The tech industry has been experiencing waves of layoffs in the past two years, while countless leaders continue to push initiatives onto understaffed teams to create and improve software. Every quarter, the need for more secure software or infrastructure becomes a requirement that was supposed to be completed yesterday. Regular people who work a 9-5 job and depend on it as their primary source of income have lost their sense of identity due to two things: the fear of losing their job or the fear that the same position will consume them.

On average, cybersecurity positions have typically been untouched by layoffs, but that doesn’t mean they’re immune. I have observed that companies that start downsizing engineering/IT/Security teams may be beyond saving.

That being said, I’ll save that topic for another post. I want to talk about the ones who have to continue as if those layoffs didn’t happen. Cybersecurity organizations are inherently understaffed because, let’s face it, companies don’t really think about security unless they encounter one of these scenarios:

1. It’s a security software company.
2. There’s a massive breach.

Cybersecurity professionals experience burnout in the corporate tech space at even higher rates due to unsustainable stress and pressure. You’ll come across articles online that discuss how security leadership is facing a mass exodus of their own teams leaving the field altogether and how that’s the company’s most significant vulnerability, yadda yadda. But what can we do about this threat?

The real question I would ask is, why did they let it get this bad for this long?

Corporate burnout affects security professionals especially hard, and in the last three years, large enterprises haven’t addressed employee burnout in any substantial way. Security teams face an increasing number of threats, the multitude of roles they have to cover due to being short-staffed, and the inefficient workflows that silo IT and Security teams.

If you’re not sure what silos mean, it’s the tendency to work in a team (whether it’s IT or Security) that is so hyper-focused on their particular set of initiatives and projects that communication or collaboration with cross-functional teams is nearly nonexistent. It is prevalent in companies of any size.

This is a message to our fearless leaders in Security: I’m just a lowly engineer, but I hope this message gets across to those who want to listen. Talk to your security folks. Ask them what they need in order to feel empowered in their jobs. Remind them to take breaks and time off to spend with their friends and family. Create opportunities for them to excel in projects that they are experts in. Finally, hire more people. Your security needs aren’t going to change or even lessen in the upcoming years.