I am a network engineer tech, I work in a live nocc environment. It’s high stress, face paced and a lot of networking. I took this job as a stepping stone to work my way into infosec and build experience. The nocc has a high turn over rate, my team is increasingly getting smaller and I am the only female on my team in a company full of gatekeepers. I got lucky with this job because I did not have any practical experience. I had just graduated with two AS degrees, one in networking systems architecture and the other in cybersecurity.
I generally work 9-12 hour days, then try to spend my limited free time towards Research & Development but since the beginning of the year I have started to Burnout. It’s not that I lost my drive, motivation or passion. I just can’t do it. At this point, I burnout daily and I am having a hard time staying constant with studying for certifications or R&D in general. Any advice ?
Listen to therapeutic tones when sleeping. I run a few companies, and when I am starting to feel burnout, I just put low frequency and high frequency music on. Helps stabilize. As for learning, Take an hour after work, then eat and sleep. Also working out, helps with stamina and focus - If you stay more active health wise, burnout is less likely to happen.
What exactly do you do at work (please be specific) , with a few adjustments you could turn your work environment into a learning space (that does not mean you don’t do your job ) , if you can be more specific about what you do at work we could help you more.
Ok - first step - make a plan. It seems you have already resigned yourself to the idea that you’re stuck at your job, but please keep in mind that after only a year your opportunities can massively increase. I know how it feels to get your first gig, it feels scary that you could lose it.
If you feel that you can’t do your day-job and do side stuff, don’t sweat it. Take it easy for a bit, do something you enjoy. I found that what kind of work I was doing on my computer massively changed how quickly I burned out. Do something that really motivates you, a cause you really believe in, or a project you really love. Passion can be really important in sustaining a drive and not burning out.
Take a holiday - if you’re worried about working hours or limitations, ask if you can take a Friday and a Monday off, gives you 4 days which is a good start and your job only has to cover you for two days.
Speak to your boss, seriously, if the work environment is poor, which it sounds it is, you might not get anything out of this, but speaking to your boss can be helpful, especially if there are certain areas of your job that you’re stressing more over than others. It’s possible that you can modify our responsibilities in a way to lessen the stress. Employers can help in this sometimes, especially if they’re aware of a high turnover rate (that they are hopefully avoiding).
Is there anything specifically you struggle with that causes the most stress?
Evaluation and understanding (reason) tickets, poll systems for statistics and metrics, either autogen or customer reported.
Prioritization, largely independent with minimal oversight, but provides directions to technicians who are on site (remote).
Verify that the work is completed properly, provide Proof to Testing docs, monitor status over time.
Commonly interface with other departments depending on the nature of the problem, maintain rapport with both senior and junior members of support teams and MVPs in customer-facing forums.
Proactive exploratory testing and investigation of digital information (packet loss, bandwidth utilization, memory allocation) and hardware (router - fans aren’t working)
Border Gateway Protocol(BGP) - making sure all neighbors are responding. If not, troubleshoot and fix as well as escalate as necessary.
Investigate issues that prevent operational progress and re-rout business-critical information systems.
Load balancing - high attention to detail, proactive maintenance of equipment that will fail soon, hot-swapping and backups.
Corporate environments as well as small businesses; flexible personality capable of interacting with business and sales personnel as well as highly-technical engineers.
Business-first environment; proactively seeking ways to manage time and organize tasks to maximize ROI from work.
Thorough documentation and handoff of work to continue if uncompleted during expected time, including a plan of action that includes required methodologies, troubleshooting tools and actions/behaviors, recommendation of how to proceed.
Flexibility in priorities; agility in shifting work direction to complete activities such as disaster recovery and audits.
Ability to quickly disseminate technical and business opportunities and risks without compromising security of systems and/or information.
Maintain decorum and composure in high-pressure situations, focusing on solutions first.
Accurately and efficiently setting expectations, allowing for temporary resource allocation (technology, licenses, personnel) as necessary.
God this looks like what a arrogant firm would expect form its employee’s
Jokes aside , lets see what you could do different :
(The following might sound vague at first , but please do read it )
You deal with tickets from consumers , for a change look at the all the tickets you receive from a
“birds eye” point of view , what problems do you clients run into very often ? , are they related to security ? ( ex: frequent password resets , reports of unauthorized activity ,etc) , if yes what can you deduce from them ?
Statistics and metrics polling : i assume you are using something like nagios or zabbix for this , if you have used these things long enough you might have noticed that nagios and zabbix have capability to run user defined commands and record its output as statistics or metrics , does your environment use something like that ? , how could a attacker use this to his/her benefit ? , what could happen if your metric collection server got compromised.
what kind of security considerations do you make while instructing technician’s , ex: do you hand over password’s to them just like that ,or is there some sort of IAM setup for accessing resources ? , what kind of trust boundaries do you have ? , have you dealt with small scale security incidents ? , what would you consider as a security incident ?
Take security into consideration when a certain job is completed , did the technicians leave things in a bad security posture ? , have a small security check list
“Proactive exploratory testing and investigation of digital information” : While dealing with high bandwidth and memory usage incidents what kind of security considerations do you make ? , ex: attributing high bandwidth usage to botnet activity , high memory usage to cryptominers.
BGP : Not everybody gets to work with these so i assume you at a large firm or a ISP , you must have heard of BGP Hijacks , how could you secure your edge devices against such attacks ? , now put on your black hoodie think how you could use your network to perform MITM attacks against other AS’s .
