Justin Grudzien says that he sees burnout among his peers in the industry and a lot of it has to do with the pressure that security leaders place on themselves and receive from their organization. “As security people, we want to protect everything and, in general, there is no other industry that has a zero-loss expectancy. I don’t know any executive in the world that would be comfortable having the conversation of, ‘yes, we would expect to lose this amount of data or records this year,’” Grudzien says. “So, it’s a huge amount of pressure and we internalize that.”
But, he says, it comes down to emotional intelligence and the realization that in the information security profession and its continually evolving threat landscape, you cannot and will never be able to be perfect. “If that’s your mindset, you will fail. Instead, you should ask yourself, do I have the right controls in place to subvert medium and high-level sophisticated attacks? After that, this is where incident response becomes the number one thing. How do you respond to incidents?” he says. Of course, that’s easier said than done, Grudzien admits, but still a worthy goal for all security executives.