The Limiting Factor Isn't Technology. It's Leadership Under Pressure.

Executive Summary

Cybersecurity organizations are investing record amounts in AI, automation, and advanced tooling. That investment is necessary. It is also incomplete.

The technology in most security organizations is now accelerating faster than the humans operating it can adapt. The result is a widening gap between what our systems can do and what our people can sustain. Closing that gap is no longer a wellness initiative. It is becoming the central leadership challenge of this decade — and, increasingly, a competitive differentiator for the organizations that get it right.

A Pattern I Couldn't Stop Noticing

A few years ago, I started asking CISOs a simple question: what's actually limiting your team right now?

I expected to hear about budget, tooling gaps, or talent shortages. Occasionally I did. But far more often, the answer circled back to something less tangible — a sense that the team was capable, well-equipped, and still somehow running out of room. Decisions were getting slower. Communication was getting sharper-edged. Good people were leaving for reasons that didn't show up cleanly in an exit interview.

None of that showed up on a technology roadmap. All of it showed up in performance.

That pattern is the reason Green Shoe exists, and it's the thesis I want to walk through here: organizations are pouring resources into the technical side of cybersecurity while quietly underinvesting in the human side that has to run it. Technology has accelerated. Human capacity has not kept pace. And the gap between the two has become the new limiting factor.

Technology Doesn't Burn Out. People Do.

It's worth saying plainly, because it's easy to lose sight of: systems don't experience pressure. People do.

Every dashboard, every automation pipeline, every AI-assisted triage tool still depends on a human being who has to interpret it, decide what it means, and communicate that decision to other humans — often at 2 a.m., often under incomplete information, often for the fortieth time that month.

In our research into cybersecurity teams, the organizations reporting the most sophisticated technology stacks were not the ones reporting the healthiest teams. In several cases, the opposite was true. More capability had simply raised the bar for what "keeping up" required of the people behind it.

Burnout in this context isn't a soft issue. It's an operational one. A burned-out analyst misses things. A depleted incident commander makes slower calls. A leader running on empty stops asking the clarifying question that would have caught the problem earlier. The cost of human depletion shows up in the same places we measure everything else: detection time, decision quality, retention, and incident outcomes.

Leadership Is Becoming a Technical Skill

For a long time, "leadership skills" sat in a different category than "technical skills" — nice to have, harder to measure, easy to defer.

That distinction is breaking down inside cybersecurity, for a specific reason: the job now requires leading people through sustained, recurring pressure, not occasional crisis. A SOC manager today isn't managing through one incident a quarter. They're managing through continuous ambiguity, continuous alerts, and a continuously expanding scope of responsibility.

Leading well under sustained pressure is no longer a soft skill. It's an operational competency — and it's one we can actually train, measure, and improve.

That reframing matters because it changes how the skill gets developed. Soft skills get a slide in onboarding. Operational competencies get practiced, measured, and refined — the same way we'd treat any other capability the organization depends on.

AI Doesn't Remove Human Pressure. It Redistributes It.

There's a comforting assumption running through a lot of AI adoption conversations: that as systems get smarter, the load on people gets lighter.

In the environments we study, that hasn't been the pattern. AI is changing the type of pressure cybersecurity leaders face, not removing it. We're seeing increases in:

  • Context switching — leaders move across more tools, more workflows, and more decisions per hour than before

  • Decision velocity — faster signal means faster expectations for a response

  • Cognitive load — more information to evaluate, not less, even when AI pre-filters it

  • Communication complexity — more stakeholders, more translation between technical and executive audiences

  • Leadership demands — teams look to leaders for judgment precisely when the volume of decisions is highest

Technology acceleration doesn't reduce the need for strong leadership. It increases it. The faster the system moves, the more the humans steering it depend on clear judgment, steady communication, and the ability to recover quickly between high-pressure moments.

Stress Is Invisible — Until Performance Changes

One of the more uncomfortable findings from our work is how rarely teams announce that they're struggling. Burnout doesn't usually arrive with a warning label.

What organizations actually observe is performance drift:

  • Decisions that used to take minutes start taking hours

  • Communication that used to be direct becomes guarded, or sharp

  • Creative problem-solving gives way to defensive, by-the-book responses

  • Small conflicts surface more easily and resolve less cleanly

  • Engagement quietly erodes, followed eventually by turnover

  • Incident response includes mistakes that wouldn't have happened six months earlier

Leaders and HR teams often label these as capability problems — coaching issues, performance issues, sometimes culture issues. In our experience, a meaningful share of what gets diagnosed as a capability problem is actually a recovery problem. The person hasn't lost the skill. They've lost the capacity to deploy it consistently under sustained load.