Now you might think “that’s a lot of question marks” , well what i am trying to tell you here is that security is everywhere , you just need to look for it and take it into consideration , most security professionals come from sysadmin , networking or software-dev background , so you certainly are on the right path , stop thinking of your networking job as a “networking job” , assume responsibility of security this’ll help you learn a lot .
Eventually after answering all those security question’s you will develop a security mindset , you will start looking at things from a security perspective (more like from a attacker’s point of view ) and that’s the direction you need to head in. At the end of this exercise you’ll have a thorough understanding of your organizations security posture , try making a small security report and present it to your manager , assert that you are in interested in security and how it could be beneficial if your job was oriented more towards security .
As someone who’s still recovering from a burnout - DO NOT ignore the first signs. You will think that you’ll be able to push through. Maybe you will. Maybe not. But do you really want to risk the next few years of your life dealing with the consequences of a real burnout?
So, sit down, figure out what’s not working in your life and address that as soon as possible. Make a change. Put your pride aside and find a specialist you can really talk to. Therapist. Psychologist. Spiritual leader. Whatever works for you.
My main focus this weekend has been to relax, decompress and take a step back. Basically, I think I am past my growing point at this place, past my point of progression. It’s been happening for a while, I’ve been waiting thinking that things would get better. But It’s time to move on and grow. Now, I am not bashing my place of employment or the program I am in. I am just not a match/fit for the type of environment and culture.
This thread has been extremely eye-opening, in a good way. There’s a lot perspectives I did not take into account. I have been second guessing myself a lot and my confidence took a dive since this has been an on-going situation that just progressively got worst. However, things are starting to make a lot more sense. I greatly appreciate the advise.
This is not set in stone about particular order. Except I am getting my CCNA first. I have received a lot different suggestions, so I still trying to figure out which is worth it. I hear a conflicting information depending on who I ask, since everyone got into infosec took their own path.
Once I am in a better mental space, I am going to re-register in school to complete my BS in computer science.
I am currently in the process of “planning” out the best way to set up a home lab. So I can play around and learn.
I would just add that I think it’s vital to get enough sleep, no matter your schedule. I know a lot of people will contest this, saying that they can get by on 5-6 hrs a night, but as far as I (and science is on my side here) am concerned, it’s a ticking time-bomb.
From my personal experience of burning the candle at both ends, in any context, the one thing I simply cannot sacrifice, is adequate sleep(ideally 8 hrs min), without cold hard consequences in terms of performance and mood. Lost sleep is never found. Judging by your work hours, you probably don’t get much time between getting home and, well, having to get up for work again. That doesn’t leave much time for research etc. (and relaxation). But skimping on sleep will burn you out faster than anything, it’s just not worth it. According to a book I’ve been reading(Fantastic book, “Why We Sleep”, by Matthew Walker, PhD), as a general rule, if you’re finding yourself sleepy in the mid-morning hours, you’re basically sleep deprived. Hope everything works out well for you, whatever you’re next step is. (p.s. check out the joe rogan podcast with Matthew Walker(the sleep guy) if you’re interested, it’s really informative, and a bit scary)
pry0cc
(Leader & Offsec Engineer & Forum Daddy)
15
I think you’ve answered it yourself.
Make a plan, wait a few years, put all your energy into finding a new job. You’ll find a new gig. Its way easier to get a job when you already have a job.
Me too. It can be quite frustrating, seems like something so fundamental should come easier.
I recently dropped coffee during the day, and that just helped me get to sleep enormously. That and making sure all my devices have blue light blocking filters has made a huge difference. I even wear blue light blocking glasses at night now while looking at a screen.
Yeah, I agree. I limit myself to one cup of coffee in the morning. I don’t drink anything else with caffeine during the day. During the week, I shut off everything. All my devices have Nighttime mode enabled. I have tried basically everything at this point, including sleep medication but they have side effects.
Don’t forget that nothing in your life is more important than you. Your life goals can wait or change if you’re not happy. I advise not to be over-attached to your occupation. I made the mistake of not separating my identity from what I do. I made the mistake of defining myself through my occupation. I had mistaken this behavior with having a passion to something. ITS NOT. I suffered a lot because of this.
Don’t buy the toxic narratives of business world. Don’t believe them when they say “if you’re not working on something 36 hrs a day and you don’t see it in your dreams, you don’t love it and you don’t deserve to do it.” You can love something while doing it only 9-5. Your happiness is what is important and nothing else.
You have to find something to do that will bring you pleasure, but will not take too long. Try meditation or running in the morning, they may help you get rid of unnecessary thoughts in your head and make your mind clearer.
)
: While dealing with high bandwidth and memory usage incidents what kind of security considerations do you make ? , ex: attributing high bandwidth usage to botnet activity , high memory usage to cryptominers.
: Not everybody gets to work with these so i assume you at a large firm or a ISP , you must have heard of BGP Hijacks , how could you secure your edge devices against such attacks ? , now put on your black hoodie think how you could use your network to perform MITM attacks against other AS’s .
, well what i am trying to tell you here is that security is everywhere , you just need to look for it and take it into consideration , most security professionals come from sysadmin , networking or software-dev background , so you certainly are on the right path , stop thinking of your networking job as a “networking job” , assume responsibility of security this’ll help you learn a lot .