by Tom Gol, Senior Product Manager Armis

We constantly hear about a cybersecurity staffing crisis, but perhaps the real challenge isn’t a lack of people. It might just be a critical shortage of intelligent automation and actionable context for the talented teams we already have.

The Lingering Shadow of the “Talent Gap” Narrative

It’s almost a mantra in cybersecurity circles: “There’s a massive talent gap!” Conferences echo it, reports reinforce it, and CISOs often feel it acutely. This widely accepted idea suggests we simply don’t have enough skilled professionals, leading to overworked teams, burnout, and, most critically, persistent organizational risk. The default response often becomes a relentless cycle of “buy more tools, tune more tools, and staff more teams”—a cycle that feels increasingly unsustainable and inefficient.

But what if this pervasive “talent gap” is actually a clever red herring, distracting us from a more fundamental issue? We’ve grown so accustomed to the narrative of a human deficit that we often overlook a crucial truth: current technology is already capable of significantly narrowing this very gap. My strong conviction is this: the true underlying problem isn’t a shortage of available talent, but a profound and crippling gap in intelligent automation and actionable context that prevents our existing cybersecurity professionals from operating at their full potential. What’s more, advancing on the technology side now presents a demonstrably better return on investment than simply trying to out-hire the problem. Fill that gap with smarter tech, and watch the perceived talent shortage shrink.

Misdiagnosis: When More People Isn’t the Answer

For too long, the cybersecurity industry’s knee-jerk reaction to mounting threats has been to throw more human resources at the problem. Yet, the attack surface continues its relentless expansion. Threat actors become more sophisticated. And our SOCs are constantly drowning in an unfiltered deluge of alerts. This creates an overwhelming workload that even the most seasoned experts find impossible to manage effectively, often resulting in burnout and, ironically, talent attrition rather than retention.

The issue isn’t that a lack of bright minds are joining the field. It’s that those brilliant minds often find themselves mired in monotonous, low-value tasks. They’re forced to operate in a thick fog of incomplete information, constantly sifting through noise. When security teams lack clarity on exactly what assets they own, how those assets connect, what their true business criticality is, and which threats are genuinely active, even the most experienced professional struggles. Their effectiveness diminishes, not from a lack of inherent skill, but from a fundamental absence of visibility and intelligent support.

Automation and AI: The True Force Multiplier for Human Talent

The real power move against the overwhelming tide of cyber threats lies not in endless recruitment, but in the intelligent application of automation and AI. Leading industry discussions increasingly highlight that the purpose of AI in cybersecurity isn’t about wholesale human replacement. Instead, it’s about augmenting our existing staff, turning them into a far more potent force. This approach fundamentally allows organizations to scale their expertise and impact without being shackled to proportional headcount increases. Let’s unpack how this transformation plays out.

Freeing Up Human Capital from the Mundane

Imagine a security analyst whose day is consumed by hours of manual investigation, enriching alerts, triaging false positives, responding to routine questionnaires, or laboriously transitioning tickets. These are precisely the kinds of non-human, deterministic, and highly repetitive tasks ripe for intelligent automation. AI agents can seamlessly take on this soul-crushing burden, liberating human analysts. They are then free to pivot towards higher-value, creative, judgment-based, and genuinely strategic work. This transforms security teams from reactive task-runners into proactive problem-solvers. Projections suggest that common SOC tasks could become significantly more cost-efficient in the coming years due to automation—a shift that’s not merely about saving money, but about amplifying human potential.

Supercharging Productivity and Experience

Modern AI, particularly multi-agent AI and generative AI, can proactively offer smart advice on configurations, predict the root causes of complex issues, and integrate effortlessly with existing automated frameworks. This empowers security professionals, making their work not just more efficient but also more engaging and less prone to drudgery.

The Indispensable Power of Context: Lowering the “Expertise Bar”

While automation tackles the sheer volume of work, context provides the vital clarity that fundamentally reduces the need for constant, deep-seated expertise in every single scenario. When security professionals have immediate, rich, and actionable context about a vulnerability or an emerging threat, the path to intelligent prioritization and decisive action becomes remarkably clearer.

