Skip to content
Sign In Subscribe
Mental HealthArticle

Your Biggest Security Risk: Mentally Exhausted Humans

From our first episode of CYBR.Minded: Security teams are drowning in alerts, responsibility and impossible expectations. Until recently, the industry treated it as a personal problem instead of a systemic one.

 and  Bill Brenner
5 min read

When a security incident occurs, the first questions are usually technical: What vulnerability was exploited? Which control failed? What tool missed the alert?

Dr. Dustin Sachs, host of the new CYBR.Minded podcast, says those questions often miss a deeper truth. Most cybersecurity failures are not purely technological failures. They are the result of decisions made under pressure, warnings overlooked, processes worked around, or exhausted teams trying to do too much with too little.

That premise formed the foundation of the inaugural episode, featuring CYBR.SEC.Media Editor-in-Chief Bill Brenner (the author of this article).

Subscribe to the CYBR.SEC.Media newsletter

The conversation focused on a topic that has long lived in cybersecurity's blind spot: the people behind the controls.

Watch/listen to the full episode:

The Human Side of Cybersecurity with Bill Brenner
Why mental health, overload, alert fatigue, and human resilience are cybersecurity issues.
CYBR.SEC.Media, and CYBR.SEC.Media

"The human side of cybersecurity" is often treated as a separate conversation from security operations, governance, or incident response. Brenner argued that it shouldn't be.

The human side of cybersecurity is the reality experienced by practitioners every day. It encompasses the analysts chasing alerts, the engineers designing defenses, the risk professionals navigating competing priorities, and the CISOs carrying responsibility for outcomes they often cannot fully control.

Technology may be at the center of cybersecurity, but people are at the center of every cybersecurity decision.

Click to enlarge

Burnout Isn't a Personal Failure

The discussion also explored Brenner's own journey with mental health, depression, anxiety, and obsessive-compulsive tendencies. More than two decades ago, while beginning his cybersecurity journalism career, he started publicly documenting those experiences. In late 2009, the result was a blog called The OCD Diaries.

The response from the cybersecurity community surprised him. Security practitioners from across the industry reached out with stories of their own struggles. Many had never openly discussed them before. What became clear was that the challenges weren't isolated. They were widespread.

Cybersecurity has become one of the highest-pressure professions in the modern workforce. Teams face a constant stream of alerts, escalating threats, organizational politics, staffing shortages, and growing expectations from leadership. At the same time, the consequences of failure continue to increase.

For many practitioners, the result is chronic stress, disrupted sleep, difficulty disconnecting from work, and a growing sense of responsibility for problems that can never be completely solved.

Brenner pointed to a common experience familiar to many security leaders: the inability to truly step away.

Even during vacations, weekends, or family time, many professionals remain tethered to Slack channels, email notifications, text messages, and dashboards. The fear of missing something important becomes difficult for him to shut off.

The industry often describes this as alert fatigue, but Sachs suggested the problem goes deeper than alerts alone.

People are not simply overwhelmed by notifications. They are overwhelmed by responsibility.

Cybersecurity attracts people who care deeply about protecting others. That sense of responsibility is one of the profession's strengths. It can also become one of its greatest liabilities when it goes unchecked.

Building More Human-Centered Security

One of the central themes of CYBR.Minded is that organizations need to move beyond asking whether people followed the process.

Instead, they should ask whether the process was designed for real people operating under real-world constraints.

That shift requires leaders to think differently about resilience.

Rather than expecting practitioners to simply become tougher, organizations must create environments that support sustainable performance. That means acknowledging cognitive overload, decision fatigue, competing priorities, and the emotional toll that comes with defending increasingly complex environments.

The need is becoming more urgent.

Artificial intelligence, geopolitical tensions, critical infrastructure threats, and an endless stream of vulnerabilities are creating even greater demands on security teams. The pressure is unlikely to decrease anytime soon.

For Brenner, mental health is not a separate conversation from cybersecurity. It is cybersecurity.

The tools, controls, and technologies will continue to evolve. But behind every alert, every investigation, and every security decision remains a human being.

If the industry wants better security outcomes, it must spend as much time understanding those people as it does understanding the systems they protect.

CYBR.SEC.Media has focused increasingly on the subject since Brenner joined its ranks in January 2026.

Here are just a few examples:

Have We Already Had a Cognitive Pearl Harbor?
Winn Schwartau warned of a “Digital Pearl Harbor” decades ago and is now raising a more unsettling possibility: the real attack may already be underway, targeting human perception itself.
CYBR.SEC.MediaBill Brenner
Cognitive Warfare Has Entered the SOC. What it is, How to Respond
Information overload, cognitive warfare, and nonstop digital noise are turning human attention into a vulnerable attack surface.
CYBR.SEC.MediaBill Brenner
CYBR.HAK.CAST Episode 13: Winn Schwartau
Winn Schwartau argues that the biggest threat facing defenders isn’t just technical, but cognitive: overwhelming information flows that push humans into “mental DDoS.” He has introduced the concept of “critical ignoring” as a prerequisite to critical thinking.
CYBR.SEC.Media, and CYBR.SEC.Media
Mental Health Awareness Month: Boundaries Are a Security Control
Feeling the mental strain that is often part of working in cybersecurity? I’ll admit that I am. But we’re not alone, and we have allies to see us through. This post celebrates Mental Health Hackers. We will spotlight other great efforts in the community throughout the month.
CYBR.SEC.MediaBill Brenner
5 Foundational Cybersecurity Mental Health Articles Every Security Leader Should Read
From SOC burnout and alert fatigue to resilience and psychological sustainability, these five cybersecurity mental health articles helped shape one of the industry’s most important conversations.
CYBR.SEC.MediaBill Brenner

Related

He Wasn't a Hacker. But He Was One of Us.
Mental Health

He Wasn't a Hacker. But He Was One of Us.

Thirty years after Sean Marley died, I realize that my focus on mental health in cybersecurity started with him. This is a belated thank you to him for helping me strive for something better. He wasn't a hacker. But he sure as hell was one of us.

 and  Bill Brenner

Latest