I saw a recent LinkedIn post describing the fairly common issue of burn out in the cyber security world. One of the commenters on the story outlined the psychological challenge known as Bateson’s Double-Bind. If you are unfamiliar (as I was) with this description, do take a look at the Wikipedia link here. I’d previously chakled this problem up as Cognitive Dissonance which you can look at here, but a different viewpoint is always worth knowing about. 

For those who’ve worked in the cyber world particularly in architecture or GRC you’ll be familiar with the challenge of trying to secure some aspect of a business where what you are attempting to achieve is directly at odds with the goals of that business. When abstracted to absurdity, most businesses are about taking risk to make money. Some take more risk than others, but that’s ultimately what its about. 

The constant challenge of this ‘working at odds with your customer’ is the hard part and so very wearing. There has been lots written and indeed done to show how cyber security can be a business enabler, but more often than not, hard decisions have to be made where the business goals are at odds with those of the security team.

Here a useful phrase from Upton Sinclar (a US journalist from the 1930s) is useful. “You cannot make a man understand something, when his continued employment depends on his not understanding it” It pretty much sums up the life of any security person, in their dealing with other technology or business folk. 

After years of that, its no wonder people burn out.