When Your Cybersecurity or Privacy Career Breaks Your Heart

In a recent Harvard Business Review article titled "When Your Job Breaks Your Heart" (February 14, 2025), Gretchen Gavett explores the concept of "professional heartbreak" -- those profound moments when we lose something deeply meaningful in our careers. As Gavett discusses with Morra Aarons-Mele, author and host of The Anxious Achiever podcast, professional heartbreak goes beyond everyday work disappointments to encompass experiences that feel "as personally wounding as grief or heartbreak in your personal life." It might involve the death of a dream, the betrayal of trust, or a fundamental clash between personal and organizational values.

Reading this article resonated deeply with my experiences in cybersecurity and privacy. Our field presents a unique landscape for professional heartbreak because we don't just do our jobs – we often see ourselves as guardians, protectors, and advocates. Let me share what this looks like in our world and how we might navigate these challenges.

The Unique Heartbreak of Security and Privacy Work

Those of us in cybersecurity and privacy often enter this field with a profound sense of mission. We're not just configuring firewalls or writing policies -- we're protecting people's data, digital lives, and sometimes physical safety. We stand as the last line of defense between organizations and threat actors, between respectful data practices and privacy violations.

This deep identification with our work makes us particularly vulnerable to professional heartbreak when values misalignment becomes unmistakable. I've sat in meetings where executives have referred to privacy requirements as "obstacles to overcome" rather than core principles to uphold. I've watched speed-to-market outrank security concerns. These moments aren't just frustrating; they often cut to the core of our professional identity.

When an organization treats security as a checkbox exercise while you've dedicated your career to building genuine resilience, it feels like a fundamental betrayal of your life's work. I’ve been there. It's beyond disappointment -- it’s heartbreak.

The Impossible Expectations Game

Many of us have experienced the "miracle worker" syndrome, where we're expected to guarantee perfect security with inadequate resources, abbreviated timelines, and limited authority. We're asked to protect systems we weren't consulted on during development. We're expected to prevent all breaches in environments we warned were vulnerable.

When the inevitable happens, we're often treated as scapegoats rather than the forecasters we are. This cycle of being set up to fail, then blamed for the failure, creates a particularly painful form of professional heartbreak.

The Cleanup Crew Syndrome

How many times have we been brought in after decisions were made, systems were deployed, or data was collected -- only to be asked to "make it secure" or "make it privacy-compliant" retroactively? Being treated as the cleanup crew for business mistakes means constantly fighting uphill battles that could have been avoided.

This pattern reflects a fundamental lack of respect for our expertise, leaving us feeling like we're perpetually trying to put toothpaste back in the tube rather than building secure, privacy-respecting systems from the ground up.

Navigating Professional Heartbreak in Security and Privacy

Drawing from my experiences and the wisdom in Gavett's article, here are some approaches that have helped me navigate these heartbreaks:

1. Separate Your Mission from Your Employer

One of the most important lessons I learned is that my commitment to security and privacy isn't tied to any specific organization. The mission travels with me, even when I have to leave an employer whose values no longer align with mine. 

I’m proud of the security and privacy work we did while I was at Uber, but I didn’t believe for a second that these were company values upheld by senior management. We accomplished as much as we did across our teams because we learned how to attach our priorities to existing business goals.

Today, I serve my profession's principles first (listed on my website), not any company's short-term interests. This perspective helps me maintain professional integrity even when an organization makes choices that contradict my values.

2. Build Your Community Outside Your Organization

The security and privacy community has been my lifeline during professional heartbreaks. Conferences, local meetups, online forums, and PC small group chats -- these spaces allow me to reconnect with others who share my values and remind me that I’m not alone in these struggles. 

One professional in Gavett's article discovered after a devastating layoff that finding a new community through education and professional networks provided a path forward: "The journey hasn't just been about education; it's been about rediscovering my value and purpose.”

For 10 years, the friends I made leading the press department at DEF CON were a lifeline outside my corporate jobs. Since then, I’ve found more community with other groups, including Minorities in Cybersecurity, Weak Ties/Strong Bonds, Minorities in Shark Science, Women in AI Governance, and my local diving and pilates groups. 

3. Set Clear Boundaries

I've learned -- sometimes the hard way -- that setting boundaries is essential in our field. This means clearly communicating the resources and authority needed to do the job properly, documenting risk decisions that are made against your recommendations, and being willing to walk away from situations where you're being set up to fail. 

When giving guidance or recommendations, clarify if and where dependencies exist with other teams or individuals. Sometimes, we can’t achieve our objectives alone, so we need to set those expectations upfront and not until something goes wrong or falls behind schedule.

While this won't prevent all heartbreak, it provides some protection for both your professional reputation and your personal well-being. 

4. Redefine Success

In security and privacy, we can't measure success by whether we've prevented every possible incident. Perfect security doesn't exist. Instead, I've found it helpful to focus on whether I've provided clear information about risks, built more resilient programs than were there before, and helped the organization make more informed decisions.

Now, I measure success by my personal growth, not only my professional accomplishments. I actively pursue personal interests to diversify where I put my attention, energy, and passion. A single organization can’t buy 100% of my life.  

I've found immense satisfaction in co-managing a local scuba diving company in Mexico. This endeavor allowed me to explore my passion for diving and enriched my personal development. Embracing such passions reminds me that success is more about living a life aligned with my values and aspirations, not some corporate ladder.

The Path Forward

Professional heartbreak in security and privacy work is perhaps inevitable, given how deeply we care about our mission. The clash between our ideals and organizational realities creates fertile ground for these painful experiences. But as Gavett's article reminds us, "This too shall pass, and one day you might even credit it as a learning experience."

While I continue to experience disappointments and occasional heartbreaks in my security and privacy career, maintaining my core principles, connecting with like-minded professionals, and remembering that any single organization doesn't determine my value have helped me build resilience.

Our work matters even if it’s not appreciated in the moment. And sometimes, the professional heartbreak of leaving an organization that doesn't value security or privacy properly becomes the catalyst that leads us to places where we can make an even greater impact.