Over 70% of cybersecurity professionals often have to work weekends to address security concerns at their organization, according to a new report by Bitdefender.

This intense workload appears to correlate strongly with job dissatisfaction, with around two-thirds (64%) of the 1200 cyber professionals surveyed stating that they are planning on looking for a new job in the next 12 months.

The issue of burnout and job dissatisfaction was particularly profound among UK respondents, with 81% often working weekends and 71% looking for a new job.

  • umbrella@lemmy.ml
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    4
    ·
    edit-2
    6 months ago

    yeah fuck that, i don’t want 24/7 work just because they can theoretically reach my almost dead carcass 24/7.

    we need unions asap 🧅

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        19
        ·
        edit-2
        6 months ago

        i got that, the stress is not worth it. the previous generation didnt need to work 24/7 every week to earn what i did with all the commissions included.

        get people to rotate out with me. i’d rather get less pay (provided its sufficient for living) than the chronic stress.

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      6 months ago

      Change Windows. You can’t take shit down during the work day.

      Everywhere I’ve worked (many very large companies, banks, telecom, outsourced IT, etc) teams have coverage schedules, so I suspect this article is misleading.

      Someone has to mind things 24/7, this is done via scheduling.

      And the more critical you are, the more on-call you are. I had one role where I was on call 24/7. Things rarely broke enough for me to be called, but I never once resented when I was called. I’d rather get woken up at 2am because my help is needed than have the risk that our systems aren’t ready for the day.

      • Semi-Hemi-Lemmygod@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        ·
        6 months ago

        And the more critical you are, the more on-call you are.

        This shows a really low Bus Factor which should be remedied. If you’re on call 24/7 because you’re the only person who can fix things then your employer is running the risk of you being unavailable due to injury or disease and then they’re up shit creek sans paddle.

        • AdamEatsAss@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          6 months ago

          There are no bad employees only bad managers, or some karate kid nonsense like that. I had a job where I was “on call” 24/7 with no one else as alternates. I kept getting in trouble for not being available on the weekend when they called me. Most of the other employees I worked with in similar positions admitted to drinking every night that way they couldn’t get called in after hours. I quit that job quick.

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        6 months ago

        that is if they actually allow you to make the changes so the systems are reliable.

        theres always some boss that doesn’t want to swallow his pride and you pay the price for it.

      • IphtashuFitz@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        6 months ago

        Not to mention that lots of malicious attacks occur late at night or on weekends in an attempt to delay getting noticed. My company has rotating on-call schedules for our security, devops, and even engineering teams. I’ve had to hop on late at night or on weekends to help mitigate attacks. Luckily my employer is really good about letting folks take a day or two off after such events.

    • gravitas_deficiency@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      edit-2
      6 months ago

      While I nominally agree, there are some situations and contexts in which an on-call rotation is not only appropriate, but the responsible thing to do.

      That said, on-call people should get special compensation/rewards/perks, because being on call sucks.

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        6 months ago

        on-call people should get a rotation so they aren’t on call every single week. which is what usually happens ime.

    • jdeath@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      9
      ·
      6 months ago

      unions would probably make sure all juniors have to work weekends. kinda like airline unions make juniors work 10x unpaid labor hours than the seniors

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        6 months ago

        you are probably thinking of a terrible union. ive been in those, don’t bother with them.

        • jdeath@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          6 months ago

          how would you know ahead of time? mostly (in USA at least) you don’t get a choice. when you join a job if they have a union you have to join, even if its corrupt. how can you prevent them from becoming corrupt?

          • umbrella@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            6 months ago

            in my country you don’t have to join it. i generally take a look at what they do and its real apparent when they suck up to bosses.

            most unions are like this nowadays over here, but there are good ones.

            • jdeath@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              ah, thanks for explaining that. if there is an option to join or not join, then the unions would have some incentive to do a good job. but in the usa, that isn’t an option, so every union eventually turns corrupt.

              I’m sure that was done intentionally, to render unions (worse than) useless.

  • justsomeguy@lemmy.world
    link
    fedilink
    English
    arrow-up
    81
    ·
    6 months ago

    High availability and security are the bane of IT infrastructure jobs. It makes me anxious to think about my MSP days when I’d sit on my couch on a Saturday fully aware that I’m one phone call away from having my day, weekend or even the next two weeks ruined because some customer CEO has full domain admin rights and would give them to anyone who’d ask on the phone or via email.

    • FenrirIII@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      6 months ago

      It’s not just security that ruins an IT person’s life. I had a customer decide to do a massive data migration from their primary data storage to a new system during the busiest time of day. It destroyed the primary, secondary, and backup systems as well as corrupting the destination system. It was a one-in-a-million bug/glitch that cost me 2 weeks of 16 hour days.

      It’s idiots in charge of IT that are the true source of our pain.

  • edric@lemm.ee
    link
    fedilink
    English
    arrow-up
    31
    ·
    6 months ago

    My org has a follow-the-sun rule and avoids having people work on weekends. It helps that it’s a global team, so there’s only around maybe 18-20 hours in the middle of the weekend where it’s not a Monday or Friday somewhere in the world.

  • kmartburrito@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    6 months ago

    My company doesn’t work weekends unless you’re on call or something. I could see it happen with incident response or security operations, but other things aren’t so critical that we need to have our staff working outside of normal business hours.

    I may be lucky as well because I work within GRC, and we have a huge focus on work-life balance.

    This 70% number seems high. I’m in leadership.

  • foggy@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    70
    ·
    edit-2
    6 months ago

    And ~100% of cybersecurity pros work ad hoc 100% of the time…

    They probably put in 2-10 hours of actual work in a given week. Just like any desk job that doesn’t sit on zoom calls all day.

