The Defenders’ Dilemma – the need to be heard

October 26, 2023
Mark Wojtasiak
VP of Product Research and Strategy
The Defenders’ Dilemma – the need to be heard

In my last post, we talked about the importance of security testing as one of the best ways to improve defenders’ skills and expertise and build confidence that ongoing security investments continue to provide ROI. This made me wonder – how much time do defenders spend on building their skills and expertise? Naturally, we turned to LinkedIn polls. What we found is there's plenty of room for improvement.  

  • Nearly 1 in 5 (19%) spend no time on developing their skills
  • 38% spend less than an hour per day
  • 43% spend more than an hour per day

I’m encouraged by nearly half of the defenders that spend at least an hour per day upleveling their skills and expertise. Assuming they build their skills during what can be a hectic workday deserves kudos – especially to the SOC leaders that encourage and make space for them to do so. You’re doing it right.

For the defenders that spend less than an hour a day, or no time developing their skills, the question is why? I doubt it’s because they don’t see the need. From what I hear from the defenders I speak to; they are always looking to enhance their knowledge and skills. They lean heavily on their peer networks, on-going education and certification programs, and even vendors to hone their craft and they are quite generous in sharing their newfound insights with fellow defenders. Lack of desire is not the reason.  

The only reason I can think of is time, or lack thereof. Earlier in this blog series on the Defenders’ Dilemma, we talked about the spiral of more defenders are up against.

  • More attack surface, more exposure
  • More visibility gaps, blind spots
  • More alerts, more false positives
  • More emerging, advanced hybrid attackers
  • More unknown hybrid attacks
  • More workload, stress, anxiety, burnout

When defenders’ day-to-day is rooted in more, how can one possibly set aside time for growth and development? Many of us can empathize no matter what our profession is, but if there is one profession where skills development is a must – it's cybersecurity. We cannot afford to have our defenders fall behind our adversaries. The ramifications are too great, so what is the solution? How do we create personal development time for the 57% of defenders who don’t have it?  

Defenders need to be heard  

In our State of Threat Detection: The Defenders’ Dilemma report, we found More than half (55%) of analysts claim they’re so busy, they feel like they’re doing the work of multiple people. They complain of spending too much time sifting through poor quality alerts (39%), working long hours, and feeling “mind-numbingly” bored in the role (32%). More than one-third of respondents also cite constant workplace stress (35%), burnout (34%), and the role’s impact on their mental health (32%).  Let’s pause and think about this.  When your job entails:

  • Doing the work of multiple people
  • Being ill-equipped with the right tools
  • Working long hours
  • Feeling “mind-numbingly” bored
  • Being stressed, burnt out
  • Threatening your well-being

No wonder over half (52%) of the defenders we surveyed believe that working in the security sector is not a viable long-term career option.  Is it a coincidence that 57% of defenders don’t have the time to focus on their personal development and growth and 52% believe working in the security sector is not a viable long-term career option? It might be, but regardless, something’s gotta give.  

What’s the solution?

There is no magic bullet for this, but there is one place to start.  We can start by talking to defenders, giving them a platform, and a voice into decisions made – especially when it comes to technology.  We can start holding vendors accountable for the “work” they create versus the box that they check. Instead of evaluating technology based on specs, features, and fancy dashboards, evaluate it based on the amount of work it creates – and stop buying tech that feeds the spiral of more. Maybe then we will create the time that more than half of the defenders need to do what they signed up to do, develop and grow their skills, and build a viable long-term career in cybersecurity.

FAQs