Define "off" hours where you do not read security news or practice - Do not feel obligated to know every new CVE the day it drops - Quality of learning matters more than quantity - It is acceptable to not have an opinion on every security topic