Why staffing up alone isn’t a sustainable cybersecurity solution

In most divisions of a company, the most common way to adjust to a larger workload is simple—onboard new staff. If your customer base is growing, for instance, you will likely need more agents in your call center to handle a higher volume of interactions.

For years, security operations centers (SOCs) have operated in much the same way. As organizations implemented threat detection solutions designed to notify their security teams of potential attacks, they saw a rapid rise in the number of alerts they were forced to review each day. So, in an attempt to keep pace with that growth, many of these companies continued to grow their teams by hiring additional information security professionals.

That strategy, however, gets prohibitively expensive quickly. In 2012—the most recent year for which data is available—the median pay for entry level information security analysts with less than five years’ experience was $86,170 per year, according to the U.S. Bureau of Labor. For managers, that number balloons to more than $120,000 annually. Even for large organizations, spending that kind of money on salaries—not to mention benefits packages—can make a significant dent on their bottom lines.

Another problem with relying solely on hiring to keep up with heavier workloads is that a significant talent deficit has made finding and hiring quality candidates extremely difficult. A recent report delivered to British parliament by a committee of experts estimated that by 2017 there will be a global shortage of 2 million information security jobs. Talent is scarce, meaning that the most gifted individuals are pursued heavily by the corporate giants who have the resources to lure it to them. Everybody else is simply out of luck.

Even if organizations have the capital available to commit to adding several new staffers and manage to find several superstars to hire, the truth is that with thousands of alerts to investigate—less than one-fifth of which require further action—and other administrative tasks like reporting, staffing up alone won’t be enough to keep SOCs from drowning. Put a different way, the current threat landscape demands that organizations adopt new strategies in addition to new personnel. There is simply too much work to rely on manpower alone.

Specifically, enterprises must accept the reality that manual threat response by itself is no longer sustainable or particularly effective. Security orchestration that enables automated defense, however, removes the onus of handling repetitive tasks from security staffers by imitating their actions to resolve those chores. As a result, all employees in the SOC become more productive as they are able to focus more on serious threats and sophisticated attacks. Security orchestration also provides organizations with the capability to:

  • Leverage technology integrations with existing SOC tools.
  • Rapidly gather contextual data from multiple sources.
  • Analyze threat intelligence and recommend a course of action to less experienced team members.

If your SOC is being crushed under the weight of its rapidly growing workload, automating a portion of your security operations may provide the relief your team needs. Rather than defaulting to a search for job candidates, automated incident response allows your existing staff to work more efficiently and effectively.

To learn more about how automated security operations can help you meet today’s cybersecurity challenges, check out a replay of this recent webinar.

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Cody Cornell. Read the original post at:

Avatar photo

Cody Cornell

Cody is responsible for the strategic direction of Swimlane and the development of our security orchestration, automation, and response (SOAR) platform. At Swimlane we advocate for the open exchange of security information and deep technology integration, that maximizes the value customers receive from their investments in security operations technology and people. Collaborating with industry-leading technology vendors, we work to identify opportunities to streamline and automate security activities saving customer operational costs and reducing risk.

cody-cornell has 132 posts and counting.See all posts by cody-cornell