what I'm going to do. Maybe I'll hit "send" on that resignation letter. Maybe I'll go work for a vendor. Maybe I'll open a bookstore in Vermont. But I know I can't keep doing this. Not like this.

CISOInternals

Source Available: I'm a CISO and I'm Thinking of Quitting

Related Coverage

Dear Counsel: Can We Use That Open Source Code?

The Coming Wave of Non-Human Identity Risk

Red Line Items: Are You Wasting Your Cloud Security Budget?

The Paper Cut: We Stress-Tested Gartner's Latest AI Security Report