Burnout Is Part of the Risk Model
Earlier this month, I experienced my first real-world cyber event as a security leader.
After more than two decades in technology and about eight months in cybersecurity leadership, I had spent a lot of time preparing for that moment. Studying, certifications, conferences, and graduate work. All of it aimed at being ready when it mattered.
And when it did, I was ready for the work.
What I was not fully prepared for was the cost of sustaining it.
When Preparation Meets Reality
For over two weeks, I was deeply involved in response and recovery efforts. Long days, constant context switching, and a steady stream of decisions that carried real consequences.
It was intense, but also meaningful.
You could see the impact. You could feel the alignment across teams. You could watch progress take shape in real time as systems came back online and stability returned.
There is a certain clarity that comes with that kind of work.
But there is also a limit.
The Moment It Became Clear
After 14 and a half days focused almost entirely on one problem space, I was handed a new task in a different area that also needed attention.
The task itself was not the issue.
It was the shift.
Moving from deep focus into something that required a different perspective and fresh decision-making pushed me past my limit.
It was urgent. It mattered. And I took it on.
Looking back, that was the moment things changed.
I could have said no.
I could have asked for time to reset.
I could have transitioned more deliberately.
I did not.
And while the work got done, there is a cost to pushing past your limit that does not immediately show up in the outcome.
What the Experience Reinforced
One thing that stood out was how individuals carried themselves through it.
Some people have a remarkable ability to stay calm, focused, and deliberate under sustained pressure. They create stability for others and help move things forward without adding noise.
That kind of steadiness is not just technical.
It is personal.
A few takeaways that stayed with me:
- Preparation is not just technical. It is personal
- Endurance is not the same as effectiveness
- Sustained intensity without boundaries has a cost
- The best teams create space for recovery, not just resolution
The Gap in How We Plan
In cybersecurity, we spend a lot of time preparing for external events.
We model threats. We design response plans. We test recovery paths.
But we spend far less time planning for the internal limits of the people expected to execute those plans.
Fatigue, decision quality, and sustainability are rarely treated as part of the operating model.
That gap matters.
A More Complete View of Resilience
I am proud of how we responded. The coordination, the focus, and the outcome reinforced what strong preparation and teamwork can accomplish.
But the more important lesson for me was not about systems.
It was about sustainability.
There is a certain pull in this kind of work.
The urgency. The sense of purpose. The feeling of being needed when things are not going well.
Delivering under pressure can feel rewarding. Sometimes more than it should.
But if left unchecked, that pattern can push us further than we need to go.
And over time, it takes more than it gives back.
Resilience is not just about getting systems back online.
It is about making sure the people responsible for that work can sustain it.
Personal Reflection
This experience made something clear to me.
No one is exempt from burnout if we let it take control.
Experience does not prevent it. Preparation does not prevent it. Even self-awareness is not always enough in the moment.
What matters is recognizing limits and acting on them before they are exceeded.
That is something I am still learning to manage better.
Closing Thought
We plan extensively for how we will respond to incidents.
We should spend just as much time thinking about how we sustain the people responsible for responding to them.
Still working on that.
Joe Hawley
Cybersecurity Director
M.S. Cybersecurity Graduate Student, Georgia Institute of Technology