I’ve previously talked about the limitations of tokenistic Awareness Days that can take away from those that serve a vital purpose. One of the notable days is PTSD Awareness Day (27th June). This spotlights a condition frequently linked with veterans, first responders and increasingly high-stress, high stakes professions such as cybersecurity.
As security professionals find themselves constantly “on call” for crises, breaches and outages, the mental strain they are exposed to can lead to symptoms that echo PTSD, such as reliving trauma, constantly feeling on edge and having trouble sleeping. For that reason, CIISec has partnered with PTSD Resolution, a charity offering free, confidential therapy to UK military veterans, reservists and, now, cybersecurity professionals. The goal of the partnership is to bring specialised trauma-informed care into an industry that often suffers in silence.
And in many ways, there are parallels between careers in cybersecurity and military service. While cybersecurity is rarely a matter of life and death, both defend national interests, operate 24/7 with an “always on” mentality akin to a coiled spring, require rapid response and routinely confront foreign adversaries. And like military veterans, cybersecurity professionals are expected to absorb intense pressure in high stress situations without showing vulnerability. As the volume and sophistication of cyber threats rises across industries, this pressure has increased. Cybersecurity professionals are required to repel attackers, but also answer to regulators, governments and their own leadership teams. They’re on the digital front line.
The consequences of lapses in cybersecurity are mainly discussed through the lens of business risks, like cost, failing regulatory compliance and operational impact. But too often, the psychological toll on cybersecurity professionals is left unsaid. Cybersecurity isn’t just a technical profession; it’s an emotional one too. It’s about people, communication and high-stakes decision-making. Long hours and an unrelenting pressure to prevent breaches contribute to a workplace culture where exhaustion and burnout are normalised and routinely ignored.
Increased media exposure and blame culture can worsen the situation. Mistakes are turned into public spectacles, forcing security professionals to walk an emotional tightrope. And in many cases, responsibility outweighs authority, with security professionals held accountable without having full control over interconnected systems, supply chains or budgets.
But mental health isn’t just personal. It has a direct impact on the resilience, clarity and cohesion of entire companies. When the wellbeing of even one cybersecurity team member is compromised, so is the entire function’s ability to respond to threats . By proxy, their organisation is left vulnerable.
People in our profession can be backwards in coming forward, so we must get better at spotting problems before burnout takes hold. Because once mental health has been pushed too far, it’s like trying to put toothpaste back in the tube.
CIISec’s partnership with PTSD Resolution will help to drive recognition that mental resilience is just as important as technical skill. It will provide individuals and businesses with the resources needed to take a more proactive approach to wellbeing through training and raising awareness about what good mental health looks like. Internal and external support will be available to help Members spot early warning signs and support peers through tough periods. Through this collaboration, CIISec members can also access tailored assistance that addresses their unique stressors.
We’re also working to ensure that leadership roles, often filled by highly technical people not trained for team management, are better supported through skill-building and team development. The embrace of initiatives like this signals a culture shift, one where seeking help is seen as a sign of professionalism, not weakness.
