Invest in Platforms, but Don’t Forget Your People
Invest in Platforms, but Don’t Forget Your People
Just as organizations invest in and optimize their security technology, they also have to continue investing in and optimizing their people.
By Dr. Edward Amoroso, CEO TAG Infosphere and Research Professor, NYU
Introduction
Ask any CISO or security leader today about their investments in cybersecurity, and you’ll likely get a rundown of the latest tools they’ve added: Endpoint Detection and Response (XDR), Next-Generation Firewalls, or perhaps some brand-new AI security guard rail. These are necessary, for sure, but there’s a misconception that far too many organizations still make – namely, that technology alone can mitigate major cyber threats.
The uncomfortable truth is that even the best security stack is only as good as the people who operate it. And it is our belief at TAG that unless organizations make sufficient investments in the continuous training and development of their expert security teams, particularly through real-world simulation exercises, their cyber technology investments will fail to reach their full protective potential. Let’s dig into this deeper.
The Rationale Behind People-First Investment
We can start with a positive trend: Today’s boards and senior leadership teams (SLTs) are clearly beginning to understand the business value of investing in security. But with that attention has come a new financial reality: These executives, despite understanding the growing threat from adversaries such as nation states, are beginning to review investment levels to determine the optimal spend.
One observation of note is that leadership of the many different companies that TAG covers in its research and advisory work, has begun to demand rationalization of cybersecurity budgets. This means that every dollar spent on security must map clearly to some measurable reduction in risk. That’s precisely why investment in human performance can no longer be considered a luxury, but rather a budgetary necessity.
Practitioners already understand this requirement intuitively. They can tell you from experience that no matter how interesting the tool, it still takes skill and judgment to use it effectively under pressure. A new SIEM won’t magically detect an advanced persistent threat unless the analysts monitoring it know what anomalies to look for, how to pivot across datasets, and how to escalate appropriately – even in the presence of AI-assisting co-pilots.
Why Live-Fire Simulations Close the Gap
This is where the use of live-fire cyber range exercises come in, and we strongly recommend the solution offered by Cloud Range. World-class simulation platforms will immerse SOC teams in authentic, high-pressure attack scenarios designed to test and strengthen their ability to perform the following vital tasks in their day-to-day work (and this includes both virtual and non-virtual security support). Here are some specific benefits:
Telemetry Interpretation – Training helps SOC team learn to better interpret the telemetry that comes from their disparate security tools.
Collaborative Work – The need for SOC teams to work collaboratively across shifts and functional silos is reinforced during simulations and exercises.
Decision-Making – Good training will help SOC teams make rapid decisions, even in the presence of imperfect information.
Dynamic Adapting – Training guides SOC teams to follow their incident response playbooks while adapting dynamically to evolving threats.
Live-fire SOC range training like this builds operational muscle memory that simply cannot be replicated through passive learning methods or product demos. It ensures that people understand not just what the tools do, but how to wield them when it matters most. And we are confident that when this level of maturity is reached, the benefits extend across all aspects of the security program.
Budget Optimization Through Readiness
Yes – we understand that training, regardless of whether it is for employees, experts, or teams, does cost money. But from a budget optimization standpoint, the logic is crystal clear – namely, that significant value comes from the investment. Here are some commonly cited qualitative and quantitative returns on SOC range training that we hear from our enterprise customers at TAG frequently:
Reduce Tool Wastage: Well-trained teams ensure that expensive security platforms are fully utilized and properly tuned. This helps to rationalize budgets.
Shorten Response Times: Teams that have practiced together in live-fire scenarios respond faster and more effectively, limiting dwell time and blast radius.
Lower Breach Costs: Studies consistently show that trained, coordinated SOC teams can significantly lower the cost of a breach when it occurs.
Prove Readiness to Auditors and Regulators: Increasingly, regulators want evidence not just of security tooling, but of human readiness. Live-fire exercises produce the kind of tangible metrics that satisfy these expectations.
Lessons From Other High-Risk Domains
We often suggest to senior leadership, whenever the topic of expert training emerges, that they take a moment to ponder the situation in comparable high-risk situations. For example, if you review the training profiles in industries such as aviation, healthcare, or military defense, which are all sectors where lives are on the line, then you will find a serious and disciplined approach to training.
More specifically, the leaders of these industries tend to invest most heavily in simulation training. Pilots, for example, don’t just read about engine failures – rather, they experience them in simulators. Similarly, surgeons don’t just study textbooks. They practice on lifelike models. Cybersecurity should be no different. The threats are real, the stakes are high, and simulation is the only way to ensure that teams are ready to perform when needed.
Conclusion
If your cybersecurity budget only covers technology but not people, then you are leaving your organization vulnerable. Investment in live-fire simulation training must be treated as a core security control, no different from endpoint detection or network security. Companies like Cloud Range offer powerful, practical ways to make that investment count. We believe that training your SOC team is not optional. It’s a baseline requirement for real cyber resilience.
About TAG
Recognized by Fast Company, TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to deliver on-demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity and artificial intelligence.
