Is there really a cyber skills crisis, or do we just need more intelligent automation?

AUGUST 24, 2021


The cybersecurity sector faces many challenges, not least an estimated shortfall of over three million professionals globally.

What is driving this gap? Looking at online infosec communities and forums, there are certain mistakes that organisations are making time and time again. Making it a challenge when it comes to hiring and retaining cyber talent. Hiring managers lacking a full understanding of the roles they’re recruiting for. Burnout caused by alert overload and high pressure. Fatigue caused by endless manual tasks. It’s all causing people to leave the industry or never get their foot in the door in the first place.

Fewer practitioners means a gap in capability and in-house knowledge, that can in turn expose organisations to cyber-risk—or so the argument goes.

There’s no denying that there’s an overall shortage of resources in the industry. However, this doesn’t necessarily lead to less secure organisations. As long as they have the right kind of tools in place to maximise the capabilities of their existing staff and upskill new team members.

Automation in the wrong place

A recent article by Kenna Security’s Chief Data Scientist, Michael Roytman, explains the issue perfectly. “We don’t have a workforce shortage problem,” he says. “What we have is an automation-in-the-wrong-place problem.”

Roytman is talking specifically about vulnerability management. His argument is that risk-based, data-driven approaches can overcome any skills shortages that organisations may have by focusing efforts on the bugs most likely to be exploited.

Yet, as he continues, the same logic can be applied to other areas:

“The key is to find tools, datasets, and statistical methodologies that can help you separate the signal from the noise. The right tools will help you quantify risk and apply that analysis to prioritise the actions that get the most meaningful results.”

Think about it; a lot of our automation technologies focus on automating the response or reaction to individual alerts. What Roytman advocates for is using automation to tell the story of your correlated security data. This way, you’re better able to understand your security posture, and therefore strengthen your position going forward.

Filtering out the noise
This is exactly what SOC.OS sets out to achieve in the context of security operations (SecOps). Our technology has been specifically designed to analyse and correlate events into related clusters, accompanied by threat scores, timelines and detailed explanations. That means prioritised alerting for security analysts, who spend less time chasing up false positives and more time keeping their organisation safe.

Our customers manage thousands of alerts every single day: a mundane, repetitive job they would otherwise spend hours on. We recently calculated that with SOC.OS, they could reduce the time spent triaging these alerts by a factor of four—from an average of two hours to just 30 minutes.

In effect, SOC.OS acts as another member of the SecOps team, working in the background 24/7/365. With more tools like this, IT bosses can maximise the productivity of their existing teams and free-up their time to work on higher value tasks.

About the author


For more information about SOC.OS, contact