How to Best Maintain a Healthy Work-Work Balance in Cybersecurity

If you go by social media, you’d think cybersecurity was a vocation only suitable to those with an almost overriding passion. But in reality, it’s a job. An important one, but a job. So why does it seem like cybersecurity hustle culture is the dominant narrative in our industry?

This week’s episode is hosted by me, David Spark , producer of CISO Series and Andy Ellis , partner, YL Ventures . Joining us is Edward Contreras , senior evp and CISO, Frost .?

Thanks to our sponsor, ThreatLocker .

A gradual language shift

Effective cybersecurity communication within a company requires more than simplifying technical jargon—it demands a shared, consistent language. Organizations should create a company-wide translation guide, starting with a glossary and refining it through feedback, as Deepak Gupta of GrackerAI outlined. However, the best approach is gradual adoption—consistently using a small set of key terms in daily conversations until they naturally become part of the company culture. Remember, common business terms can have multiple interpretations across departments, so aligning on terminology is critical for meaningful risk discussions.

Don’t reflexively rise and grind

The cybersecurity community glorifies the idea of passion, leading many to believe that constant hustle and personal projects are necessary for success. A discussion on Reddit questioned this mindset, with some arguing that curiosity and an inquisitive mindset matter more than relentless drive. There is a temptation to compare this to other fields like sports, where some will take a steady, balanced approach while others, like Michael Jordan, will push themselves to excel. But that metaphor can only go so far. A career progression is about continuous learning and execution, not just working long hours.

Lean into focus

Budget cuts and layoffs are becoming an industry reality. This forces security teams to rethink priorities, as pointed out by Phillimon Zongo on LinkedIn. But don’t be too quick to fall back on a “do more with less” mentality, as it can demoralize teams. Instead, CISOs must eliminate low-impact projects and focus on outcomes over busywork. Look to the 80/20 rule, ensuring investments in effort benefit the majority rather than niche concerns. Fostering a culture where employees feel empowered to innovate and prioritize high-value work is essential to maintaining security effectiveness during challenging times.

Gauging the unmeasurable?

Hiring great security leaders requires looking beyond technical skills to traits like critical thinking, adaptability, and communication. Organizations also need to try to tease out a candidate's moral courage, cultural fit, and the ability to influence others, said Phil Venables , CISO, Google Cloud . A good way to start is looking at receptiveness to feedback. The best leaders listen before acting. Communication is the core of these other intangible values. A candidate’s ability to explain a simple concept in an engaging way is a strong indicator of their potential to lead and influence others in security.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO?Series Podcast via your favorite podcast app, please do so now.

Thanks to our podcast sponsor, ThreatLocker

Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

NEW SHOW on CISO Series

Why We Launched Security You Should Know

Security You Should Know is our newest show on CISO Series. It’s a focused 15-minute podcast that connects security solutions with security leaders. Hosted by Rich Stroffolino, each episode presents a cybersecurity vendor trying to solve a specific problem, with two security expert panelists asking questions to learn more about the solution.

The first four episodes are available on the Security You Should Know landing page, where you can also find links to subscribe via your favorite podcast app.

At CISO Series, we’re very deliberate about how we launch shows. We’re always thinking about balancing what the audience wants to hear and what sponsors are willing to pay for. Finding that gentle balance isn’t easy. This latest show took two years to launch. It’s not that the show concept is complicated; rather, the opposite. We worked through two very complicated concepts before finally landing on this simpler one.

If you’re interested in how our development process works, I wrote an article that explains how we launched each show and how we came around to launching Security You Should Know.

READ: Why We Launched Security You Should Know.

And if you’d like to provide feedback, join the discussion on LinkedIn.

If you’re interested in sponsoring and being featured on an episode of Security You Should Know, please contact us.?

Best Advice for a CISO…

"Instead of teaching cybersecurity, learn the roles and programs of your stakeholders. Make your programs so relevant to the business that they have no idea they are doing security." - Edward Contreras , senior evp and CISO, Frost

Listen to the full episode of "How to Best Maintain a Healthy Work-Work Balance in Cybersecurity"

We've Been Fooled. There Is No Talent Shortage.

"We keep a list of the cheap companies that always undercut their employees. They have the worst benefits. They have the worst kitchens. They don’t give any fringe benefits… It’s the employees who have no other choice, who have no other options. They end up at those bottom feeder companies." - Jimmy S, CISSP, CRISC, CISM , president, (ISSA) International Sports Sciences Association

Listen to the full episode of "We've Been Fooled. There Is No Talent Shortage."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Christina Shannon, CIO, KIK Consumer Products. Thanks to our sponsor DeleteMe.

Thanks to our Cyber Security Headlines sponsor, DeleteMe

Navigating the Surge of AI-Generated Content and Deepfake Threats

AI-generated content is exploding—90% of online content is expected to be AI-driven by 2026. What does this mean for cybersecurity?

I spoke with Nick Loui , CEO and co-founder at PeakMetrics , about this surge, which includes sophisticated scams and deepfakes, alongside the fragmentation of social media platforms. Nick emphasized the complexity of the geopolitical environment and the evolving nature of threats that now require security and risk-focused strategies within organizations. To combat this, organizations need to be able to track the spread of deepfakes and understand the narratives behind them.

Join us on March 21, 2025, for "Hacking Narrative Threats" at 1pm ET/10am PT on Super Cyber Friday. Joining David and Nick for this conversation will be Jason Elrod , CISO, MultiCare Health System .

Register

Thanks to our Super Cyber Friday sponsor, PeakMetrics

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at?cisoseries.com.

Interested in sponsorship,?contact me,?David Spark.