A survey of stress levels among IT security staff, thought to be the first of its kind, has shown that an alarming number of staffers are suffering dangerous levels of cynicism, leaving them depressed and unable to function properly. The survey (securityburnout.org) was organized by Jack Daniel, founder of the Security B-Sides …
oh, and substance use != substance abuse
And it's not just IT security staff, but IT and software engineering staff in general.
When users know the rules but complain about hardware that IT does not support anyway.
So staff calls helpdesk CRY CRY CRY this does not work CRY CRY CRY....
WELL MAM IT DOES NOT SUPPORT THAT PATICULAR HARDWARE.
STAFFER.... WELL I WANT SUPPORT FOR IT ANYWAY!
staffer calls head IT SUPPORT MANAGEMENT and cries and tries to get helpdesk to support it.
staffers are complete idiots.
IT security staff?
I can tell you that operations staff may well be at the same level, what with 24/7 operations that have to run on a shoestring budget powered by hairy rats running in threadmills in the server room. You then get "agility" pushed in your face which basically means that an upgrade will be forthcoming at date X and operations has to somehow choose what to leave out to nevertheless reach an acceptable acceptance level [which basically means the application stack will crash after 2.5 hours instead of immediately, great perspective], you write up an assessment of the problems to be solved [most of them of an as-yet-unknown or even unidentified nature], nobody reads it or reacts on it, marketing makes fun of you because you seem to pressure your coworkers for no good reason, at date X-2 you get told that you should have "informed" people beforehand that there actually were problems (you don't say?) and that your assessment is anyway worthless because there is no precise planning in it, just about thirty blocking points of which two have recently switched to "green". Come again? THIS IS CLOWN INDUSTRY.
Re: IT security staff?
Yep. The whole article can be summed up with this paragraph from it:
Management may also be the problem, not the IT worker. "As an experiment," Corman said, "explain to your children what it is you're trying to explain to your chief security officer. If they get it and he doesn't, then the problem isn't with you."
In my position, I work in tandem with an actual knowledgable CIO, and surprise surprise, we accomplish our goals and get the job done.
Any IT staff?
Made similar experiences. There are wrong perceptions in the industry that we get first class quality IT service by deploying ISO9001, project management for everything the techie is laying his hands on and ITIL . More often than not, ISO9001 turns out that we have now meticulously documented that we are doing $h1te, techies have the pleasure to write the project plans for the project managers and ISO20000/ITIL is an exercise in spending hours filling in BMC Remedy forms. And only after that the IT guy is allowed to do actual productive work, like training up the people from the outsourcing company who will take his job.
It is just that ISO9001 and in large parts ITIL was never meant to be a writing-essays-exercise, the idea was to create a knowledge database, a configuration management system, develop in-house technological excellence.
ITIL advocates very much a long term view of service strategy, design, transition, operation and - most importantly - continuous service improvement - and not pleasing the short term quarterly profit report to some stock exchange.
The PRINCE2 project management methodology lives by the rule "management by exception", which means skunk works, don't let anything interfere with the creativity of the IT guy.
History proves that companies that have taken a long term view and developed and kept their knowledge in-house succeeded most in long term: e.g. Toyota, and Google. This may also be the reason why we see somewhat an insourcing drive in recent years.
Re: Any IT staff?
Sounds like you've been f*cked over by some monkey consultants that only seem to understand processes when they are on forms...
Re: Re: IT security staff?
"As an experiment," Corman said, "explain to your children what it is you're trying to explain to your chief security officer. If they get it and he doesn't, then the problem isn't with you."
Just done that with my wife (not saying she has the intelligence of my children. She is intelligent, just not an expert or even working in the field).
When she says 'that makes no sense', I know it is not my inability to make my blithering idiot of a security officer see beyond the statement 'its the rule' to see why the rule exists and when 'the rule' might not cope for specific circumstances or new information.
Re: Any IT staff?
Same goes for companies that want to follow 5S....
5S was invented by a person who has severe OCD.
Only OCD types would love 5S as it fits their demented view of reality.
Re: Re: IT security staff?