Consider the profound difference this context makes:

• Asset Context: Knowing not just that a vulnerability exists, but precisely which specific device it resides on—is it a critical production server, or an isolated, deprecated test machine?
• Business Application Context: Understanding the exact business function tied to that asset, and the tangible financial or operational impact if it were to be compromised.
• Network Context: Seeing the asset’s intricate network connections, its precise exposure level, and every potential path an attacker could take for lateral movement.
• Compensating Controls Context: Having a clear, real-time picture of which existing security controls (like network segmentation, EDRs, or Intrusion Prevention Systems) are actually in place and effectively working to mitigate the vulnerability’s risk.
• Threat Intelligence Context: Possessing real-time, “active exploit” intelligence that doesn’t just theorize, but tells you if a vulnerability is actively being exploited in the wild, or is part of a known attack campaign targeting your industry.

With this deep, multidimensional context, a significant portion of the exposure management workload can be automated. Crucially, for the tasks that still require human intervention, the “expertise bar” is dramatically lowered. My take is that for a vast majority of cases—perhaps 90% of scenarios—a security professional who isn’t a battle-hardened, 20-year veteran can still make incredibly effective decisions and significantly improve an organization’s cyber posture. This is because they are presented with clear, actionable context that naturally guides prioritization and even recommends precise actions. The result? A drastic reduction in alert noise, faster detection and response times, and a palpable easing of the burden on the entire security team.

Navigating the Human Element: Skills Evolution and Burnout

This powerful shift towards automation and AI naturally brings legitimate questions about skills erosion. Some experts prudently point out a valid risk: a significant portion of SOC teams might experience a regression in foundational analysis skills due to an over-reliance on automation. This underscores a critical truth: we must keep humans firmly in the loop. For highly autonomous SOCs, a “human-on-the-loop” approach is recommended, reserving human intervention for complex edge cases and critical exceptions.

CISOs, therefore, face an evolving mandate:

• Future-Proofing Skills: It’s less about filling historical roles and more about nurturing new competencies like prompt engineering, sophisticated AI oversight, advanced critical thinking, and strategic problem-solving.
• Combating Burnout: Beyond just tools, effective talent retention demands proactive measures to address burnout. This includes intelligent workload monitoring, smart task delegation, and genuine wellness initiatives. The ultimate goal isn’t just to fill empty seats; it’s to ensure that the people in those seats are effective, sustainable, and thriving.

A New Mindset for CISOs: Embracing the “Chief Innovation Security Officer” Role

The ongoing “talent gap” discussion should be a catalyst for CISOs to adopt a fundamentally new mindset. Instead of simply focusing on cost-cutting or the perpetual struggle of recruitment, they must evolve into “Chief Innovation Security Officers.” This means daring to rethink how work gets done, leveraging AI and automation not merely as tactical tools but as strategic enablers for scaling cybersecurity capabilities and unlocking the full potential of their existing talent. This strategic investment in technology, driven by an understanding of context, offers a superior ROI in bridging the cybersecurity “gap” compared to the increasingly futile effort to simply hire more people.

Building robust AI governance frameworks and achieving crystal-clear visibility into existing AI implementations and technical debt are crucial foundational steps. Ultimately, solving the perceived talent gap isn’t about endlessly hiring more people into an unsustainable system. It’s about empowering the talented individuals we do have—making them more efficient, more effective, and more strategically focused—through the intelligent application of automation and unparalleled context. It’s time to stop chasing a phantom gap and start truly empowering our digital defenders.

By Rebecca Sutherland, CEO and Founder of HarbarSix

There’s a word that often makes people shift a little in their seats. Assertiveness. It can sound sharp, maybe even a bit harsh, like something that belongs in boardrooms filled with ego or in negotiation books gathering dust on someone’s shelf. But in truth, assertiveness, when you really understand it, is one of the most compassionate tools we have as leaders.

Because at its core, assertiveness isn’t about being pushy. It’s about being clear.

And when you’re building something, a business, a team, a dream that lives outside the ordinary, that kind of clarity becomes essential. Without it, you end up drifting, making decisions that don’t feel quite right, saying yes when you mean no, and slowly watching the thing you once felt lit up by become a source of tension or exhaustion.

