Imagine this, as a Qualified Security Assessor, below is close resemblance of typical year scheduler for conducting assessment
- January – March Service Provider Assessment (25 days)
- April – May : Data Centre Assessment (15 days)
- May – October: Retail Supermarket Assessment (60 days)
- November – December: Service Provider Assessment (25 days)
A typical assessment average between 10 days to 100 days.
For the days that you are on the bench, these are typically compensated with 5 to 10 days short engagement such as conducting one of the below:
- PCI scoping exercise
- PCI Gap Analysis
- Define a PCI Program for a client
- SAQ assessment
- ISO 27001 Scoping / Gap Analysis or Internal Audit. .
With this busy schedule, a consultant usual end up meeting or far exceeding the utilisation target, which for most consultancy is set to either 65% or 85%, in plain english it means out of 20 working days, you end up do all the 20 days.
In the security industry or at least from my personal experience, security consultants put in a lot of hours days in and out, which in the long run benefits the company as well as personal career growth, but what we fail to take into consideration, how you manage yourself physically and emotionally, so to minimise the burnout.
In order to minimise the burnout, it is important to make sure you have the right work/life balance. Whilst this is easy said that done, you have to create your own program (dont wait for the company do to this for yourself), where you make sure you have the time to exercise and engage yourself to do something outside of the cyber world.
For myself, I have manage to create a schedule where I can do physical activities during the week e.g. running, swimming, playing basketball and cycling. I also tend to read something outside of the cyber security world, which at least put my mind at easy, and mostly important my weekends are purely reserved for my family, during which I don’t check work emails or work on any report or sale pitch preparation. The trick, is to start small with a few routines, e.g. 10 mins walk/ running during lunch time and build from there. In order to perform higher and stay sharp, remember to take care well of your body and mind, DON’T BE A SECURITY BURNOUT APPLIANCE.