One Monday morning in the fall of 2017, in the pre-dawn hours of another alcohol-fueled business trip night out, Thom Langford hit rock bottom. The CISO had been passively spiraling for a while, but finding himself on the roof of a building in Rome, distraught and suicidal, he had reached his mental max. Langford was eventually talked down and spent the next month away from work and in the care of family and mental health professionals.
As he tells it now, alive and well, the build-up of his breakdown was barely noticeable to those around him.
Catalyzed by the pressure of growing a security team at a global company that was “as politically charged as it was not interested in security,” he essayed that the seeds had been long planted for his eventual “drowning.”
“The cost … was an intense environment where my main role was PowerPoint and politics, and constant air support for the team,” he wrote last year in a candid and heartfelt post. “Combine a tough travel schedule and the global, always-on element, I never truly switched off. That said, one of my mottos was ‘Work Hard, Play Hard’ so evenings with teams, internal clients and their customers in different countries were long, hilarious and helped us bond even closer to perform even better. Frankly it was exhausting and my sleep suffered. So I did what every self-respecting professional does, and started to self medicate with alcohol.”
Langford’s story was arguably one of the most important things to come out of cybersecurity in 2019, as it cast a real (and well-known throughout infosec circles) person’s arc at the center of a boiling issue within the industry. The crisis of mental health is growing everywhere, and its tentacles are hardly limited to infosec. But this sector is notably unique in its susceptibility to the dangers of burnout – the most common manifestation of a prolonged period of workplace stress.