Pretty much every place I worked where I was under a ton of stress management was the sole issue. Trying to explain ANYTHING to them was like talking to a damn brick wall.
I've only had one good manager in the years I worked in IT, which I had to quit do to almost losing my damn mind dealing with numpty headed management. If he didn't understand an issue in 20 words or less he would give us the benefit of the doubt to do what we needed to get the job done. All he cared about was our ticket turnaround speed, and when there were no real issues he could care less what we did which usually was doing whacky things like experimenting with micro controllers, seeing what we could recycle broken parts into, or pulling pranks on each other.
His boss didn't like the lack of detailed paperwork we weren't submitting, and how we were sometimes goofing off so the head boss got rid of the best boss I've ever had, and replaced him with a person that's understanding of computers was limited to being able to turn them on, and they made working there a living hell (seriously 2 years I worked there we had 3 people quit total till new boss, after new boss we had a 95% turnover rate every 3-4 months)...
Re: Re: Re: IT security staff?
> I've only had one good manager in the years I worked in IT
I though I had the worlds best manager at one point.
He sat in his corner of the office, apparently doing nothing. But the entire team knew *exactly* what was going on all the time. Light touch management at its very best...
Then he got his own office, and it dawned on us that the reason we'd known what was going on was that we could hear all his phone calls. It turns out he was just sat in the corner doing nothing all along...
Finally someone seeing it formally at last. 3-4 years ago I upped sticks walked out of the company I was in employ with due to useless managers that tried to pin something on me. I had already started an ecommerce venture for my wife which now is sustaining us both. I've been offered work (even from the same people I walked out on) but now just tell them to eff-off.. I'm sure I could do better but I like our little shop and there's no one on our backs - just chasing suppliers heh..
Several people were in same boat - walked out and refused to have anything to do with them any more...
Work in a company me? no thanks ...
IT Security is very important!
We just don't want to spend any money on it or change the way we do things.
Which is just another way of saying
We'll only do what you recommend if it's free and doesn't require is to change how we do anything.
...oh, and if anything bad happens we're going to blame you.
No pressure or anything.
Re: IT Security is very important!
Would that the the same people in my company who roll out Adobe 6 with each new PC build and will not allow upgrades as it is 'against the Security regulations'?
I am assuming they have never heard of 'security patches' and 'free' but what do I know?
stress, cynicism ?
Thought they were mandatory attributes for IT staffers.
How else can one cope with PHBs who implement the opposite of what they say routinely ?
In this shop, enthusiasm is seen as inexperience, much as we wish it were otherwise.
Re: stress, cynicism ?
Not so much mandatory attributes as a healthy survival mechanism. Show me anyone who has worked in IT for more than a year without learning the ability to externalise their frustration.
As for coping with PHB's? I shall continue with the military metaphor adopted by the article's author. I upgraded from frontline trooper to special forces. Now instead of being in the trenches with my superior officer, I'm about 400km away behind "enemy lines".
Re: stress, cynicism ?
Does it still count as cynicism if most of the users really are ignoring almost everything you say and misunderstanding the rest?
Re: Re: stress, cynicism ?
No, that's not cynicism, it just feeds your cynicism.
I sometimes wonder if I'm speaking a foreign language or if I have developed expressive aphasia when I ask a user to do something in simple plain English and they stare blankly at you or just carry on as if you weren't there.
Re: Re: Re: stress, cynicism ?
We, the underpaid and the unappreciated, working for the ungrateful, have been doing so much with so little for so long that we are now qualified to do anything with nothing.
Re: Re: Re: Re: stress, cynicism ?
that is almost word for word what my boss said at me leaving presentation.
I think the glut of unemployed tech staff after the tech bubble burst caused companies to think of IT workers as easily replaceable -- if one quits you just hire another one straight out of college, and if that's too hard, you bring in someone on an H1B.
Re: Replaceable cogs
The sad truth is that people are (and have to be) replaceable to a degree. The pain is greater with people at the higher end of the scale, but in general, they don't see that pain represented anywhere specific. And they make the HUGE mistake to bring in contract labor to fill voids or complete projects.
