(Un)Intended Side Effect of a Platform like ThreatConnect: Job Satisfaction


Solve One of the Biggest Problems in Cybersecurity – Staffing – with Playbooks and Automation

Ready for a shock? Working in cyber security is hard and often thankless.

Okay, maybe that’s not much of shock. Chewbacca certainly gets what it’s like to be in cyber security – constantly saving the day but never getting a medal.


Besides the stress of the battle, it’s also about all the little things. Think about how often Chewbacca is fixing every little thing that goes wrong on the Falcon. We hear from our clients that they are doing manual labor or commonplace tasks all the time. If I had a nickel for every customer who’s told us they spend a good portion of their day managing indicators in spreadsheets, I would have been able to buy some serious amounts of SnapChat stock last month.

That’s extremely disturbing considering the staffing problem in the industry. In a 2016 ESG report, 46% of organizations claim to have a problematic shortage of cyber security skills, which is an 18% increase from 2015.1 In response to that, technology providers like ThreatConnect develop solutions designed to make the limited personnel on the cybersecurity team more efficient. And, how to create systems of record and processes in cases of turnover.

But, as far as I can tell, what we don’t talk about nearly as often, is how we can help make them happy and get them to stay.

In an annual research report on cybersecurity careers, ESG found that “In the mind of many [cybersecurity] professionals, their jobs equate to a battle between right and wrong.”2 Not surprising. We certainly feel that way about what we do here at ThreatConnect, and as far as we can tell, so do our clients and partners.

So, if you go to work everyday to battle the dark side, it has to be pretty frustrating to constantly perform repetitive tasks. As one teammate here put it, “If cutting and pasting were a passion of mine, I’d be in preschool forever not a security analyst.” But let’s not be glib. There’s hard data that speaks to dissatisfaction in this profession. ESG reports that 44% of Security professionals either strongly agree or agree with the statement: “Security professionals are subject to a higher rate of ‘burn out’ from their jobs compared to other IT Professionals.”3

Let’s go a step further with the problem. In that same ESG report, they report that 55% of cyber security professionals strongly agree or agree with the statement: “The cyber skills shortage is a far bigger problem than is being communicated.”4 So, the people on the front lines doing the work feel a real deficit in the amount of skilled labor to get the work done. So, it doesn’t matter whether they are doing the menial tasks themselves or watching someone else do it, they are feeling the pinch of needing more.

It logically follows that if you can cut down on the mundane tasks in a security analyst’s day, they can focus more time (both theirs and their colleagues) on saving the day.

Since that is why the majority say they chose this profession, then they should be happier in their jobs.

ThreatConnect has always had a certain amount of automation built into the Platform – for example, our automated email ingest. Now, with our new Playbooks, there’s more ways than ever to efficiently process data, create intelligence and push it out to your teams or defensive tools. We are every analyst’s best sidekick – making them more efficient at saving the day. And, all the happier for it.

ThreatConnect was built by analysts. We understand your issues because we had those same issues. Your team needs to analyze massive volumes of data to learn about the details of just one threat. When this process is tedious and manual, it is extremely frustrating. Your team is too talented and too busy to be spending time copying and pasting between spreadsheets and tools.

Let’s look at some examples. One sample Playbook (pictured below) was created with just a few clicks – a grand total of about 5 minutes. That Playbook contains 394 lines of code. No matter how talented or fast your team is, Playbooks can help save them time.


In another example, let’s say that an analyst wants to enrich indicators with information from a third-party tool. This takes about two minutes per indicator. Seems minor, right? Now, think about how many indicators he or she looks at per day. For the purposes of easy math in this example, let’s say that he or she is enriching 50 indicators per day (we know it can be many, many more). Logic holds that if your average analyst is worth about $105k/year or $51/hr, automating that one enrichment task with Playbooks saves your organization more than $22K per year. It’s likely also saving you having that person burn out and move on, which managers know can be much more costly.

Now, imagine how many tasks you could automate – and how much you could save. As you start to eliminate repetitive and manual tasks, it frees up your team’s time to work on what actually matters to them. Maybe that’s proactively hunting threats, investigating incidents, or managing events in the SOC. No matter what your team does, you can keep your team happy with ThreatConnect.

So, give the Chewie on your team what he needs. Maybe a medal but definitely his own droid (Playbooks) to keep saving the day.

  1. Source: ESG Research Report, 2016 IT Spending Intentions Survey, February 2016
  2. Source: “The State of CyberSecurity Professional Careers: An Annual Research Report (Part 1), ”
    October 2016, a cooperative research project by ESG and ISSA
  3. Ibid.
  4. Ibid.

Download Our 6 Easy Ways to Advance Your Cybersecurity Program Whitepaper



Dan Verton
About the Author
Dan Verton

Dan Verton is ThreatConnect's Director of Content Marketing. Dan is an award-winning journalist and a former intelligence officer in the U.S. Marine Corps. He has authored several books on cybersecurity, including the 2003 groundbreaking work, Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill) and The Hacker Diaries: Confessions of Teenage Hackers (McGraw-Hill). He has a Master of Arts in Journalism from American University in Washington, D.C.