Beyond the Tech: Skilled Experts Are Still Key to Security
Beyond the Tech: Skilled Experts Are Still Key to Security
Regardless of what happens with technology evolution, your skilled experts are still the primary means by which you engage in an effective defense.
By Dr. Edward Amoroso, CEO TAG Infosphere and Research Professor, NYU
Introduction
As we continue our enterprise research and field engagement at TAG, one pattern keeps re-emerging: organizations are beginning to rely a bit too much on the future promise of automation and tooling to solve their problems today.
This is a mistake, and it can lead to underinvesting in the people who must ultimately wield those tools. We fully acknowledge the power of artificial intelligence (AI) and we are excited for its possibilities. But the immediate-term truth is simple and perhaps uncomfortable: Cybersecurity remains today a mostly human-centered discipline.
We all know that the platforms and tools we have today, many of which are becoming AI-enabled, provide an awesome hybrid arrangement, as we have written so many times in our work at TAG. But without expert operators in the SOC, the operation as it stands will not work. Instead, the path to resilience today runs directly through your people. And the best way to strengthen your people is through hands-on SOC range training.
Talent Shortages Aren’t the Only Problem
Much has been written about the shortage of trained cybersecurity professionals. But at TAG, we believe there’s a deeper problem, one that affects even fully staffed SOC teams. The issue is that many analysts are not properly trained.
Yes, they’ve taken SANS courses, watched vendor demos, or learned attack techniques on YouTube. But mist haven’t practiced reacting to the chaotic, multi-threaded incidents that define modern attacks today. This training gap can lead to two undesirable outcomes:
Over-reliance on Tools
Teams might defer to dashboards they barely understand instead of learning the threat context.
Slow Escalation
Analysts can take too long to act because they haven’t experienced similar scenarios in a low-risk setting.
SOC range training addresses both gaps. By putting analysts into realistic attack environments, these exercises teach judgment, pattern recognition, and teamwork, which are skills that no platform or product alone can provide.
Training as a Multiplier for Technology
We hope that you are investing in AI-based detection, SOC orchestration, and behavior-based anomaly tools. But TAG’s view is that every one of those platforms becomes more valuable today, and more cost-effective today, when operated by a trained team. Consider these simple training-induced multipliers:
Improved Tuning
A well-trained analyst can calibrate false positives and false negatives better, making platforms more precise.
Faster Playbook Execution
Analysts who’ve practiced incident response will execute workflows more efficiently.
Better Analyst Retention
Practicing real-world threats improves confidence, morale, and retention, all of which are important in a competitive hiring market.
That’s why Cloud Range has earned our endorsement: Their platform not only supports SOC technical development but also drives measurable operational improvements, with feedback loops that show how skills are improving over time.
A Reminder from Other Disciplines
We often remind executives of one of the simplest truths from other high-stakes industries: Simulation works. Fighter pilots, trauma surgeons, and astronauts all train through rigorous simulation. Why? Because when failure has high consequences, preparation must be realistic. Cybersecurity is no different.
And yet, too many SOC leaders still prioritize their tooling over training. At TAG, we think that’s backwards. Your stack is only as good as your team’s ability to respond, and SOC range training is how that ability is forged.
Conclusion
Security vendors will continue innovating, especially in AI, and that’s good. But we must not lose sight of the fact that skilled people remain the foundation of effective cybersecurity. The reality today is that our tools amplify human effort. SOC leaders should be looking forward, but they also must acknowledge that to deal with their problems today, they must prioritize range training as a frontline investment, not a discretionary one.
If your security plan for this year doesn’t include structured, realistic team training, then it’s incomplete. We strongly recommend a commercial platform like Cloud Range, which offers a mature, flexible, and proven approach to preparing SOC analysts for the reality they face every day – not in theory, but in practice.
About TAG
Recognized by Fast Company, TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to deliver on-demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity and artificial intelligence.