So, if you can't beat em? Join em. That's why independent contracting will pay for my retirement at some point not too far down the road. May not be so straight forward on the other side of the pond, but us Yanks don't have too many hoops to hop through and all the extraneous, political bullshit stops being important.
Re: Re: Replaceable cogs
Independent consulting pretty much has to be your exit strategy in this industry. Otherwise you basically have until age 45 to find a long-term stable job; after that no one wants to hire you.
I watched this farce
Company says oooo, let's do a survey of workloads and right-size down to just the number of people required to accomplish the tasks for what we've got now. Done, and... (About 99% of y'all know what coming next).
CEO cheerfully announces the synergies and what-all from the forthcoming merger (takeover) with *two* other companies. And no, neither of them had the staff to do their own workloads.
Pairing up people? Hah! Just let us have +1 or +2 people so we can rotate through the mental facilities!
Really, well what a surprise.
Overworked, stressed out and facing impossible demands from senior managers whose knowledge of IT is often confined to the angry birds icon on their iPad. Many drink too much and some do drugs, well who'd 'ave thought it? See icon.
so hands up who has been sick, physically with stress just before a job... Yep, done that. Lone wolfs? Lone hamsters more like running in our wheels as fast as we can go, no support to us, manager just want updates and to know when its fixed. Every job I do on my own. It doesnt matter if I drive 5hrs to site, im not important enough to get a helpdesk type engineer to 'no shut' the other end remotely. thanks. Reports are demanded, no time to do them, its all overtime after 12 hr days. But health and safety thats so important to the company.........
Re: networkers too.....
this is spooky - we must have worked at the company I walked out on !!...
The typical no overtime attitude pissed me off - after the first year of having the piss taken (regular 10 hour days every day) resorted to liberal over ordering on company expenses...
Re: networkers too.....
I used to stress out about work, right up until the point where I realised that the way I feel is my responsability and depends on my choices. So now when I get a demand from the business that I know is unreasonable, I reply "sure I can do that, I'll put it in my queue 3 months from now" or "sure, I can do that, but I'll need to drop some other project I'm doing for XXX, so you go discuss with him and work out the priorities, and then get back to me". I never say outright "no", I just make sure they know what the cost of what they are asking is, in terms of time and/or the deals they have to cut with other colleagues as to who has access to my time as a resource.
End result, the business users who are too demanding end up arguing with other business users about whose project is more important and I'm left alone to do my stuff. Most days I'm in the office 9-6, taking an hour off for lunch, I almost never look at my emails away from work or answer work calls outside of working hours. Stress levels are almost non-existant for me now.
And if I need any 'external' stress-relief, I count the occasional drink and joint as USE not abuse
Re: Re: networkers too.....
"I used to stress out about work, right up until the point where I realised that the way I feel is my responsability and depends on my choices."
That's the way to do it. Google 'locus of control' and 'agency' in the psychological lingo.
Beer: in moderation
It's not just IT. Mid-level technical professionals everywhere are getting screwed.
... try architecture.
Like IT its only the guys at the very top who wear fancy glass & black skivvies; the rest of us are the untermenschen. Overtime? What's that? You give up your family / hobbies / life for the JOY OF CREATING ART (yah, right) while your black-skivvy wearing boss gets the credit, the magazine interviews, the cars and the bottles of scotch at Xmas.
Oh, and you attended uni for 6 years, took another 2-3 for registration; you aren't much good for anything else by then.
Hobo; because we are going to be there soon, I fear.
Research conducted by Jack Daniel?
We should all strike
It is unbelievable how thankless is the IT profession nowadays. We ran all the shit they have. We can render useless every single company in this planet by simply not moving as fast as we usually do, and yet, many employers don't appreciate the hard work we put on their companies. Let's pull the plug, crush enemies and hear the lamentation of the women!
A huge strike all around the world. 24 hours without IT professionals in any areas, in any countries and the world will crumble like a castle of cards. We can ask for a 3000% raise next day and 6 months vacation and they will say: "Thank you for showing mercy IT DUDE!"
And someone please bring the Jack Daniels.
