Cody Cornell

After beginning his career in the US Coast Guard, Cody Cornell spent 15 years in IT and security, including roles with the US Defense Information Systems Agency (DISA), Department of Homeland Security (DHS), American Express and IBM Global Business Services.

In 2011, he co-founded Phoenix Cyber, a cybersecurity professional services organisation known for its ability to blend strategy and engineering with cutting-edge security technology. Today, as Swimlane’s Co-Founder and Chief Security Officer, he is responsible for the strategic direction of Swimlane and the development of its security automation and orchestration solution.

How is the ongoing cybersecurity skills gap affecting businesses?

“In the race towards the Fourth Industrial Revolution, organisations are embracing technologies that enhance connectivity and streamline processes,” Cornell comments. “While rapid digitalisation has helped businesses stay afloat during a turbulent last few years, it has also exposed them to increased vulnerabilities that malicious actors can exploit.

“As cybersecurity threats across the globe continue to grow at an alarming rate, it’s clear that cybersecurity must be a significant priority for every business. However, a more significant roadblock stands in the way of an organisation’s ability to secure their business – the substantial shortage of cybersecurity skills and talent. 

“Cybercrime is expected to cost the world US$10.5tn annually by 2025, and yet for years organisations have struggled to build the specialised skills to manage these growing threats.”

How can automation help businesses address cybersecurity challenges associated with the ongoing skills gap?

“As organisations create new and innovative ways of protecting their businesses, cyber criminals are working to combat every new defence,” says Cornell. “As such, many organisations find it difficult to meet the constantly shifting security demands of a digitalised world. But, there’s a simple solution that organisations can take advantage of to ensure robust security of their systems and processes despite the lack of access to cybersecurity talent: automation.

“There is still unease surrounding automation from those who believe implementing it will either create more work or remove people from the equation entirely. But, the reality is that low-code security automation can strategically up-level the existing security team by removing the mundane and repetitive tasks taking up the bulk of their time. By embracing this technology as a tool to support the security operations centre (SOC) instead of replacing it, organisations can detect, identify and respond to threats faster while reducing human error and costs.”

With this in mind, Cornell outlines three ways in which automation can help businesses address some of the key cybersecurity challenges they face as a result of the security talent shortage.

1. Mitigating alert fatigue

“With a limited number of staff responsible for monitoring upwards of 10,000 alerts a day with zero room for error, the potential for breach is high,” describes Cornell. “That’s why one of the biggest problems facing security and IT teams is alert fatigue; a phenomenon that occurs when cybersecurity professionals are inundated with such a high volume of security alerts that it leads to a diminished ability to react effectively to and investigate real threats.

“With 2.7 million unfilled cyber jobs globally, and one third of organisations surveyed by Swimlane believing they will never have a fully-staffed security team, it’s clear that this issue can never be solved by hiring. This has led to burnout among security analysts all while cyber attacks continue to increase in frequency and sophistication.

“Automating the processes monitoring security alerts by creating and deploying pre-programmed responses to specific incidents helps organisations reduce the pressure on their cybersecurity teams. This enables security teams to become more proactive and strategic in their approach to threats, ensuring the organisation can address every alert and ultimately reducing the risk exposure.”

2. Simplifying threat management strategies

“Security teams are required to protect complex business environments across multiple departments,” Cornell adds. “Each department within an organisation requires its own software, tools and secure credentials to conduct business, opening up each group to exploitation for access to the entire network. Staff and skill shortages can make it exceptionally difficult to navigate these increasingly complex environments. 

“Through the automation of threat management processes and systems, organisations can connect and integrate what was once a list of disjointed tools, enabling IT teams to reduce the complexity of security environments and defend the entire enterprise without sacrificing sophistication. This allows for less time to filter, sort and visualise data across security tools while creating a centralised system of record for all security operations with a more holistic view across distributed, complex environments.”

3. Managing SecOps efficacy

“The global average cost of a data breach is now the highest it’s ever been at US$4.35 million, according to IBM’s 2023 Cost of a Data Breach report. Additionally, the UK government found that the most disruptive breach or attack from the last 12 months cost each business, no matter the size, approximately £1,100 (US$1,400),” Cornell says. “For medium to large businesses, this was around £4,960 (US$6,300).

“Despite this, security leaders often struggle to relay the value of their security operations centres to non-security leaders in the business. This results in reduced investment into cybersecurity, poor collaboration and eroding support that negatively impacts the business’ security posture.

“By automating security operations (SecOps) workflows, security leaders can quickly identify and assess relevant metrics and trends, enabling them to better quantify and communicate the business value of security to management, the board of directors and the rest of the organisation.”

How can automation contribute to the future of cybersecurity operations?

“As enterprises increasingly seek to enhance the maturity of their security operations, the need to address the cybersecurity skills gap has become imperative,” concludes Cornell. “Through the automation of routine activities and the implementation of streamlined workflows, organisations can empower their security teams to assume more strategic roles. In doing so, they fortify their ability to safeguard their most critical assets from all external threats.”