Burnout in cybersecurity leadership: Symptoms we don’t talk about

Editor’s note: The experiences shared in this blog come from a conversation with former Axonius Field CISO Liz Morton and are part of our two-part series on burnout in cybersecurity leadership.

In this first post, we explore the realities of burnout in cybersecurity leadership and the symptoms many leaders hide. In part two, the focus shifts to practical strategies for overcoming burnout.

Let’s be real: it’s tough to admit when we’re burned out. We all know it happens. We just don’t like to talk about it. 

There are legitimate reasons for feeling burned out, like being on an overworked team. But there are also reasons we keep it to ourselves. Maybe the teams we lead will see it as a weakness. Maybe management will think we’re in over our heads. 

Sure, we know breaks matter. We know we should manage stress. But feeling burned out can confirm our worst fears about our own abilities. 

It feeds that imposter syndrome so many of us carry. So we push through, grab an extra nap, or take a weekend off. And maybe that helps … but only for a while.

The truth is, burnout often feels like a secret worth hiding. Cybersecurity leaders aren’t immune. I know this because I’ve been there. I’ve dealt with burnout myself, and I’ve seen the damage it can do to people and organizations.

Burnout gets defined in a lot of ways, but these are the core symptoms:

1. Physical and mental exhaustion

2. A sense of detachment and cynicism

3. Reduced effectiveness

After years of protecting organizations from nonstop threats, I’ve felt each one of these. I’m sharing my story because I know I’m not alone. If we can be more honest about burnout and give ourselves permission to address it, we’ll be better leaders, better teammates, and better people.

When hard work morphs into exhaustion

Exhaustion doesn’t always announce itself.

I didn’t recognize burnout right away. At first, I told myself I was “just tired” … and then I was still tired, no matter how much I slept. 

At times, it’s been difficult for me to identify my state and do something about it. But part of leadership is self-reflection and self-remediation. We owe it to our people and our organizations to confront our own challenges head-on.

Being “always on” comes at a cost.

In cybersecurity, constant vigilance is celebrated. We pride ourselves on being reachable, ready, and responsive. As leaders, we keep our doors open, field late-night calls, and shoulder the responsibility of protecting critical systems around the clock.

I’ve always been proud to lead high-performing teams full of dedicated professionals who count on me. But there’s a downside to being “always on.”

If you live in a constant state of high alert, you will eventually be overwhelmed. Our drive to fight real threats can morph into a mindset that we should always be ready for the worst. But if you never switch off, burnout is inevitable.

Fatigue isn’t just physical. It’s personal.

Being “always on” changes how you experience the world. Your perspective narrows. Your energy drains. And eventually, you’re not just physically worn out, but mentally and emotionally depleted.

I’ve been there: when no amount of caffeine or sleep makes a dent, because the problem isn’t really about being tired.

I told myself that being good at what I do meant I could power through and handle everything, all at once, without a break. But let’s be real: as leaders, we would never let one of our team members work that way, right?

So why do we hold ourselves to a different standard? Somewhere underneath is the belief that we’re too valuable to the team to ever step back. But that mindset isolates us, and isolation is the real killer.

When detachment and cynicism set in

It’s easy to let a mission take over your life.

I work in cybersecurity because I want to protect the organizations people count on: businesses, government agencies, nonprofits. That’s the mission that keeps so many of us going.

But overwork chips away at that energy. You start convincing yourself that constant grinding is necessary for the mission. You even wear exhaustion like a badge of honor.

That sense of sacrifice can feel noble, like you’re suffering for a cause. But as the negative self-talk gets louder, you start to pull away. The rest of the world's goodness feels like it’s meant for other people, not for you. Vacation? That’s for people who don’t work as hard as you do. 

Constant work pressure makes it harder to enjoy … well, everything else. The hobbies I once loved didn’t spark joy anymore. This is when detachment turns to cynicism, and your “why” for doing the work fades.

Thankfully, there’s a way out. 

We’re analytical people; it comes with the territory in cybersecurity.  But if we turn that same lens on ourselves, it’s usually pretty clear when something has to change.

For me, it was all about hearing myself through the echoes of people who cared about me, and getting more sensitive to the vibes I was putting out. I realized that sacrificing my happiness for an important job actually doesn’t help me do the job at all.

When constant stress makes you less effective

“Work smarter. Not harder.”

How many times have you heard that line? But in this case, it really does matter. When working harder turns into running on a treadmill, you need to step back, recover, and reset.

Writing in the Harvard Business Review, researcher Kandi Wiens says people need to “fully detach” from work in order to recover. And as athlete and marathon expert Hal Higdon puts it: “Rest days are as important as training days.”

Athletes take recovery seriously, and we should too. We can’t stay on high alert defending our organizations without stepping back to recharge.

Every skipped break is a missed opportunity.

Giving yourself space to rest up after a hard push helps you come back with a clearer mind and a replenished spirit. Delegating, saying no, and setting boundaries all strengthen your ability to show up for your team, too.

And it signals that rest matters for them, too. We’re always setting the tone, whether we realize it or not.

You can’t show up for others if you don’t show up for yourself

Being a cybersecurity leader today means dealing with real stress and real risk. We want to stay sharp, protect our organizations, and support our people. But staying hyper-alert all the time isn’t sustainable. We have to take care of ourselves, too.

The quality of your performance is directly tied to your ability to unplug, refresh, and reset. For me, addressing my own burnout helped me see more clearly and lead more effectively.

For practical strategies you can use to beat burnout, check out part two of this series.