I’ve seen it happen more than once. A brilliant, creative founder full of drive and vision, slowly ground down by too many compromises, too much people-pleasing, too little space to breathe. They don’t lack skill or ambition. What they’re missing is that anchor, the ability to be assertive without feeling like they have to apologise for it.

So, let’s unpack that, because I think we need to talk about how to lead from a place that’s both strong and soft. Firm but open and rooted in who you are.

Assertiveness starts with self-trust

Before you can speak clearly to others, you must be clear with yourself. What do you stand for? What kind of culture are you trying to build? What do you value, not just on a branding level, but deep in your bones?

Because if you don’t know that, you’ll find yourself pulled in all directions. You’ll agree to partnerships that don’t serve you, hire people based on panic rather than alignment, and find it hard to hold boundaries when the stakes feel high.

But when you do know—when you’ve taken the time to understand what really matters to you—it becomes easier to communicate it, calmly and confidently, even when it’s uncomfortable.

Saying what you mean isn’t unkind—it’s respectful

There’s a misconception, especially among founders who want to be “good” leaders, that being direct is somehow abrasive. That if you’re too clear, you might upset people. But in my experience, the opposite is true.

When you wrap your truth in too many layers of softening or delay saying the hard thing because you’re worried about how it will land, you actually create more confusion, not less. People want to know where they stand. Your team, your investors, your clients—they respect leaders who can speak with warmth and certainty.

You don’t need to bark orders or dominate a room. But you do need to be able to say, “This isn’t working for me,” or “This direction doesn’t feel right,” or even, “I’ve changed my mind.” That kind of honesty is a form of care. It protects your energy, and it gives everyone around you a clearer playing field.

Boundaries aren’t barriers—they’re invitations to trust

One of the most powerful forms of assertiveness is knowing when to say no. Or not yet. Or not like this.

As founders, we’re often wired to keep giving—to clients, to our team, to the business itself. But that constant giving, without boundaries, leads to burnout. And more than that, it models a kind of unsustainable leadership where overextending becomes the norm.

Boundaries, when set with intention, are not walls. They’re signals. They say, “This is how I work best,” or “This is what I need to stay at my best,” or “Here’s the line where my role ends and yours begins.” And far from pushing people away, they create the safety and trust needed for real collaboration.

Not everyone will like it—and that’s okay

Here’s the part that might sting a little: not everyone will like your assertiveness. Some people will bristle when you stop bending over backwards. Others may be used to you saying yes to everything, and might struggle when you start to reclaim your space.

Let them. Your job isn’t to be liked by everyone. Your job is to build something honest, sustainable, and true. And the people who are meant to walk alongside you? They’ll stay, in fact, they’ll probably thank you for the clarity.

Practice before you need it

Like any skill, assertiveness gets easier with practice. Start small. Have that conversation you’ve been avoiding. Say no to the next thing that doesn’t feel aligned. Express a need clearly without over-explaining. And then do it again. Not perfectly, just consistently.

If you’re not used to it, it might feel clunky at first. That’s okay. Clarity is a muscle. The more you use it, the stronger it gets.

The most powerful leaders are not the loudest

They’re not the ones who dominate meetings or chase visibility for its own sake. They’re the ones who know who they are. Who can sit in discomfort without losing their footing. Who can say the hard thing with softness and stay true to their vision when the noise gets loud.

Assertiveness isn’t about power over others—it’s about being in your own power. And when you lead from that place, it changes everything.

For your business. For your team. And most importantly, for you.

Dean Clark, Group Chief Technology Officer for GFT

The banking sector is transforming more and more, with banks under pressure to meet customers’ evolving expectations. This means that even the most traditional institutions have to move away from legacy systems and adopt modern technologies such as cloud computing and AI. The aim of this shift is not just to keep pace with digital-native competitors, but also to improve operational efficiency and deliver better customer experiences.

However, innovation brings new challenges. Transitioning from centralised mainframes to cloud-based platforms is a complex process that can’t happen overnight. Amid this transformation, banks must ensure that security remains a top priority. Striking the right balance between modernisation and robust security is essential to building and maintaining consumer trust in the digital age.