That distinction changes the intervention entirely. Skills training doesn't fix a recovery deficit. Something else has to.

Measuring What We've Been Missing: H-MTTR

Cybersecurity already has a deep, disciplined relationship with measuring recovery. Mean Time to Recovery (MTTR) tells us how quickly a system returns to normal operation after a failure. We treat it as a core performance indicator because we understand, instinctively, that recovery speed determines resilience.

We rarely ask the equivalent question about the people running those systems.

That's the idea behind something we call H-MTTR — Human Mean Time to Recovery. It's a simple operational lens: how quickly does a leader, or a team, actually recover capacity after a high-pressure event — an incident, a hard quarter, a difficult stretch of decisions — before the next demand arrives?

We're not suggesting this becomes another framework to manage. We're suggesting it becomes a question worth asking, the same way we ask it about every other system we depend on. Recovery speed shapes decision quality. Decision quality shapes organizational performance. That chain doesn't break just because the system in question is human.

Leadership Friction

A related pattern shows up almost every time we dig into communication breakdowns inside security teams. The issue gets labeled as a communication problem — and sometimes it is. More often, what we're actually looking at is what we call Leadership Friction: ordinary leadership behavior that has been sharpened, shortened, or distorted by accumulated stress.

The clipped response in a stand-up. The decision made without the usual consultation. The feedback that lands harder than intended. None of these are character flaws. Most of them are stress-amplified versions of normal leadership behavior.

The goal isn't perfect communication — that's not a realistic or even useful target under real operational pressure. The goal is reducing the unnecessary friction that compounds when stress goes unaddressed, so that the leadership behavior teams experience looks more like the leader's intent and less like the leader's depletion.

Sustainable Performance Is Becoming a Competitive Advantage

Here's where this argument leads, and why I think it deserves a place in the same conversation as the technology roadmap.

The organizations that consistently outperform their peers over the next several years won't be distinguished primarily by which AI platform they chose or how mature their automation is. Most serious competitors will have access to comparable technology before long. What won't be equally available is a leadership bench that can sustain high performance under continuous pressure.

That capability doesn't show up overnight, and it doesn't show up by accident. It gets built deliberately — through research-informed understanding of what's actually happening inside security teams, through applied attention to the psychology of performance under stress, and through leaders who are given the tools to recognize and manage pressure before it becomes attrition.

This is the work we've built Green Shoe around: original research into cybersecurity burnout and performance, applied performance psychology grounded in how stress actually affects decision-making, our GROE framework (Growth, Resilience & Optimization Engine) for building this capability systematically, and CISO Resilience Councils where security leaders work through these challenges alongside peers who understand the job.

Why We Built Leading Under Pressure

This article started as research. The workshop started as a request.

Enough CISOs and security leaders asked us a version of the same question — "Okay, I believe this is real. How do we actually teach our leaders to handle it?" — that we built a direct answer: Leading Under Pressure.

It's a highly interactive, half-day experience designed specifically for cybersecurity leaders, built around the ideas in this article rather than generic leadership theory. Participants leave with practical ability to:

  • Communicate more effectively when pressure is highest

  • Recognize the early signs of stress in themselves and their teams, before burnout sets in

  • Reduce unnecessary leadership friction during high-stakes moments

  • Improve their own recovery — and model that recovery for their teams

  • Build psychologically safer, higher-performing teams

  • Lead with more confidence through sustained uncertainty

It's not a wellness session, and it isn't framed as one. It's built the way we'd build any other operational capability — with research behind it, practice built into it, and outcomes you can observe afterward in how a team actually performs.

An Invitation

We're currently accepting registrations for a limited pilot of Leading Under Pressure (downtown Chicago https://luma.com/2caua7wp) and (western suburbs in Lisle - https://luma.com/o8b2dj8j)

Attendance is intentionally capped to keep the room small enough for real interaction — so participants can work through these ideas directly with peers facing the same pressures, not just listen to them described.

If you're a cybersecurity manager, director, or CISO — or you know someone preparing for greater leadership responsibility — we'd welcome you joining us.

Learn more about Green Shoe's flagship workshop: Leading Under Pressure.

Because the future of cybersecurity won't be determined solely by the technology organizations deploy.

It will be determined by how well their people perform when the pressure is highest.

Next
Next

AI Won’t Shrink The Workload… It Will Reshape Who Carries It.