Ken "K. C." Yerrid stands at over six feet tall, is covered with tattoos and laden with muscle.
But he almost broke under the pressure of his job in information security.
“I was angry, I was depressed,” he said. “I wanted to help develop mechanisms to help others in the industry to get out of this cycle."
His tough exterior, and those of other information security professionals like him, appear to belie their mental stress, leading to break downs.
Luminaries within the industry have witnessed some of the toughest security professionals break down and quit the industry and, in extreme cases, attempt suicide.
Often self-driven to work massive hours, security professionals risk their personal lives and mental health to emulate the industry's most successful players.
“When you do a bad job everyone piles on," Yerrid told attendees at RSA Conference 2012.
"You know you may have done a good job but that doesn't manifest over time.”
The conference room was packed to hear thoughts and experiences from a group of security professionals at the San Francisco conference including Yerrid, Tenable Security's Jack Daniel, Veracode's Stacy Thayer, Akamai's Martin McKeay and Joshua Corman as well as consultant Gal Shpantzer.
They recounted multiple accounts of people burning out in the industry, considering suicide as a result of work pressure.
“Unlike other areas there are no studies, no metrics for this in security,” Daniel said.
“There's no support.”
Findings in a recent small survey of 124 professionals, run by the group and certified to psychology industry standards, produced worrying results.
A total 16 respondents rated as having a high burn-out risk based on indicators of exhaustion, cynicism and personal efficacy.
Some 33 responded that they had low job satisfaction, while 47 were a high risk of burn-out for cynicism. The most at-risk age group was between 46 and 55 years old.
Daniel warned the survey's respondent count was “too insignificant to draw conclusions but useful for drawing observations”.
But it provided an average cynicism rate was 13 for the security industry, above the average acceptable rate of nine for other sectors, and exceeding the high-risk threshold of 12.
Daniel said some cynicism was important to the industry when a delegate quipped that without it, “you'd buy the latest APT-blocking firewall".
Cynicism “was our core competency," he said.
The panel asked that security industry pros stop “trolling” or criticising one another and cited cases where the same offenders had contributed to crises affecting “really good” professionals.
They recounted recurring instances where colleagues had been fired after heavy drinking sessions at conferences such as Black Hat.
Thayer, an organiser of the SOURCE security conference and psychology student, said she had declined requests to have a bar available all day during the event.
“Security is too wide to master, too deep to know, and too fast to photograph,” Shpantzer said, quoting a paper by security analyst Dan Geer.
Shpantzer has researched the application of stress management in high-stress professions to information security in a project dubbed 'Security Outliers'.
“It is usually a bad idea to take on everything yourself,” he told SC Magazine, noting the importance of team and support networks.
“It might seem kumbaya but the SEALS do it, the Special Forces do it, the Marines do it and pilots do it.”
Quoting findings from stress management used by US Navy SEALS, he said areas to help mitigate burn-out were arousal control, mental rehearsal, self-talk and micro-goal setting.
“These professions know the risk of burning out, that's why there are two pilots, two divers,” he said.
Thayer said the cost of unproductive staff to the industry was $US90 billion in 2006, and now tipped $US328 billion.
Security professionals were invited to participate in the survey which closes next month.
For help or information visit beyond blue.org.au, call Suicide Helpline on 1300 651 251 or Lifeline on 131 114.
Copyright © SC Magazine, Australia
Issue: 325 | March 2014
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.