GUEST POST: Six tangible ways ‘SOAR’ can help narrow the cybersecurity skills gap

By Nimmy Reichenberg

The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed.

Related: Addressing the cyber skills gap

This does not mean the creative staffing solutions do not serve their purpose. Countless organizations have taken steps such as hiring IT professionals and setting up training programs to provide them with cybersecurity skills and tapping into local universities’ graduate pools. Those stopgap efforts have provided some relief but fall well short of filing in the ranks. The greatest challenge lies in hiring experienced security professionals, and those can’t be created overnight.

With no end to the cybersecurity talent shortage in sight, organizations are increasingly turning to automation as a means of “doing more with less”. One category of solutions that is quickly getting traction is Security Orchestration, Automation and Response (SOAR).

Nowhere is the skills shortage more prevalent than inside the SOC (security operations center), where the increase in the volume of alerts requiring action far outpaces an organization’s ability to hire skilled analysts.


SOAR platforms are gaining traction to help alleviate “alert fatigue” as they increase the efficiency of existing SOC analysts, helping security teams get more work done. Below are a few ways security orchestration helps address the talent shortage:

•Orchestration of disparate tools– When you break down the work of your typical SOC analyst, a lot of time is dedicated to “swivel chair integration”, such as copying and pasting results from one tool into another or switching between screens and tools. Security orchestration does more than integrate disparate tools in a single pane of glass (which of course saves precious time), it also eliminates a lot of the specialization that is required to run each security tool independently.

•Automated playbooks– Scalable and repeatable processes for incident response and triage are vital to analyst productivity. Security orchestration lets teams automate the repetitive and manual tasks that are carried out in response to common IOCs.

•Tribal knowledge capture– What’s worse than trying to hire a new analyst? Having your most experienced analyst leave, along with the wealth of knowledge he or she has accumulated over the years. Security orchestration playbooks put the wisdom of your most experienced analysts at the hands of everyone.

•Faster analyst ramp-up – With a structured workbench for the SOC analyst, new hires can execute playbooks practically on day one, with step-by-step guidance on how to proceed with an investigation and clear escalation paths.

•Self-documentation– Nobody “loves” documenting security incidents. Security orchestration allows security analysts to spend more time investigating and less time creating documentation and generating reports with built-in collaboration and case management.

•Bottleneck identification– The best security orchestration platforms include powerful BI and reporting that let SOC managers identify bottlenecks and act to remediate them, further increasing analyst productivity.

Talented security analysts are in short supply. By following SOAR, organizations can automate many repetitive tasks that are well-suited to be handled by leading-edge SOAR systems. This can free up overwhelmed security teams, reduce response times and improve analyst morale to reduce turnover. The cyber skills shortage means your analysts have options too.

About the essayist: Nimmy Reichenberg, CMO at Siemplify, a Manhattan-based supplier of Security Orchestration, Automation and Response (SOAR) solutions.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone