Michael Fanning, CISO at Splunk, shares insights on cybersecurity challenges highlighted in the Splunk State of Security report. Key issues include analyst burnout and alert fatigue, which persist over time. Fanning discusses how AI can improve efficiency and support analysts, emphasizing the need for better prioritization and event correlation in security operations to enhance effectiveness and create a healthier work environment.

Fanning notes that more than half of SOC analysts report burnout and many are eyeing careers outside cybersecurity. The problem isn’t nonstop breaches; it’s the torrent of false positives that force analysts to chase ghosts across a bloated stack of 20-plus security tools.

His remedy starts with “detection as code.” By engineering detections the way developers write software—complete with peer review, version control, and metrics—teams can measure true- vs. false-positive rates and prune noisy rules. Event correlation is the second lever: knitting related events into a single, richer alert shrinks the queue and keeps focus on genuine threats.

AI shows up as a helpful coworker, not a pink-slip machine. Splunk’s own experiments include an assistant that drafts SPL queries and another that turns raw case notes into an executive incident summary. Analysts still sign off on the output, but they’re spared the blank-page grind, freeing time for deeper investigations.

What surprised Fanning most? The industry’s pain points haven’t changed in 10 years: alert fatigue, tool sprawl, and a pressure-cooker culture that treats silence as proof the team simply “did its job.” Until organizations invest in higher-quality detections and rationalize overlapping tools, he warns, SOC burnout will remain security’s most stubborn—and predictable—risk.