    Edit: 100% of people downvoting this should first Google “ad hoc.” Or are just envious that I have a cybersec job making good money doing nothing all day. Sucks to suck. 🤷‍♂️

    Kinda how ~100% of IT salaried positions work. If you’re confused, you’re probably hourly.

    • Neato@ttrpg.network
      link
      fedilink
      English
      arrow-up
      49
      arrow-down
      2
      ·
      edit-2
      6 months ago

      If you’re paying someone to always be on call then they are always working. Just because you don’t always need them doesn’t mean they aren’t working. You’re paying for their availability.

      • sunzu@kbin.run
        link
        fedilink
        arrow-up
        7
        arrow-down
        18
        ·
        6 months ago

        I agree with this but I think point is that yes they are on call all the time but in exchange they get a lot of down time to live their lives.

        Not sure it is fair I don’t work like that and I don’t think I can.

        Nurse model seems to make more sense where there is on call list and you get paid for that time.

        • Moghul@lemmy.world
          link
          fedilink
          English
          arrow-up
          17
          ·
          6 months ago

          IMO sitting at my desk, watching logs or waiting for something to come in isn’t living my life. I can’t do my hobbies, I can’t play video games, drink a beer, watch a movie, hang out with my friends, etc. Browsing lemmy or youtube isn’t exactly living my life. As long as I’m at that desk, I’m working.

          • sunzu@kbin.run
            link
            fedilink
            arrow-up
            3
            arrow-down
            2
            ·
            6 months ago

            All fair points and agree… If I am on the clock, I am working. Work flow is management issue

        • RubberDuck@lemmy.world
          cake
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          6 months ago

          That could work, if you had a large pool of these people to put on the on call list. Most companies do not. And only having every other weekend off is not living.

          • sunzu@kbin.run
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            Sounds like a management issue IMHO

            Maybe people should organize and deny these leaders cheap labour?

            • RubberDuck@lemmy.world
              cake
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              edit-2
              6 months ago

              100% but in general there are too few people that possess the skills for this work. So they are hard to find and expensive.

              • sunzu@kbin.run
                link
                fedilink
                arrow-up
                2
                ·
                6 months ago

                Sounds like the sort of challenging market conditions executives get paid big money to solve…

                I know god forbid these people have to do any work lol

    • unconfirmedsourcesDOTgov@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      20
      ·
      6 months ago

      Since we’re telling people to Google things, try “anecdotal fallacy” and let us know if it helps you to understand the source of the downvotes.

      The OP is about survey data that directly contradicts your position. It’s fantastic that you’ve found a position where you have work/life balance that works so well for you, but it simply doesn’t match the experience of many commenting in this thread or those who were surveyed.

      Be as obstinate as you like, it won’t change the lived experiences of others in the industry.

    • thejml@lemm.ee
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      2
      ·
      6 months ago

      If your cybersecurity and/or SecOps team isn’t working 40 hrs a week, you’re either WAY over staffed or you’re missing out on a lot of proactive security work. Ours has a massive backlog of tickets and is working proactively on protecting and preventing incursions and security incidents.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        6 months ago

        Lol he’s got 5 people for 700 users. Way overstaffed. Or well-staffed at a minimum.

        700 users is a business group in my world.

      • foggy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        10
        ·
        edit-2
        6 months ago

        No, SOAR tools make life pretty easy. 5 person SOC team + boss, 700 person org. Not overstaffed.

        I get a few alerts every few hours. Investigate, determine if false positive, and go back to gaming. Unless it’s the off chance it’s not a false positive. Then I do an hour of work or so. Then back to gaming.

        • TheKMAP@lemmynsfw.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          No alert development, threat hunting, or ML research? No upskilling of any kind? Must be nice to work at a company with no impact to the world when it gets popped.

    • RubberDuck@lemmy.world
      cake
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      6 months ago

      You are one of these people that also thinks the utility companies sit on their ass while they are not performing a break-fix aren’t you?

      If anything security means ploughing through logs, checking up on monitoring alerts. And most importantly constant lobbying with the devs and deployment projects to actually take security serious… yes we know it is easier to deploy without ssl, single sign on, firewall, monitoring suite and not using our template but your own custom OS install etc… but this means everything is fucked if something happens and noone will be able to tell why. And No you cannot just deploy the database cluster in the DMZ so that it is easier to access.

        • RubberDuck@lemmy.world
          cake
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          6 months ago

          You are the one that said these people do 2-10 hours of work a week and I tried to tell you that there is so much more to the domain of security.

          So you kinda told us a lot about yourself with your denigrating remark.

  • Dendr0@fedia.io
    link
    fedilink
    arrow-up
    6
    arrow-down
    80
    ·
    6 months ago

    Oh boohoo, you make 6 figures and have to work some weekends. Get over yourselves or better yet, get a job outside of a cubicle. Every job is going to have it’s good aspects and shitty aspects.

    So would you rather work weekends, or up on a roof in the Florida sun?

    • eleitl@lemm.ee
      link
      fedilink
      English
      arrow-up
      40
      arrow-down
      2
      ·
      6 months ago

      False dichotomy, so neither. Things are more work-life balancey in Europe.

    • nulatium@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      18
      ·
      6 months ago

      You gotta understand the skill set is highly specialized and is ever-evolving. The issue likely being that many take on their six figure salary and aren’t paid for their weekend work but instead work to ensure the security of the employer.

      If I’m hired for $120k/yr for a 40hr week, but I’m pulling 46-52hr weeks, I would feel the need to be appropriately compensated for it. If it’s going to be considered a work hazard I would expect to receive hazard pay.

    • RubberDuck@lemmy.world
      cake
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      6 months ago

      Some weekends? These roles are hard to fill so usually chronically understaffed, meaning most weekends.

      And even if you like the work, the volume is an issue burning people out on the role.