The Cybersecurity Headcount Problem: Where is Everyone?

Abstract: SOC analysts are the key to the success of an organization's security protocols. A hybrid model is required to ensure that valuable data is protected from cyberattacks. Between the flood of alerts, burnout, a knowledge gap, and talent shortage outpacing demand, CISOs need to find solutions to ensure the safety of their SOC.

Artificial Intelligence is a technology that many believe will change the world, regardless of the business vertical. Code and software that can replicate and surpass our human intelligence, to solve problems seem too good to be true, and to some degree, it is. While relying on AI and, by extension, automation, there are efficiencies to be found, if you’re looking for a long-term, viable solution for a robust and future proofed cybersecurity solution, there’s one key element that a SOC can’t overlook; human analysts.

Except, there’s a catch. There’s a headcount problem in IT that’s growing. 

The State of Cybersecurity

According to a report by Deloitte, the future of the SOC is at a crossroads. The intent of every IT cybersecurity department, and the cybersecurity industry at large, is to find a solution that can improve the security process - making it more effective, scalable, and automated. The rub is that, to date, the most common processes are subject to a common set of problems; fatigue from high rates of false positives, too much data, and too many alerts. 

What complicates matters is that the landscape is constantly in flux and new technologies lead to new challenges, which means analysts frequently need to learn new tools. It’s all too common to see problems evolve beyond the technology built to address them soon after those solutions have been deployed at scale.

With AI-Assisted Cybersecurity technology, SOCs are seeking ways to fortify their environment to maintain security. But relying on AI alone isn’t the best solution; a hybrid model is.

Where is Everyone? 

The cybersecurity industry currently faces two core issues: they don’t have enough analysts working, and there aren’t enough in the recruitment/education pipeline. Then, the ones they do have may face a skills and knowledge gap. The latter will be discussed in an upcoming blog, but the issue of limited physical bodies in the SOC is alarming. Especially in an age of IT expansion, digital commerce, mobility, remote work, cloud computing, and the emerging meta-verse of digital identities. There are just too many attack surfaces and incentives for cybercrime, and there aren’t enough skilled cybersecurity professionals available to upskill, train, or hire.

The results of a staff shortage aren’t pretty. The participants in a recent workforce survey by (ICS)2 highlighted some dire consequences, including:

  • Misconfigured systems (32% of respondents)
  • Not enough time for proper risk management as assessment (30%)
  • Slow to patch critical systems (29%)
  • Oversights in process and procedure (28%
  • Inability to remain aware of all the active threats against the network (27%)
  • Rushed deployments (27%)

None of these consequences are easy to digest.

Why Analysts are Leaving

There’s no shortage of reasons why a cybersecurity professional would walk away from their position. Between suffering from alert fatigue and burnout, repetitive and mundane tasks, and increased pressure and workloads due to a reduced workforce, among other considerations, it’s just too much. And there is no easy fix.

According to (ISC)2's report, there is a 2.7 million talent deficit that needs to be addressed in the cybersecurity workforce globally. While it has improved over the past few years, the number of talented professionals in the workforce still needs to grow by 65% to fill these roles and successfully defend any given organization's critical information. This proves to be a daunting number when the average seasoned SOC analyst spends only 30 months in their role before moving on. 

Compounding this is the cycle where an increased workload for the existing staff leads to more churn and a lot more risk for CISOs and their SOCs. As many as 60% of CISOs admit that they’re gravely concerned about the labor shortage.

The Trouble With Hiring

Deloitte and Google have provided data to prove what those in the cybersecurity business already know - there is a talent shortfall. This could be due to education or skills, or that there aren’t enough skilled or interested workers in that geographic region. For some, even a generous salary isn’t enough to recruit professionals to the workforce. 

On the other end of the spectrum, key industries such as finance, for example, offer higher salaries for cybersecurity professionals due to regulatory activity, high expectations, and the sheer volume of threats. This leaves a limited pool of talent leftover for nonfinancial critical infrastructure sectors and organizations that simply can’t match those offers. 

If an organization is actually able to hire new analysts, there is a new challenge that they face. According to a SOC survey conducted by SANS and cited by Deloitte, the training and onboarding period for a Level 1 analyst lasts nearly a year. But, the average tenure of an analyst, at any grade, is only around two years. This low return on investment, added to a rising cost per incident, leaves SOCs at a loss for staffing their operations centers. 

Given the reality of ensuring the SOC has enough people to staff it, the problem seems insurmountable. It’s no wonder that there’s been a rise in cybersecurity vendors offering specialized security tools, such as AI-Assisted Cybersecurity. 

How AI-Assisted Cybersecurity Can Help

As mentioned earlier, technology and AI are only part of the solution. While the modern SOC needs a solid procedural foundation and an AI capable of deep learning, it also needs human innovation and human intervention, according to MIT’s Computer Science and Artificial Intelligence Lab. 

When it comes to cybersecurity, AI is a force multiplier and the force that its channeling is human ingenuity. An AI-Assisted Cybersecurity platform, such as Arcanna.ai, can do the work of a large number of the cybersecurity workforce and streamline time-consuming and mundane processes, thus freeing up more of an analyst’s capacity to deal with threats. This hybrid approach relies on integrating the SOC's cybersecurity expert knowledge and historical data with AI models, enabling analysts to validate the AI-generated results. 

Relying on a tool that can aggregate and retain knowledge and experience within the model serves to benefit not only the existing team but also future analysts. It also helps with staff turnover, promotions, and role changes to retain operational knowledge in-house and close to the SOC. AI-Assisted Cybersecurity solutions paired with human validation from your SOC team make the team - and the machine - more capable and efficient.

Contact us to learn how Arcanna, ai can help train, retain, and fortify the SOC’s talent pool.