Skip to main content

Chris Ramezan Talks Mental Health, Burnout in Cybersecurity

Chris Ramezan Talks Mental Health, Burnout in Cybersecurity

In today's society, more professionals are experiencing mental health and burnout in their careers as a result of the COVID-19 pandemic. 

According to the American Phycological Association, "American workers across the board saw heightened rates of burnout in 2021, and according to APA’s 2021 Work and Well-being Survey of 1,501 U.S. adult workers, 79 percent of employees had experienced work-related stress in the month before the survey."

And it's not only affecting those individuals in the healthcare industry. Mental health and burnout is in every field.  

Business students in class at the Chambers College

Ahead of World Mental Health Day on October 10, we talked to Chris Ramezan, assistant professor of cybersecurity in the department of management information systems, who has researched the causes of burnout for cybersecurity professionals and what businesses can do to help mitigate the risks of burnout for their cybersecurity employees.

"Our cybersecurity professionals are on the front lines trying to keep our data, our organization and our people safe from cyber crime, and that can carry a heavy mental toll, so we need to make sure that we're taking care of the mental health of our cybersecurity teams," Ramezan said.

"Now, in the cybersecurity field, occupational burnout is a significant issue for cybersecurity professionals. The cybersecurity field is a very rewarding one and it pays well, but it comes with a high level of stress and cybersecurity professionals at some point in their career experience some form of burnout," he said. 

Today, it's not necessarily a matter of if, but a matter of when your employee will experience some type of mental health or burnout at work. 

"I myself was experiencing a little bit of burnout, but I was lucky," said Ramezan. "I had a very supportive work environment and a very supportive supervisor. However, there are a lot of cybersecurity professionals out there that don't have that type of support and it makes their burnout a lot worse, and it can cause a lot of impact to people's mental health." 

So, what can businesses do to mitigate these risks? 

"First, businesses can hire more staff. A lot of cybersecurity teams are currently understaffed. We have a huge skills gap in the field and there are millions of cybersecurity jobs out there that are unfilled, and for every job that is unfilled that is more pressure on some other member of the cybersecurity team," said Ramezan. 

Second, avoid job creep. What ends up happening is cybersecurity professionals take on a lot of diverse duties and these duties tend to be outside of what the original scope of their job was. Again, that just leads to increased pressure and increased burnout," he said. 

"I always say that if you're in the technology field and you are getting to the point where you're not enjoying learning about new things or you're not enjoying solving problems, you're starting to get burnt out. And that happens a lot to cybersecurity professionals, where they start to see their job as a grind, more than a welcome challenge. 

Good cybersecurity professionals should wake up every morning and think about how to solve problems that are facing the business and how to make the business more secure. If they're to the point that they're waking up and they're not enthusiastic about their job, again, they're probably experiencing some form of burnout," said Ramezan. 

Third, make sure professionals are getting continuous training. 

"Cybersecurity is one of those fields that is ever-changing day to day. It's not a field that stays static. Cybersecurity professionals on their own time have to go and continuously learn about new technologies, new types of attacks, new strategies, new threat vectors, and new threat intelligence because their organization is going to be facing those latest threats. A lot of cybersecurity professionals do this on their own time, so what businesses can do is try to support this aspect of cybersecurity – of constantly re-skilling up and learning new technologies that should be supported by the business. 

Organizations should enroll their cybersecurity employees in continuing education programs, in training programs, or in certification programs, so not only are employees doing this during their work hours rather than their personal hours, but they also get a sense that they're valued employees and that the organization is investing time into them," he said. 

Fourth, give employees personal time off. 

"There should be enough cybersecurity staff or there should be enough overhead in place at the organization to where your cybersecurity employees should be able to take some personal time. They shouldn't be thinking about work 24/7. Everybody needs a little bit of time off, and that's very hard to do when you're a cybersecurity professional because you're constantly thinking about all of the what-if scenarios," said Ramezan. 

To learn more about our cybersecurity program, visit

If you are a student or an employee who is currently experiencing anxiety or burnout in your day-to-day work, please reach out to West Virginia University' Carruth Center to speak to a professional who can help you.  

Video produced by The John Chambers College of Business and Economics Strategic Communications Team. 

SH /09/27/22 

CONTACT: Shelby Hudnall 
Marketing Strategist
WVU John Chambers College of Business and Economics, Strategic Communications 

Chambers College