Generative AI is creating a digital diaspora of techniques, technologies and tradecraft that everyone, from rogue attackers to nation-state cyber armies trained in the art of cyberwar, is adopting. Insider threats are growing, too, accelerated by job insecurity and growing inflation. All these challenges and more fall on the shoulders of the CISO, and it’s no wonder more are dealing with burnout.
In Part 1:We explored how gen AI is reshaping the threat landscape, accelerating insider threats and putting unprecedented pressure on cybersecurity teams. Insider-driven risks, shadow AI usage and outdated detection models are forcing CISOs to rethink their defenses.
Now, in Part 2, we turn to the solutions — how gen AI can help combat burnout across security operations centers (SOCs), enable smarter automation and guide CISOs through a 90-day roadmap to secure their enterprises against evolving threats.
Battling burnout with gen AI deserves to be a 2025 CISO priority
Nearly one in four CISOs consider quitting, with 93% citing extreme stress, further proving that burnout is creating increasingly severe operational and human risks. Gartner’s most recent research links burnout to decreased team efficiency and overlooked security tasks that often become vulnerabilities. Unsurprisingly, 90% of CISOs identify burnout as one of the main barriers that stand in the way of their teams getting more accomplished and using the full extent of their skills.
How bad is burnout across cybersecurity and SOC teams? The majority of CISOs, 65%, say that burnout is a severe impediment to maintaining effective security operations.
Forrester adds that 36% of the cybersecurity workforce are categorized as “Tired Rockstars,” or individuals who remain highly engaged but are on the brink of burnout. This emphasizes the critical need to address mental health and workload management proactively.
SOC analysts endure heavy workloads that often turn severe when they have to monitor, analyze and aggregate insights from an average of over 10,000+ alerts a day. Chronic stress and not having enough control over their jobs lead to high turnover, with 65% considering leaving their careers.
Ivanti’s 2024 Digital Employee Experience (DEX) Report underscores a vital cybersecurity link, noting that 93% of professionals agree improved DEX strengthens security, yet just 13% prioritize it. Ivanti SVP Daren Goeson told VentureBeat in a recent interview that “organizations often lack effective tools to measure digital employee experience, significantly slowing security and productivity initiatives.”
SOC teams are particularly hard hit by burnout. While AI can’t solve the entire challenge, it can help automate SOC workflows and accelerate triage. Forrester is urging CISOs to think beyond automating existing processes and move forward with rationalizing security controls, deploying gen AI within existing platforms. Jeff Pollard, VP at Forrester, writes: “The only way to deal with the volatility your organization encounters is to simplify your control stack while identifying unnecessary duplicate spend and gen AI can boost productivity, but negotiating its pricing strategically will help you achieve more with less.”
There are over 16 vendors of new-gen AI-based apps aimed at helping SOC teams that are in a race against time every day, especially when it comes to containing breakout times. CrowdStrike’s recent global threat report emphasizes why SOCs need to always have their A-game, as adversaries now break out within 2 minutes and 7 seconds after gaining initial access. Their recent introduction of Charlotte AI Detection Triage has proven capable of automating alert assessment with over 98% accuracy. It cuts manual triage by more than 40 hours per week, all without losing control or precision. SOCs increasingly lean on AI copilots to fight signal overload and staffing shortfalls. VentureBeat’s Security Copilot Guide (Google Sheet) provides a complete matrix with 16 vendors’ AI security copilots.
What needs to be on every CISO’s roadmap in 2025
Cybersecurity leaders and their teams have significant influence on how, when and what gen AI applications and platforms their enterprises invest in. Gartner’s Phillip Shattan writes that “when it comes to generation AI-related decisions, SRM leaders wield significant influence, with over 70% reporting that cybersecurity has some influence over the decisions they make.”
With so much influence on the future of gen AI investment in their organizations, CISOs need to have a solid framework or roadmap against which to plan. VentureBeat is seeing more roadmaps comparable to the one structured below for ensuring the integration of gen AI, cybersecurity and risk management initiatives. The following is a guideline that needs to be tailored to the unique needs of a business:
Days 0–30: Establish core cybersecurity foundations
1. Set the goal of defining the structure and role of an AI governance framework
- Define formal AI policies outlining responsible data use, model training protocols, privacy controls and ethical standards.
- Vendors to consider: IBM AI Governance, Microsoft Purview, ServiceNow AI Governance, AWS AI Service Cards
- If not already in place, deploy real-time AI monitoring tools to detect unauthorized usage, anomalous behaviors and data leakage from models.
- Recommended platforms: Robust Intelligence, CalypsoAI, HiddenLayer, Arize AI, Credo AI, Arthur AI
- Train SOC, security and risk management teams on the AI-specific risks to alleviate any conflicts over how AI governance frameworks are designed to work.
2. If not already in place, get a solid Identity and Access Management (IAM) platform in place
- Keep building a business case for zero trust by illustrating how improving identity protection helps protect and grow revenue.
- Deploy a robust IAM solution to reinforce identity protection and revenue security.
