Some folks are pissed over my recent posts about efforts in the security community to fight job burnout and depression. I won’t change your minds, so I’ll just clarify a few things and move along.
People have made five observations:
- The data is far too insufficient to declare a problem specific to the security community.
- Without data, all we have is opinion.
- The greater InfoSec Burnout movement and I have made it sound like this is an infosec problem or a workplace-centric problem rather than what it truly is: a mental health problem that the individual already has and brings to whatever job they have.
- I’m trying to superimpose my issues onto the rest of the community.
- I’ve gotten too caught up in the noise coming from the SecBurnout people.
That last line makes it sound like I’ve joined a cult of misguided infosec egotists who can’t see past their upraised noses. What follows is my opinion on each of the points above. I speak as an individual, not as part of any organized movement — security or otherwise.
- Data isn’t everything. I write from personal experience. Part of that includes discussions I have with distressed peers. It doesn’t always take a study to see a problem.
- Well-formed opinions based on experience are useful.
- I’ve said it repeatedly: A mentally ill person can be sent over the edge by their work circumstances, but in the final analysis the problem starts with them. I used to be crazy and work stress was a trigger. But the problem was always my inability to deal with stress. I had to be the change. I had to get treatment and find the coping tools. I had to create a new me. So it is with everyone.
- The notion that I’m superimposing my issues on the larger community is laughable. I didn’t start out on a mission specific to this community. It’s still not a security-only thing. But there are people who came to this community with mental illnesses who could use a helping hand. If I can share what I’ve learned in my own recovery with industry peers, I will. Maybe it’ll help them cope better with the stresses of the industry. Or maybe it’ll just help them cope better with life in general. Either way, it’s a win.
- I don’t believe I’m caught up in “noise.” I know where I’ve been and who I’ve talked to. When asked, I’ll always share what I’ve learned and who I learned it from. I’ll also be the first to admit I’m imperfect and still a work in progress.
This has never been about suggesting there’s a problem special to infosec. I don’t see a pandemic within the community. I see friends and colleagues grappling with territory I’m familiar with.
It’s as simple as that.