Balancing Burnout and Breaches: Sterling Wilson on The New Face of Cybersecurity Leadership

With many IT and security professionals reporting high stress levels and some fearing personal blame for security incidents, the human toll of cybersecurity is becoming as critical as the technical one. At the same time, cyberattacks are rapidly shifting toward smaller companies, remote offices, and edge environments—targets that often lack the resources and infrastructure of large enterprises.

Add to this is the disruptive potential of AI in cybersecurity, which is transforming both the nature of threats and the tools used to combat them. Hence, it’s clear that leaders need fresh thinking to stay ahead.

In this exclusive interview, Sterling Wilson, Field CTO at Object First, shares how leaders can strike the right balance between innovation and resilience. He discusses the importance of using AI wisely, enhancing ransomware protection across various systems, and helping security teams manage stress more effectively.

The human side of cyber defense

As a leader, how do you see the growing issue of stress and burnout among cybersecurity teams? What impact do you believe it has on overall enterprise resilience?

Wilson: In a recent survey of 500 IT and security professionals (entry to executive level), 84% reported feeling uncomfortably stressed at work, and 58% said that stress negatively impacts their job performance.

Furthermore, 59% have considered or actively begun looking for new jobs, leading to a cybersecurity brain drain that can cost companies substantially in terms of loss of institutional knowledge and resources spent on hiring and training new talent.

Hindered job performance, burned-out employees, and high turnover are all key factors that can make an organization’s cyber infrastructure more vulnerable to cyberattacks and breaches.

How is your organization addressing the mental load and emotional strain this job often entails?

Wilson: Object First is addressing the mental load and emotional strain of the job by reducing complexity and increasing trust.

When asked what would help ease the mental strain caused by the pressures of their roles, IT and security professionals pointed to faster, higher-performing backup solutions that minimize downtime.

They also emphasized the importance of using technology that has been independently tested by credible third parties—tools that inspire greater confidence and strengthen overall cyber resilience.

Object First offers a data storage backup appliance called Ootbi (Out-of-the-box-Immutability) that provides Absolute Immutability. In other words, no one, not even the most privileged administrator or a fully compromised attacker, can modify or delete backup data.

This ensures resiliency in the event of an attack, providing IT/security pros with peace of mind without added complexity or workload.

Internally at Object First, we support our employees by offering flexible PTO. And we have also created a culture that encourages people to disconnect and recharge.

Our CEO and senior leaders frequently post in our “culture” Slack channel about how they spend their time off, setting an example of healthy work-life balance from the top down and helping to normalize and destigmatize taking time off. We also offer health benefits that include coverage for mental wellness.

Many professionals fear personal blame after security incidents. How can leaders create a culture of shared accountability rather than fear-based responsibility?

Wilson: Leaders in the IT community need to recognize the growing mental health crisis their employees are facing.

In fact, Object First’s recent survey found that 78% fear being personally blamed for security incidents, and 47% report feeling pressure from leadership to “fix everything” in the aftermath of a security incident. To combat this growing trend, IT and security leaders should conduct mental health and support training for their managers.

This training should cover practical communication skills in the wake of various security incidents and provide clear guidelines for outlining employee expectations.

Secondly, every organization must implement a disaster recovery and ransomware response plan. This plan should clearly outline each team member’s responsibilities and roles before, during, and after an attack.

This will ensure that when an attack does strike, there will be no confusion on everyone’s part regarding how to mitigate and defend against it.

Finger-pointing and blame culture should be abolished, and a multifaceted response should be launched more effectively with less stress to mitigate downtime and data loss. 

AI in Cybersecurity

What do you have to say about the role of AI and automation in cybersecurity?

Wilson: While AI and automation help ease IT and security burnout by reducing alert fatigue and improving early threat detection, they also introduce new challenges.

These technologies demand more advanced data management, protection, and oversight to ensure security at scale. This technology generates a vast amount of critical data that requires protection against sophisticated attacks. AI-generated data that business continuity hinges on should be backed up with an absolute, immutable storage that prevents the data from being accessed or tampered with by anyone.

The double-edged sword of AI means that while it may be able to alleviate IT and security burnout, it also necessitates a robust security posture that can be achieved with ransomware-proof, immutable solutions.

The expanding cyber threat landscape

We’re seeing a rise in cyberattacks targeting small companies, remote offices, and edge environments. Why do you think these are becoming prime targets?

Wilson: With AI, cybercriminals can conduct widespread, sophisticated attacks more easily than ever before. They continuously test networks to see if they can get access, even if they do not attack immediately.

Some cybercriminals will remain dormant in a company’s network for years, until they either decide to steal/encrypt data or sell that access to another threat group.

Small companies, remote offices, and edge environments often lack the same level of highly segmented, advanced cybersecurity architecture as enterprise organizations. And their IT teams usually wear many hats, doing more with less, making them easier targets.

How can smaller organizations or distributed teams ransomware-proof their data without enterprise-scale resources or infrastructure?

Wilson: Smaller organizations and distributed teams need enterprise-grade security, simplicity, and power in a solution that does not require an enterprise-grade data center.

Enterprise infrastructure can be expensive. It requires a robust in-house team that has expertise in the demanding and complex nature of the infrastructure.

SMBs require an on-site application built on the latest Zero Trust and data security principles to help eliminate multiple attack surfaces. They should use S3 native immutable object storage, which requires no security expertise.

A physical data backup appliance with immutable storage adds another layer of protection.
Such a solution prevents anyone, even administrators, from altering the firmware, operating system, storage layer, or backup data. This approach helps SMBs strengthen and simplify their data protection.

Forward-looking insight

Looking ahead, what emerging cybersecurity threats or shifts do you see having the biggest impact on IT professionals? In what ways could these changes influence their mental resilience and day-to-day performance?

Wilson: We are seeing a growing gap between confidence and capability, where many organizations believe they’re resilient because they have backups. Still, few have truly tested recovery at scale in this new world of ransomware attacks and insider threats.

Those who believe they are resilient but cannot recover when a ransomware attack hits will feel the impact of high stress and fear of repercussions. I often see operational resilience stop at prevention and detection, instead of continuing to focus on data integrity and recoverability.

What advice would you like to give future tech leaders?

Wilson: Cybersecurity and IT in general have always been high-pressure fields, but the stakes and fatigue have never been higher. As leaders, we can’t just focus on the technology; we have to focus on the people who protect it.

As teams expand, it becomes essential to create space for recovery beyond a constant state of high alert. Likewise, it is also imperative to build a culture where people can voice concerns openly, without fear of blame.

And of course, building trust means leading by example, promoting a healthy balance, and encouraging collaboration, continuous learning, and open dialogue. 

Ultimately, resilient teams are built in the same way resilient systems are, through redundancy, simplicity, and thoughtful design. We protect data and infrastructures every day. Let’s make sure we’re protecting the people doing that work as well.

Closing thoughts

As cyber threats evolve and the digital perimeter expands, one thing remains constant – the human element is at the heart of every defense strategy.

Sterling Wilson’s insights remind us that technology alone isn’t enough. Resilient cybersecurity depends on intelligent infrastructure and a culture that values both innovation and human well-being.

For today’s tech leaders, the future of cybersecurity will be defined not just by how well they secure their systems. But by how effectively they support the minds and teams that protect them.