Director's Cut (Q4 2019 Issue)

You have no idea how good it feels to put my pen to paper (OK, fine, fingertips to keyboard keys) again to bring you the inaugural ‘Director’s Cut’ column. 

When I returned to work after having my second baby back in the summer, it was with mixed emotions that I took on a new role. Becoming editorial director across our Publishing and Digital portfolio brings with it new challenges, new excitement and new perks (one of my magazines is a wine and spirits publication for the on-trade – the perks are delicious!). The promotion was, however, bitter sweet. 

I joined the Infosecurity team in 2006 as assistant editor and throughout the years, completely accidentally – and perhaps in the early days, begrudgingly – became completely entrenched in the information security industry.

In 2008, I was promoted to editor (a big shout out to my publisher at the time, Greg Valero, for taking a chance on my very inexperienced but very enthusiastic early-twenty-something self). I spent a decade turning that bi-monthly print publication into an incredibly successful, market-leading, digital (and print) publication that our industry tells us it couldn’t do without. 

Handing over the editor baton was not easy, but it was made a lot easier knowing that I still have a very prominent role in both Infosecurity Magazine and the information security industry. I’ve also convinced Michael to give me a page in each magazine to share my reflections on the industry. 

My absolute favorite thing about the information security industry is the people. Each time I’ve conducted a profile interview I’m impressed and my heart is warmed by these brilliant professionals. This issue’s interview with Tom Kellerman was no exception. He’s another example of someone utterly committed to his role and making our world a safer place. 

This industry is bursting with people that really, truly care about making a difference. Not all industries can say the same. Perhaps this is one of the reasons why our cover story comes as no surprise. 

I’m really pleased Michael chose to shine a spotlight on this serious and worthy topic and that, deservedly, it ended up on the cover. Stress and burnout in this industry is prevalent. 

Information security is an industry measured on failure. CISOs and security professionals are judged on what they get wrong, not on what they get right. Living with that and being subject to that responsibility and judgement is bound to have an impact on our industry’s professionals. 

Kathryn Pick does a brilliant job of exploring the growing impact of stress and burnout on security leaders on page 12. She reports that 82% of security leaders feel ‘burned out,’ with nearly two-thirds considering leaving their job and/or quitting the industry all together. 

There needs to be accountability. There is a responsibility for employers to take better care of their employees, and for the industry to find a way to safeguard our professionals from this extreme level of burnout. 

Back in February 2019, UK security consultant (and ex-CISO) Thom Langford wrote an extremely brave blog about his own struggle with mental health, alcoholism and telling the story of how he ended up on the rooftop of a building in the middle of the night, “incoherent with emotion, raging at the universe and willing myself to jump off.” His story chilled me to the bone. I know Thom and to imagine him that desperate and that vulnerable is heart breaking. 

By sharing his story though, Thom has opened a conversation that desperately needed to be explored. He called for mental health topics to be included in information security team meetings, management reports and metrics, as well as face-to-face meetings. He puts it right up there with gender and racial diversity as a topic that cannot be ignored, and I completely agree.  

The metrics for which we measure success as an industry need to change. CISOs, like most C-level roles, have – and will always have – accountability. That’s inescapable. However, reducing pressure, minimizing blame and changing the way we quantify success can and should happen. 

Infosecurity Magazine is completely dedicated to serving our industry’s professionals and giving you, our readers, the tools and knowledge you need to do your job. We don’t just write about our industry, we write for our industry. As such, my team and I will be launching a burnout series for 2020. If you’d like to help shape what that looks like, I’d love to hear from you, so please do get in touch:

Enjoy the issue and here’s to making 2020 safer, better and less bloody stressful.

What’s Hot on Infosecurity Magazine?