68% say the job has become harder — the data behind the claim
The Life and Times of Cybersecurity Professionals, Volume VIII, a survey conducted by ISSA and analyst Omdia of 380 practitioners, found that 68% of respondents reported their job has become more difficult over the past two years. The study frames that rise in difficulty alongside a broader set of workplace frictions: more than 70% of respondents said they face challenges tied to being locked out of key technology decisions.
Locked out of technology decisions — who’s making choices and what that costs
Respondents identified a shifting locus of control for technology decisions: 79% said other groups such as IT operations and platform engineering are increasingly involved in cybersecurity. Seventy-two percent reported that technology decisions are being made without cyber input, which respondents framed as creating barriers to security adoption. Finding out about IT initiatives begun without security oversight was also listed among the most stressful job elements (20%).
Stress, burnout and the risk of departure
Work-life balance is a clear pressure point — 69% of those surveyed said balance can be challenging. Nearly half (47%) said they have thought about leaving their role or the profession in the past 12–18 months because of stress. When asked to rank the most stressful aspects of the job, respondents identified:
- Overwhelming workload — 24%
- Keeping up with the security requirements of new initiatives — 23%
- Fear of getting something wrong — 22%
- Constant emergencies and interruptions — 20%
- Finding out about IT initiatives begun without security oversight — 20%
Program improvements respondents want: training, resources, GRC and hygiene
Only 29% of respondents rated their organization’s cybersecurity culture as advanced, signaling perceived room for improvement. When asked where their cybersecurity programs could be most improved, respondents identified increased training for IT and security professionals (42%), investments in the right resources (37%), improvements to governance, risk and compliance (GRC) (36%), and better cyber hygiene (35%). Job satisfaction, respondents said, could be nurtured by a strong cyber commitment from leadership (39%), competitive financial compensation (35%), and better career support (35%).
Collaboration fixes respondents favor: embedding staff and automating processes
On practical steps to improve cooperation between security and IT, respondents pointed squarely to structural and process changes: 44% said collaboration with the IT function could be best enhanced by embedding security staff into functional technology groups, and 41% endorsed automating the processes that require collaboration between IT and security.
What this means for technologists, IT operations and organizational leaders
Technologists and security teams will likely push for closer operational integration: the survey’s backing for embedding security staff (44%) and automating collaboration (41%) gives concrete measures teams can pursue to reduce last-minute surprises and the “keeping up” stress cited by 23% of respondents.
IT operations and platform engineering are already more involved in cybersecurity (79% reported that change). The data suggest those groups will remain central decision-makers; their actions, whether to include security input or to proceed without it, are a direct driver of the reported barriers to security adoption (72%) and a source of stress when initiatives proceed without oversight (20%).
Organizational leaders have a clear signal in the responses: only 29% call their cybersecurity culture advanced, yet respondents identify leadership commitment (39%) and investments in resources (37%) as key to improving job satisfaction and program effectiveness. As ISSA’s president framed it, the problem is less about scarcity of talent than about insufficient investment in existing people.
Jimmy Sanders put the trade-off bluntly: "The profession is struggling not because talent is scarce, but because organizations are not investing enough in the people they already have. That is the leadership opportunity in front of us right now."
Source: Infosecurity Magazine — Over Two-Thirds of Security Pros Say Cyber Is Getting Harder
