• Phil Venables

The Stress and Joy of Security Jobs - Updated

There’s a lot going on in the world from conflict, crime, economic and many other pressures. Many of these matters have security professionals in all their variety working harder than ever. So, I thought it’s a good time to revisit why we do this.


Security is a tough job. A very tough job. To do the job well requires broad and deep technical / risk skills, leadership augmented by a wide range of emotional intelligence and a whole lot of personal resilience.

Despite efforts to be “never silently awesome” the role can be most visible when things go wrong. As if one challenge weren't enough, wrong can be both sides of the line: too much of the wrong security impacts customer experience and business agility or too little and you see incidents of varying impact. But, be honest, it’s not a uniquely stressful or difficult job, there are myriad of similarly tough or much tougher jobs from military, health care, emergency workers to sales people with a tough target or software developers with a exacting deadline [not an exhaustive list].


But hold on, it’s also one of the most fantastic jobs, perhaps call it a profession or a vocation, that has ever existed. Here’s why:


  1. You get to be involved in pretty much every part of everything your organization does - with natural focus on the customer.

  2. You get to take both broad / deep technology and business perspectives and rapidly learn the interplay between them, up and down the organization.

  3. You learn how to spot the failure modes of anything. Although, this can be very annoying to friends and family.

  4. You have extraordinary personal resilience - and (this sounds crazy) an innate long-term optimism that things will keep getting better, perhaps because of our implicit short-term pessimism.

  5. You are unusually good with incremental approaches, recognizing complexity and taking a systems-wide view of solutions.

  6. You need a multiplicity of skills not always found in other roles, which are individually portable and collectively indispensable.

  7. You get earlier career exposure to disproportionately senior people, inside and outside, and you become intimately entwined with the core processes and assets of your organization and its mission. This creates incredible learning opportunities.

  8. You have fascinating and quickly evolving adversaries and you are forced - as a result - to be constantly learning and developing.

  9. You have a higher purpose. You are defending the flow of capital and ideas that are essential to human progress - adding value to society - protecting people’s information and livelihoods, and in some cases actual lives.

  10. You are part of an amazing community (not always perfect though!) Until you’ve stepped out of security into another risk, IT or business role you don’t realize how unique the camaraderie among security people is. I remember in various industry or geographic disasters over the years that when different companies' IT staff needed to work with each other it was often the security people (who were already connected with each other) that facilitated that connectivity.

  11. You have available to you a growing support system in your organization, and beyond, along with many "tools" available (see here) to help you manage your stress.


Bottom line: security is an incredible job in fantastic times. Pause, look back at the progress made, enjoy the privilege of working on hard things. Then remember that, as the saying goes, “we are careering into the future at the speed light, relax and enjoy the ride.”

3,056 views0 comments

Recent Posts

See All

Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and pernicious dependencies are at the heart of most security risks. Th

In this, fourth and final post in the series of Crucial Questions I’m going to focus on those from governments and regulators. This builds on the topics covered before: Crucial Questions from CISOs an

In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on many related topics covered in the two prior posts on crucial qu