Balancing agility with security

Multicloud is a key component of digital transformation strategies in the financial sector. Many banks are relying on hybrid multicloud to modernise and keep up with the evolving tech landscape. In the meantime, new digital banks are launching entirely on cloud-native platforms, which helps support agility and scalability from day one.

Cloud technologies offer many advantages, including improved performance, flexibility and faster innovation. However, despite these benefits, they do come with security challenges. Cloud infrastructure, often built and managed using Infrastructure as Code (IaC), can include some vulnerabilities and give an entry point into a bank’s system to malicious actors. As such, ensuring that IaC adheres to best practices is essential to avoid misconfigurations or exploitable vulnerabilities as early as possible.

The protection of consumer data must also be central to any digital transformation strategy. Security must be deeply embedded not only in backend infrastructure but also in the user-facing layers such as web portals and mobile applications. This is critical to maintain consumer trust and improve retention.

Why a unified security platform is essential

When undergoing digital transformation, financial institutions need a unified security solution to help streamline the security management process by having all the necessary tools in one place. In fact, a unified security solution is built on three interconnected pillars. First, security must be embedded directly into development pipelines. This integration helps identify and mitigate risks and misconfigurations early, before they can impact production. Second, through continuous monitoring and management of cloud assets, banks can gain more visibility and control over their security posture. Third, runtime protection safeguards cloud workloads, web applications and APIs through tools like cloud threat detection, host security, container security, serverless security, and web application & API protection. Together, these pillars help to establish a robust security framework. This way, digital banks can minimise risks, streamline operations and ensure compliance with regulatory demands.

The benefits of ‘zero trust’

Modern cloud-native banks rely on ‘zero trust’ security models more and more. ‘Zero trust’ refers to the principle according to which every request to access an organisation’s system should be carefully reviewed. This means that no user or system is trusted by default. They’re all subject to identification and authentication checks. This helps set clear boundaries between the applications the users are accessing and the resources available in the cloud. And even after access has been granted, all activity is monitored on an ongoing basis to identify potential malicious behaviour that could compromise digital banking systems. This continuous verification enhances visibility into potential threats and facilitates compliance with regulatory standards.

To further reinforce security, mutual transport layer security (TLS) can be implemented as a core design principle, enabling secure authentication with third-party entities over the internet. By adopting such measures, digital banks can build a resilient security foundation that safeguards against evolving threats whilst preserving customer trust and operational integrity.

The example of Salt Bank

Salt Bank is a next-generation digital bank launched in Romania. It serves as a good example of a financial institution that embedded security into its digital banking platform from the start. Salt Bank was built and launched in under 12 months, showcasing the power of an approach to innovation that heavily relies on security.

Salt Bank implemented a range of advanced security measures, including zero trust architecture, threat modelling, cloud security posture management, and automated security operations, guided by this security-by-design philosophy. These tools helped the bank implement a strong defence against cyber threats whilst still focusing on improving customer experience.

Central to Salt Bank’s strategy was Engine by Starling, a SaaS platform designed specifically for digital banking, paired with Palo Alto Networks’ Prisma Cloud. Prisma Cloud played a key role in securing the bank’s cloud infrastructure, offering capabilities such as misconfiguration monitoring, risk detection, remediation and compliance management. Together, these technologies provide a unified and efficient approach to managing security in a complex cloud environment.

The future of modern banking is all about security

As digital transformation accelerates across the financial sector, companies must keep security at the top of their agenda. Whilst innovating is key to keeping up with evolving trends and changing customer expectations, it can’t be done without prioritising security. If security isn’t embedded in every layer of an organisation’s digital infrastructure, vulnerabilities may be introduced within the system and easily exploited by malicious actors. And once cyber attackers are in the system, everyone knows it can lead to chaos.

But security isn’t just for defensive purposes, it’s also a strategic advantage. In a climate of growing digital distrust, the most secure bank doesn’t just win compliance, it also wins customers. By choosing to turn advanced security into a visible product feature, not just an internal practice, banks can build marketable trust and differentiate from fintech challengers who may cut corners in pursuit of speed.