- Top IAM platforms: Okta Identity Cloud, Microsoft Entra ID, CyberArk Identity, ForgeRock, Ping Identity, SailPoint Identity Platform, Ivanti Identity Director.
- If not already done, immediately conduct comprehensive audits of all user identities, focusing particularly on privileged access accounts. Enable real-time monitoring for all privileged access accounts and delete unused accounts for contractors.
- Implement strict least-privilege access policies, multi-factor authentication (MFA) and continuous adaptive authentication based on contextual risk assessments to strengthen your zero-trust framework.
- Leading Zero-Trust solutions include CrowdStrike Falcon Identity Protection, Zscaler Zero Trust Exchange, Palo Alto Networks Prisma Access, Cisco Duo Security and Cloudflare Zero Trust.
- Establish real-time monitoring and behavioral analytics to identify and reduce insider threats rapidly.
- Insider threat detection leaders: Proofpoint Insider Threat Management, Varonis DatAdvantage, Forcepoint Insider Threat, DTEX Systems, Microsoft Purview Insider Risk Management.
Days 31–60: Accelerate Proactive Security Operations
1. Replace manual patch workflows with an automated patch management systems
- Your organization needs to move beyond fire drills and severity-based patch cycles to a continuous, real-time vulnerability monitoring and patch deployment strategy.
- AI is helping cut the risks of breaches with patch management. Six in ten breaches are linked to unpatched vulnerabilities. The majority of IT leaders responding to a Ponemon Institute survey, 60%, say that one or more of the breaches potentially occurred because a patch was available for a known vulnerability but not applied in time.
- Leading automated patch management vendors: Ivanti Neurons for Patch Management, Qualys Patch Management, Tanium Patch Management, CrowdStrike Falcon Spotlight, Rapid7 InsightVM.
- Implement automated tools prioritizing patches based on active exploitation, threat intelligence insights and business-critical asset prioritization.
- Establish transparent processes for immediate response to emerging threats, drastically reducing exposure windows.
2. Initiate comprehensive Cyber Risk Quantification (CRQ)
- If not already in progress in your organization, start evaluating the value of CRQ frameworks in improving how cybersecurity risks are measured and communicated in financial and business impact terms.
- Trusted CRQ solutions: BitSight, SecurityScorecard, Axio360, RiskLens, MetricStream, Safe Security, IBM Security Risk Quantification Services.
- Test out a CRQ by creating a detailed risk dashboard for executives and stakeholders, linking cybersecurity investments directly to strategic business outcomes.
- Conduct regular CRQ assessments to inform proactive security spending and resource allocation decisions clearly and strategically.
Days 61–90: Keep optimizing security efficiency to fuel greater team resilience
1. Consolidate and Integrate Security Tools
- Audit existing cybersecurity tools, eliminating redundancies and streamlining capabilities into fewer, fully integrated platforms.
- Comprehensive integrated platforms: Palo Alto Networks Cortex XDR, Microsoft Sentinel, CrowdStrike Falcon Platform, Splunk Security Cloud, Cisco SecureX, Trellix XDR, Arctic Wolf Security Operations Cloud.
- Check for strong interoperability and reliable integration among cybersecurity tools to improve threat detection, response times and overall operational efficiency.
- Regularly review and adjust consolidated toolsets based on evolving threat landscapes and organizational security needs.
2. Implement structured burnout mitigation and automation
- Starting in the SOC, leverage AI-driven automation to offload repetitive cybersecurity tasks, including triage, log analysis, vulnerability scanning and initial threat triage, significantly reducing manual workloads.
- Recommended SOC automation tools: CrowdStrike Falcon Fusion, SentinelOne Singularity XDR, Microsoft Defender & Copilot, Palo Alto Networks Cortex XSOAR, Ivanti Neurons for Security Operations
- Establish structured recovery protocols, mandating cooldown periods and rotation schedules after major cybersecurity incidents to reduce analyst fatigue.
- Define a balanced, regular cadence of ongoing cybersecurity training, mental well-being initiatives, and institutionalized burnout mitigation practices to sustain long-term team resilience and efficiency.
- Automation and burnout mitigation vendors: Tines, Torq.io, Swimlane, Chronicle Security Operations Suite (Google Cloud), LogicHub SOAR+, Palo Alto Networks Cortex XSOAR
Conclusion
With modest budget and headcount increases, CISOs and their teams are being called to defend more threat vectors than ever. Many tell VentureBeat it’s a continual balancing act that demands more time, training, and trade-offs on which legacy apps stay and which go, all defining how their future tech stack will look. CISOs who see gen AI as a strategic technology that can help unify and close gaps in security infrastructure are thorough in their vetting of new apps and tools before they go into production.
While gen AI continues to fuel new adversarial AI techniques and tradecraft, cybersecurity vendors respond by accelerating the development of next-generation products. Paradoxically, the more advanced threatcraft becomes with adversarial AI, the more critical it becomes for defenders adopting AI to pursue and perfect human-in-the-middle designs that can flex and adapt to changing threats.
The post What your tools miss at 2:13 AM: How gen AI attack chains exploit telemetry lag – Part 2 appeared first on Venture Beat.
