Skip to content
GET STARTED
PARTNER LOGIN

MARCH 26, 2025

The Cyber Crisis

By Francis Cianfrocca

This article was entirely written by a biological human. No GPUs were harmed or abused.

There’s an old joke among marketing professionals: About half of your advertising is effective… but you don’t know which half.

It feels like the same thing is happening in cybersecurity these days. It’s not a great time to be in cyber, as many trained and experienced pros can tell you. The job market has softened considerably.
But it’s not because the work isn’t there to be done. It’s because the return on investment is not visible to corporate leadership. It’s like the old joke: you don’t know which half of your cybersecurity investment is effective.

Let’s be clear: people have been saying this for years now. And if you’re like me, you’ve sat through dozens of thoughtful presentations about how tough it is for a CISO to prove that his teams are delivering value.

Your CEO/CFO’s eyes glaze over when you show them an incident-response graph with more green than red on it. But they do see that you always need more budget for tools and headcount.

And the problem is getting worse at exactly the time when cyber attackers are using AI to radically up their game. How many times can you cry “Wolf” before people start to de-sensitize?

Yet it’s not the case that leadership lack awareness of the risk. It’s just that they see no clear path to addressing it effectively.

You could even say that they are implicitly dialing up their exposure to cyber threats by reducing what they spend on stuff that they don’t think works. What’s more frustrating than that?

When I talk to CEOs and CFOs, they tell me they just want to invest in something that can watch all their operations and block cyber threats before or just as they are getting started. Why is that so hard?

If you’re a cyber professional, you’re biting your lip right now. You know how hard it is. You also know that your bosses only want to hear solutions, not problems.

We need a better way.

We need technology that can monitor everything in your company that touches a computer network, including your OT environments, your supply chain, your at-home workers, and your cloud based resources.

By monitor, I mean something that can see everything, across all your environments, and find threats. All threats, not just known vulnerabilities, or signatures and heuristics in vendor databases. The bad guys already know that trick.

The basic process in threat detection is twofold: first, you have to determine what is normal behavior. Second, you have to detect departures from normal.

But success depends on having a really accurate model of normal behavior, and a really accurate way to know which departures from normal are actually dangerous.

Forgive me for sounding like every cheerleader in the world right now, but this is a job for AI.

Modeling behavior across business and technical processes is something that must be done dynamically and locally. Every single operating environment that you have right down to the smallest OT networks has a distinctive behavioral profile that constitutes its baseline. And the profiles change over time.

You need to be able to discover and automatically maintain those baselines across your entire footprint.
Plus, those baselines need to be so accurate and so detailed (“high-dimensional”), that even the slightest anomaly will stand out from the noise… because those slight anomalies are how the bad guys tell on themselves while they’re preparing their kill chains or stealing your intellectual property.

This simply cannot be done by humans at scale.

But guess what? Every single cyber security product that doesn’t do what I just described, is substituting its own opinion of “normal” for what is truly normal in your environments. That’s the definition of doomed-to-fail.

Humans need to stop hunting for threats. AI needs to find threats, at a scale large enough to cover every environment in your company. And when the AI finds threats, use your precious and expensive humans to fix them.

If the AI is doing its job right, then you won’t have more than a relative handful of urgent threats on any given day that require human intervention.

And in time, autonomous AI agents will also be able to fix most cyber threats. Remember that most of threat remediation is modifying firewalls, rebuilding or patching compromised devices, and dynamically routing critical traffic around threats.

Much of this can be automated, allowing human professionals to focus on auditing the results and developing strategy.

So this is my manifesto for dealing with the cyber crisis: let the AI find the threats, and let the humans fix the threats.

It will take a lot of time and effort to get there. But when we do, the investments that businesses make will be aligned with the results they need. And jobs for cyber pros will be plentiful again.