Re: We should all strike
The Wally method, if you can't take a vacation because the PHB has you overbooked, take an in-office vacation. There's all sorts of make-busy and twiddle-fidget that needs to be caught up on anyway, and it can be explained that if the lighter tasks don't get done, the system will go down in flames eventually.
Just remember, the best way to destroy a PHB is to give them what they want, not what they need. Makes them look proactive and allows you to do a bit of Jeeze who'da thunk it while thinking over the previous decades when you were young and altruistic and had to fight tooth and nail to get things done right. Give in and let it rot, then explain afterwards how it should have been done, but now will cost more because of the heap of fail that's built up.
No you can't run that remote office VPN link to provision 5 voip phones, 5 computers and a printer using two Netgear routers you picked up at Office Depot and a DSL connection sqeezed out of Qwest's behind on the spur of the moment. It's sure been an interesting six months trying to keep it going hasn't it? But that's what thinking outside the box gets you. Now lets start thinking inside the box and build the connection using equipment and data services that real companies discovered and have been successfully using for a decade or more.
We used to call that:
Zombie PTO (Paid Time Off).
When you're out of days off, because you get 5 days a year that can be used for sick or vacation, and so you just sit there at your desk, zombified until you feel better.
I work at a better place now. I get 15 days off for either. With time off for good behavior, I should be done with my sentence in about 8 years. Thank goodness el Reg passes for IT news, so I can code this time to education. Bless your hearts and all your other vital organs, Reg staff.
Regardless of the actual situation, I think there might very well be a huge bias in the way the research was performed.
Small sample size: touched on in the article.
Lack of comparison with other industries or comparison with earlier surveys - i.e. in order to analyse trends (ok, it's the first run, so I understand why that happens): is the % quoted typical or not?
There's a slight ego boost in saying: "Yes, I'm overworked, my boss doesn't appreciate me, I have to solve everything myself, yadda, yadda, yadda"... so could there be a tiny chance that the results may... let us say... slightly exaggerated?
Note: there might very well be such problems in IT (Security), and I haven't bothered to check the actual slides presented in the link (yes, flame me) but the article doesn't convince me the survey says anything.
Re: Flawed method?
The method probably is flawed, but the results aren't. As others have said, these observations tend to apply to all people who spend their lives making sure that companies can maintain their operations (not just security). We put ourselves under great stress because we have to or because, being the pros that we are, we know it must be done and if no bugger else wants to sort it, we will.
It's like being a goalkeeper when you have a piss-poor defence in front of you. You spend 99% of the game under constant stress, get all the blame when you finally fail to stop one, and get to see the ponce of a striker get all the glory if he happens to tap one in at the other end.
Cynical? Moi? Damned right.
Re: Flawed method?
Indeed flawed. 124? Not enough. Let's not forget that unhappy people tend to let the world know more about it than happy people if the world asks "who's happy and who's not" (because they're biased towards it).
See paragraph "Whether data are collected through face-to-face interviews, telephone interviews, or mail-in surveys, a high response rate is extremely important when results will be generalized to a larger population. The lower the response rate, the greater the sample bias. Fowler (1984), for example, warned that data from mail-in surveys with return rates of "20 or 30 percent, which are not uncommon for mail surveys that are not followed up effectively, usually look nothing at all like the sampled populations" (Fowler, 1984, p. 49). This is because "people who have a particular interest in the subject matter or the research itself are more likely to return mail questionnaires than those who are less interested" (p. 49). " (from http://psychology.ucdavis.edu/rainbow/html/fact_sample.html ).
Please hit me again
IT is a bit rubbish to work in for all the reasons in the article and posted here.
I stopped working full time for a company after just 11 months of being treated like i was worthless.
I was a trainee at the time, but giving training to new staff. I gave the company 4 weeks to change my job (and associated salary) or stop me giving training. Two weeks in i asked how it was going sorting out the 'head-count' and their response was more fluffing and err-ing, showing they clearly hadn't done anything and weren't planning on it.... so notice given.
12 years on and a career of contracting, all the staff i worked with back then have gradually been out sourced or dropped entirely.
No-one will look after you out there so look after yourself, know your worth and let the muppet employers find out just how bad and expensive that contract is with those oh so cheap off-shore resources.
