Dear Security Leader,
Whether you're Head/Director/VP of Security or a CISO, your job is extremely hard and stressful. Most of us, security leaders, have to deal with two harsh facts:
That's our reality.
If you’ve been in the industry for a while, you’ve likely already come to the same conclusion. Most executives may talk like they care about security, but you know it's BS in most cases. You feel it! Their support for you, interest in your accomplishments, and the amount of resources you get, could all be drastically improved. In most cases. For most security leaders.
Many people know some aspects of your job, but nobody understands or appreciates the totality of the work you do. No one has the full picture of things you deal with on a daily basis. So they can't appreciate the variety of demands placed on you. If they did, you’d get more respect, wouldn’t report to the person you do, and would get paid much more. That's the no BS reality.
These two facts cause all sorts of other problems you have to deal with in your daily work life: you get responsibility, but lack authority; you don't always get the right seat at the table; your presentations to the board get pushed to the end, etc. And on top of all of that, you actually need to do your job, and protect the organization in cyberspace!
I was there, and did that. While I was still in the corporate world, dealing with all of the BS one security leader needs to deal - I was very close to burnout, twice! The first time, my wife saved me. She "forced" me into 3-week vacation. That helped temporarily! The second time, what saved me from burnout was having regular chats with a friend who also had a broad experience as a security leader. I would have never expected this to help!
Fast-forward one year, another friend of mine, a security leader in a Tech firm from Berlin, complained to me about his job. It took one conversation for me to understand he was about to experience burnout. It was so obvious to me, but he wasn't aware of it himself! So we started to have regular meetings: he would complain about his manager, rant about peers which ignore security, talk about problems he had with his team's morale, etc. Long story short, he did avoid burnout. He became aware he was in the pit. I helped him climb out if it.
So here I am, writing this public letter to security leaders, because my friend suggested it. And I like the idea of helping other security leaders in a similar way, too. So here's my take: instead of talking to a psychotherapist, talk to a CISOtherapist. Find out more below.
Best regards from Berlin,
Jovica,
Founder & Managing Director
WIM Security GmbH
Everything we'll talk about stays confidential. We can talk using your preferred communication software. The tl;dr of the service:
Please note: I'm not a therapist, and I'm not qualified to provide any kind of professional psychological help. I used to be a security leader, before I founded my boutique InfoSec consultancy firm.
I can listen with understanding.
I'm a good listener. But I'm also a competent listener. I've been a security leader myself, and I'm currently running my own InfoSec consulting firm, WIM Security.
I can ask questions.
Dumb questions, smart questions, provocative questions, challenging your beliefs, you name it. I KNOW they can be extremely valuable. I can be your sounding board.
I can help you with security strategy.
I could provide my independent insights, thoughts and observations of your current work challenges. As a security advisor, I've helped hundreds of organizations with security.
I can help you with decision-making.
Whether it's about your personal career, stakeholder management, peer relations, IT, or cybersecurity decisions, I could help you make the right decisions.
In case you're wondering "Who the hell do you think you are?", or "What makes you qualified to offer a service like this?", please read along.
I'm not a psychotherapist. I haven't completed any related training. I "invented" the word CISOtherapist, if that can be called an invention.
I'm an InfoSec professional, with strong experience in Information Technology, Information Security, and Human pshychology. I'm currently the founder & Managing Director of WIM Security GmbH, an independent boutique firm offering world-class InfoSec consulting.
CISOtherapist.org is a side project of mine. Other projects would yield a significantly higher financial return on my time. Regardless, I've chosen to try to help security leaders who really need it.
My time as a business owner is my most precious asset. Hence I can support only a handful of security leaders at the time. To check if there are free spots and sign up, please email me at hello@wimsecurity.com.
Make sure to include the following information:
We all hope that bad things won't happen to us. But your mental health is too important to depend on hope.
"Hope is an expensive commodity. It makes better sense to be prepared." - Thucydides
Can I expense this, or can my company cover for the cost of CISOtherapist service?
Not only that you can, but I strongly suggest that you should get your company to pay for any kind of mental support, including CISOtherapist.