Part Two: Are you serving others your energy on a silver platter?

Cybersecurity’s blindspot: the risk you don’t see until it’s too late

I’ve worked in cybersecurity for almost 15 years. I remember returning to work after my second son was born and being introduced to the world of cyber by a colleague, William Beer. PwC had just started building a cybersecurity service and William told me: ‘Marilise, we need someone with your skills and experience to help us solve what is ultimately a people problem.’

By then I had made a name for myself as a people and change expert, working on large-scale finance transformations and designing leadership development programmes and delivering culture change. At that point I pivoted into the world of cyber and developed PwC’s first ‘Confidence in your People’ proposition. I was seconded to a client for six months to do a research project on how organisations should move away from promoting ‘tick-box’ compliance towards embedding secure mindsets and habits in their cultures. The MD was so impressed with my work ethic and output that he called me back to run the research team and I eventually left PwC to join them. This opportunity also led to my burnout, my exit from corporate in 2017, and the start of ROAR! Coaching & Consulting.

I nearly quit cybersecurity 

At the time I seriously considered walking away from the industry. 

The environment was toxic in a way I had not experienced before, mainly due to the MD, and the energy dynamic was exhausting. I even had a team member (male) tell me: ‘Marilise, you’ll never be taken seriously, because you are not technical enough.’ And the worst part? I believed him. I took that comment and turned it into a story that ran on repeat: 'I am not technical enough. I do not belong here.' That story followed me around for years, quietly draining my confidence, my energy and my sense of belonging in a field I genuinely loved.

Imposter syndrome quietly sucks the life out of you.

The cybersecurity industry has a burnout problem and the data is proof.

Nearly half of cybersecurity professionals report exhaustion and overwhelm (ISC2, 2025). According to Proofpoint’s 2025 Voice of the CISO Report, 63% of CISOs say they have experienced or witnessed burnout within the past year. But ask most of them what is really draining them, and the answer is rarely the threat landscape alone.

Why talented cybersecurity professionals are burning out

Cybersecurity professionals are the closest thing the corporate world has to first responders. The work happens under urgency, pressure and consequence. The threat landscape never sleeps. The alerts are constant, the stakes are existential and one momentary lapse can cost an organisation dearly.

But here is the critical difference. First responder environments, emergency services, healthcare, the military, have built-in protocols for recovery, decompression and human monitoring. There are structured handovers, mandatory rest periods, psychological debriefs after critical incidents. The human cost of the work is acknowledged and managed.

For most cybersecurity teams, those structures simply do not exist. 

The pressure is always on

The expectation of always-on availability, the absence of recovery structures and the pressure of permanent vigilance create the conditions for chronic depletion.

Three dynamics make this particularly acute: the always-on pressure, the hierarchy, and the blame culture. Each one drains energy.

When the tank is running low, every interaction carries more weight. A difficult conversation with a colleague, negative feedback from a manager, a team dynamic that feels off – all of these land differently when there is no space to recover. Under that kind of pressure, your wellbeing and relationships pay the price. Have a look at Part One https://www.marilise-de-villiers.com/blog/part-one-are-you-serving-others-your-energy-on-a-silver-platter? for a more in-depth exploration of how chronic stress affects your mind, body and energy.

There is a technical hierarchy 

Then there is the hierarchy. In cybersecurity, technical roles tend to carry the most seniority and status. Governance, risk and compliance, training and awareness, people and culture, the human side, are too often treated as supporting acts rather than core functions. For those of us working in those spaces, that perception has a cost. It creates a relational dynamic that is quietly devastating. The message, sometimes explicit, often unspoken, is that your contribution is secondary.

The ‘I am not good enough’ conversation is amplified by a culture that constantly signals who belongs and who does not. In Part One https://www.marilise-de-villiers.com/blog/part-one-are-you-serving-others-your-energy-on-a-silver-platter?, I introduced the shadow sides of the four Jungian archetypes. Those patterns show up with great intensity in high-pressure environments. Familiarise yourself with how they show up and you will start to spot ego-led behaviours (your own and those of others) more easily.

There tends to be a blame culture

When one mistake can cost the organisation everything, blame travels fast. Cybersecurity teams often operate in environments where admitting an error, raising a concern or asking for help feels career-limiting. That silence carries real wellbeing and security risks, and the responsibility for breaking the silence starts with leaders creating psychological safety. More on that shortly.

How you can protect your energy

In Part One https://www.marilise-de-villiers.com/blog/part-one-are-you-serving-others-your-energy-on-a-silver-platter?, I introduced the ROAR! Blueprint. Everything in Part One applies here. Four things deserve particular emphasis:

• Reconnect with why the work matters. When you lose connection to your purpose, the work becomes purely reactive. Alert after alert, incident after incident, with no sense of the bigger picture. Reconnecting with why you chose this field takes courage. And it is what keeps you going when the pressure is relentless.
• Stand guard at the door of your mind. The inner conversation is always loud under pressure. In cybersecurity, where the pressure is always on, it can become deafening. Recognise and reframe the old stories, the limiting beliefs and the lies you have been telling yourself. Technical or not, you are more than enough. Your contribution matters.
• Take your daily M.E.D.S. The practice is non-negotiable. The Rest, Release and Recharge guide is a practical starting point for building that daily practice. Download it here https://www.marilise-de-villiers.com/opt-in-to-get-your-copy-of-the-rest-release-recharge-guide
• Have the courageous conversation. In cybersecurity, where every interaction can feel high-stakes, protecting your energy means learning to face difficult conversations with yourself and others. 

ROAR in action

Recognise the impact of the other person’s behaviour on you, especially in highly tense situations. 

• It is important to know that their behaviour says everything about them and nothing about you. What they say and do is a reflection of how they feel deep inside. They may or may not be aware, but that’s not your problem to solve. Don’t put their monkeys on your back. 
• Enter the conversation with the right mindset. Move from a battle of messages to a learning conversation. Remember the three mindset prompts from Part One https://www.marilise-de-villiers.com/blog/part-one-are-you-serving-others-your-energy-on-a-silver-platter?

Observe: Stay present. Stay cool, calm and collected. Breathe.

Assert: Confidently respond stating the facts or asking a question: ‘Please help me understand’ or ‘How is this helping us move forward?’

Redirect: Move the conversation towards a win-win outcome for all parties.

Calling leaders to prioritise wellbeing and create psychological safety

Google's Project Aristotle, which analysed over 250 attributes across 180 teams, found that the single strongest factor behind high-performing teams was psychological safety: the sense of security that allows people to express ideas, admit mistakes and ask questions without fear.

Psychological safety is the foundation of a speak-up culture. A speak-up culture protects an organisation against cyber criminals. It is this simple: We cannot protect the mission if we are not paying attention to the people carrying it.

If you lead people in cybersecurity, creating psychological safety should be your top priority. The culture you model is the culture you create. A team that does not feel safe to speak up, admit mistakes or ask for help is a team that is quietly accumulating risk, one unspoken concern at a time. Know your people well enough to notice the slightest change in behaviour:

• A colleague suddenly withdrawing
• Not speaking up in meetings they previously contributed to
• No longer showing up with their usual energy

Catching those nuances requires presence and a personal approach to leadership. It requires doing your own inner work first. You cannot give what you do not have. Prioritising your wellbeing and that of your team, is what stands between your organisation and its next incident. 

The moment you catch your ego and choose to be curious, not furious, you reclaim your power. That single shift, from reacting emotionally to responding mindfully, is ROAR in action. And in cybersecurity, this could be the make-or-break moment between a near miss and a catastrophic incident.