And don't get me started on those people who want [a clone of a very complex / successful mobile app] for 200 bucks. Go pay your 200 bucks and see what it buys you.
Almost all sectors of the IT industry suffer from the overwork and underpay scenario. The question is how to fix it A better research paper would have just highlighted the bleedin' obvious then concentrated on how to fix it.
Again it's not just IT Security folks.
They need to widen the field a bit more. I'm currently ex-IT (systems administrator), total burn out. It's because of work stress I was forced to seek psychiatric care, but unfortunately only after I walked out 5 years ago.
The problem is I really do like working on computer systems, I find it very enjoyable, challenging, and rewarding. It's all the other crap that goes with it, PHB's, unrealistic time tables, on call 24x7 (yea they say it's only X days, but it's really 24x7), and all the other shit that goes with it.
I still remember chatting with an ER doctor one night (don't ask how or why), we were comparing work hour, work load, stress, etc. Seriously, we both concluded he had better working conditions than I did.
Re: Again it's not just IT Security folks.
Yup. I ended up at the shrink's office too. I'm still taking a maintenance dose of meds 3 years down the line. Oh, and I still have a twat of a PHB watching over me.
It would be interesting to see a similar survey on software developers. This certainly describes me. Every year we seem to get the speech that goes along the lines of : "Whatever was good enough last year isn't going to be good enough this year."
Salaries aren't keeping up with inflation. Bosses are under more pressure to do more with less so they get more antagonistic with staff and every mistake is dragged out and flogged to death while the directors take home bigger and bigger bonuses.
Re: us stressed?
Ditto at my place of work. I used to enjoy being a dev, now I spend most of my time looking for a way out that won't leave me living in a tent.
Re: us stressed?
...and I like the bonus game. You know the one -- where, as a member of the company stock option plan, you see the reports and know things are doing great (as in: BEST YEAR EVER), and then your PHB comes to you and tells you how it was a "bad year" last year, and so no bonus for _you_. Then he proceeds to drive off in a new Lexus SUV he paid for with cash during what used to be bonus week.
My revenge is subtle and it is sweet. Every day, arrive at work ten minutes after PHB, with an oil can. Every day, there is a spreading slick of oil/brake fluid/transmission fluid/coolant under said new Lexus. What? Moi? I know nothing of this. Possibly you need to take it to the shop again.
What do you expect
You're dealing with a situation where someone who understands the implications of unauthorised access to a sensitive works computer system, the wrong file permissions/policies, and everything else, has to deal with a load of clock-watching office bods who just want to talk about The X-Factor, can't see how anyone could guess their easy-to-remember passowrd of 'password', openly shout out it to colleagues across the office so that the other person can copy a file because it's easier than themselves doing several clicks, bring viruses in to work on their laptops and phones... and then when the IT staffer is trying to deal with the effects of all these people, some middle aged manager who proudly boasts he knows his way around a DOS system like the back of his hand yet can't even work Sky+ comes in to say that they'd like the company to switch to Spybot and C-Cleaner because their 12 year old son read on Digital Spy that they're free and much better than 'that weird AV shit I never heard of before' we currently pay a fortune for.
And while you're at it, Claire in Human Resources would like to know why our Intranet isn't working on her iPad, which she uses from the same desk where her company desktop lays, running IE6. Oh, and can you order another box of CD-Rs because the head of accounts has to regularly take files home to work on his home PC (especially since we had to block his VPN access after "you smell" and "One Direction suck!" kept being emailed to everyone in his contacts list for some strange reason), so obviously goes through CDs very quickly.
It's literally enough to turn a highly strung person mad. Which is what most computer-savvy people are.
Imagine a doctor caught inbetween patients who want to smear their own wounds with dog shit dipped in fungus, and managers who want to replace X-Ray machines with digital cameras because the photos from their family Christmas dinner were truly stunning.
Actually don't imagine it... live it on the NHS!
Re: What do you expect
But make sure you stay anonymous. The people who are in a position to object to your thoughts cannot tell the difference between journalism, forum comments and the joke page on the back of an IT weekly newspaper.