Voice of Security

According to the IDC survey, nearly 60% of security teams have fewer than 10 people*, with 72% of leaders reporting their team’s workload increasing in the past year*. And yet, 58% of respondents consider their teams "properly staffed."* This highlights the importance of efficiency, automation, and smart prioritization in navigating modern security challenges. Encouragingly, 88% of teams report meeting or exceeding their targets*, proving that small, well-equipped teams can stay resilient, adapt quickly, and thrive in an increasingly complex threat landscape.

What drives job satisfaction among security leaders? For 21% of respondents to the IDC survey, learning new things is the most fulfilling aspect of their role*. For 19%, developing creative solutions to problems tops the list*, and for 16%, tackling varied challenges is what they enjoy most*. This highlights the need for environments where creativity is valued, especially as we increase AI adoption and move toward an approach we call “modern SecOps,” where proactive threat research, specialization, and human ingenuity drive innovative defense strategies. Prioritizing human fulfillment isn’t just a retention strategy, it’s key to unlocking the full potential of security teams.

According to the IDC research, 83% of security leaders report having a healthy work-life balance*, but only 72% can perform their jobs without working extended hours*, suggesting that such sacrifices have become an accepted part of the role for many. A Gartner Peer Community survey of 178 security leaders reinforces this - 62% of those who experienced burnout said pressure to work late nights or weekends was among the biggest contributing factors. It's important to recognize that these challenges may be even more pronounced in other parts of the security team. In a Tines survey of security analysts, 71% reported experiencing burnout, while a survey of SOC workers by SANS revealed that 55% had considered walking away from a job due to the pressure. This highlights the potential for a significant gap between the perspectives of leaders and those on the front lines.

Security leaders are keen to redirect their time toward more strategic, high-value activities like planning and skill development. If they gained time through automation or AI, 43% would focus more on security policy development*, 42% on training and development*, and 38% on incident response planning*, according to the IDC survey. Regardless of where they are in their automation or AI journey, it’s clear that security leaders want to create more space for these strategic initiatives.

The IDC research reveals which metrics are used to evaluate security teams - and the results aren’t always encouraging. Metrics like the number of incidents handled (35%)* or number of alerts (23%)* prioritize speed and volume, but don’t reflect the effectiveness of the team in maintaining resilience against evolving threats. Security teams should be held accountable for metrics that are within their control, such as the percentage of recurring incidents (33%)*, identifying and reducing false positives (22%)*, and fostering knowledge-sharing (27%)*. By shifting the focus from activity to impact, they can prioritize sustainable resilience over vanity metrics. Misalignment between security and key stakeholders is reflected elsewhere in the white paper, too - for example, among respondents with low job satisfaction, the top reason cited was a lack of respect and support from other leaders at the organization.

IDC’s survey data reveals a clear automation maturity curve. The most common priorities among respondents - reducing manual workloads (37%)*, streamlining compliance and reporting (34%)*, and managing data overload to ease alert fatigue (34%)* - align with the typical starting points for automation. Less common priorities, like breaking down team silos (22%)*, tool stack optimization (22%)*, and training support (25%)*, tend to emerge later as automation programs evolve. This progression highlights how security automation shifts from solving tactical pain points to becoming a strategic force multiplier, ultimately unlocking ambitious, high-impact initiatives that strengthen security and drive innovation.

While a third of respondents in IDC’s survey (33%)* are completely satisfied with their team’s tools, there’s still a lot of room for improvement. The majority of security teams (55%) manage between 20 and 49 tools*, with 23% using fewer than 20*, and 22% using 50 to 99*. But abundant tools don’t always mean good outcomes - 24% cite poor integration as a major challenge*, while 35% say their stack lacks key functionality and could benefit from additional tools*. The real issue isn’t just having the right tools - it’s ensuring they work together to reduce complexity, improve visibility, and enhance interoperability.

Siloed automation across departments makes managing security programs more complex and creates vulnerabilities, particularly when tools are adopted without security team oversight. As an alternative, many organizations are embracing shared automation use cases that strengthen security posture, streamline operations, reduce complexity, and improve collaboration between security, IT, and DevOps. 95% of respondents to the IDC survey support this approach*, with the most enthusiasm expressed for the following use cases; “monitoring IT and security shared responsibility” (99%)*, “support for custom code” (98%)*, “codeless capabilities and visual design, mapping for IT” (97%)*, “creating a security hub for documentation like eSignatures” (97%)* and “integration with DevOps” (97%)*.

The IDC research showed that 99% of security leaders are embracing AI* and 78% of leaders are confident that changes to their roles will be manageable*, suggesting that sentiment toward AI adoption remains largely optimistic. Yet, this enthusiasm coexists with concerns and frustrations. 33% of respondents are worried about the time required to train their teams on AI capabilities*, while 27% cite compliance as a key blocker*. Other hurdles include AI hallucinations (26%)*, secure AI adoption (25%)*, and slower-than-expected implementation (20%)*. Overcoming these barriers is critical to ensuring AI lives up to its full potential.

The most common AI use cases for those who responded to IDC’s survey involve manipulating security data, with teams using AI for summarization (36%)*, threat intelligence analysis (35%)*, and threat detection (34%)*. Slightly less common - but perhaps indicative of more mature AI programs - are use cases like risk assessments (32%)* and advanced triage (22%)*, where AI actively prioritizes threats and more directly influences security responses. This shift suggests that AI’s impact is slowly moving beyond data manipulation toward use cases that support critical decision-making more directly.

Security practitioners clearly thrive on varied challenges and creative problem-solving. When we factor this into our automation and AI program planning, there’s a very real opportunity to boost retention and foster innovation, by preserving the parts of the job that keep practitioners engaged and excited. This approach is particularly beneficial given the high burnout and employee turnover rates reported among security professionals in non-leadership positions. Transitioning to a “modern SecOps” approach, powered by cloud-native solutions like those offered by AWS, helps security teams move beyond rigid alert queues toward proactive threat research and scalable remediation, where human creativity becomes a key enabler of strategy.

Traditional security metrics often emphasize speed and volume over long-term impact. Shifting the focus to more meaningful metrics - the percentage of recurring incidents, reduction of false positives, and fostering of knowledge-sharing, etc. - ensures security teams are measured by outcomes that truly strengthen resilience. Partnering with stakeholders to align on these priorities can help demonstrate security’s direct contribution to business success.

Workflow automation and AI should go beyond reducing repetitive tasks - they should empower team members at all levels to proactively solve problems and drive innovation. The key is finding the right blend of automation and AI to achieve the team’s goals while maintaining flexibility as AI matures. A platform like Tines, combined with scalable cloud services like AWS, provides both security guardrails and the adaptability needed to evolve with emerging AI capabilities, ensuring teams aren’t locked into a rigid approach as AI becomes suitable for new use cases.

Disconnected tools surfaced as an issue in multiple survey questions, highlighting the need for more seamless integration. A workflow and AI orchestration platform like Tines bridges these gaps, simplifying processes, and maximizing the ROI of your team’s tech stack. Opting for a vendor-agnostic workflow automation platform also lays the groundwork for shared automation use cases across business departments, particularly security-focused teams like IT and DevOps—a priority strongly supported by respondents. The benefits of this go beyond efficiency - better visibility, reduced risk, and new opportunities to strengthen overall defenses.