There are multiple reasons for the relatively rapid burnout of Chief Information Security Officers (CISO).
They include a combination of pressure and the unrealistic expectation that the CISO should not just lower the risk of major breaches, but prevent them altogether.
The modern CISO is also expected to have skills that go well beyond being a technology geek - to understand and "speak the language of business," and be a strategic participant in business decisions.
[ ALSO ON CSO: Top 10 ways to retain IT security talent ]
"The new CISO is more the CIRO (chief information risk officer) tasked with managing risk to data and technology," said Dawn-Marie Hutchinson, executive director in the Office of the CISO at Optiv.
"Five years ago, the role was buried many layers down in the organization, if it existed at all," she said. "Today, the CISO is a business leader."
Diedre Diamond, founder and CEO of CyberSN, speaking at the recent SOURCE Boston conference, offered three other reasons: Lack of understanding of the role, lack of advancement potential and unhappiness with leadership or company culture.
To all of that, add to the list what some are calling "vendor overload" - more than a thousand companies pitching security tools and solutions. That is far too many for any CISO to evaluate properly and still do the rest of the job.
There are still some compelling factors that make the CISO title attractive.
The money is good - the median salary according to some surveys is around $194,000, but it can top $270,000.
Unemployment in the field hovers around zero, since the demand for talent has overwhelmed the supply.