Source: securityboulevard.com – Author: Alan Shimel
Michael Fanning, CISO at Splunk, shares insights on cybersecurity challenges highlighted in the Splunk State of Security report. Key issues include analyst burnout and alert fatigue, which persist over time. Fanning discusses how AI can improve efficiency and support analysts, emphasizing the need for better prioritization and event correlation in security operations to enhance effectiveness and create a healthier work environment.
Fanning notes that more than half of SOC analysts report burnout and many are eyeing careers outside cybersecurity. The problem isn’t nonstop breaches; it’s the torrent of false positives that force analysts to chase ghosts across a bloated stack of 20-plus security tools.
His remedy starts with “detection as code.” By engineering detections the way developers write software—complete with peer review, version control, and metrics—teams can measure true- vs. false-positive rates and prune noisy rules. Event correlation is the second lever: knitting related events into a single, richer alert shrinks the queue and keeps focus on genuine threats.
AI shows up as a helpful coworker, not a pink-slip machine. Splunk’s own experiments include an assistant that drafts SPL queries and another that turns raw case notes into an executive incident summary. Analysts still sign off on the output, but they’re spared the blank-page grind, freeing time for deeper investigations.
What surprised Fanning most? The industry’s pain points haven’t changed in 10 years: alert fatigue, tool sprawl, and a pressure-cooker culture that treats silence as proof the team simply “did its job.” Until organizations invest in higher-quality detections and rationalize overlapping tools, he warns, SOC burnout will remain security’s most stubborn—and predictable—risk.
Alan Shimel
Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.
Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.
Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.
Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.
Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.
alan has 92 posts and counting.See all posts by alan
Original Post URL: https://securityboulevard.com/2025/06/escaping-soc-burnout-state-of-security-2025/?utm_source=rss&utm_medium=rss&utm_campaign=escaping-soc-burnout-state-of-security-2025
Category & Tags: Video Interviews,Cybersecurity,Report,SOC,Splunk – Video Interviews,Cybersecurity,Report,SOC,Splunk
Views: 0
