SUGGESTED SEARCHES
Is Toronto the Next Silicon Valley? Borderless AI CEO Suggests ‘Yes’ Interview
How ChatGPT is Revolutionizing Smart Contract and Blockchain Cryptocurrency
When is Pi Network's Expected Launch Date? Pioneer's Mainnet 'Lands in Q1 2025' Blockchain

SOC Crisis: Splunk’s Mick Baccio on Hidden Cyber Threats

Why Trust Techopedia
A person in a dark room sits at a desk surrounded by multiple monitors displaying code and a glowing world map.

What happens when the biggest weakness in your cyber defense isn’t a missing patch or an advanced attacker but the internal cracks spreading across your own security operations center (SOC)?

In this exclusive conversation, Mick Baccio, Global Security Advisor at Splunk SURGe, cuts through the noise to address a quiet but growing crisis inside many SOCs.

With UK organizations still reeling from recent cyberattacks on household names like Harrods, M&S, and Co-op, it’s no longer enough to blame the external threat landscape. The more complex question is whether we are asking too much from under-resourced teams managing outdated, disjointed tools.

Key Takeaways

  • 46% spend more time managing tools than fighting real security threats.
  • 33% state that their under-skilled team is a key operational bottleneck.
  • Only 11% trust AI for mission-critical decisions without human oversight.
  • Tool sprawl and poor integration drain time, focus, and team morale.
  • Over half of cyber pros have considered quitting due to burnout.
  • $540,000 per hour lost in downtime makes inaction an expensive gamble.

About Mick Baccio

A well-dressed individual with a gray beard and stylish glasses, wearing a black tuxedo with a bow tie against a neutral background.
Mick Baccio, Global Security Advisor at Splunk SURGe

Mick Baccio’s fascination with cyberspace began at age nine after reading Neuromancer and thinking, “I could do that.” He went on to become the first CISO in US presidential campaign history, serving with Pete for America.

Previously, he served as Threat Intelligence Branch Chief at the White House under both the Obama and Trump administrations. He also helped launch the threat intelligence program during the Affordable Care Act rollout.

Now Global Security Advisor at Splunk, Mick blends frontline experience with deep technical insight to help organizations tackle today’s toughest security challenges. He is also a ThruntCon founder and proud muppet owner, still chasing that early spark.

Rebuilding the Modern SOC: Challenges & Realities

Splunk’s State of Security 2025 paints a sobering picture. Nearly half of the respondents admit they’re spending more time maintaining tools than responding to actual threats. A third say their own teams are under-skilled and overstretched. And with average downtime losses estimated at up to $540,000 per hour, inaction isn’t just risky; it’s unaffordable.

From tool sprawl and AI trust issues to the emotional toll on frontline analysts, Mick offers an honest look at what’s dragging modern SOCs down and, more importantly, what it takes to build them back up.

Tool Maintenance vs. Threat Response

Q: Why are so many SOC teams spending more time maintaining tools than defending against threats, and how can that be reversed?

A: Security teams often find themselves overwhelmed, as managing a sprawling collection of tools takes time away from stopping actual attacks. Splunk’s recent State of Security 2025 report reveals that 46% of professionals spend more time maintaining tools than defending against threats. This is often a symptom of poor integration.

Tool sprawl is at the heart of the problem. When dozens of systems fail to communicate or rely on limited standards and incompatible APIs, analysts can end up juggling manual workarounds to piece together a clear picture. Simultaneously, the constant need to redefine detection logic to keep pace with evolving threats only adds to the load.

To turn this around, organizations need to consolidate tools where possible, prioritize platforms built for genuine interoperability, and invest in automation alongside skilled detection engineering. The best security operations centers (SOCs) are transitioning toward unified security operations platforms, where telemetry, context, and action converge in a single view.

The AI Trust Gap

Q: With only 11% of professionals trusting AI for mission-critical tasks, what’s holding back adoption: the tech itself or cultural resistance?

A: Artificial intelligence (AI) is an increasingly critical element in a robust cyber-defence. At the same time, however, some hesitancy around handing over control (particularly total control) to AI is, perhaps, initially understandable as tools and approaches evolve.

Ultimately, it boils down to the need for clarity, control, and a desire to see tools proven in the field. Most security operations center (SOC) teams are comfortable with AI working in the background, especially when there’s a human in the loop. However, when AI is presented as fully autonomous, trust may need to be earned.

This isn’t just cultural resistance – it’s also about how AI is deployed and explained. Trust takes time, and that trust will grow when AI is transparent, auditable, and consistently accurate.

Encouragingly, 59% of security professionals have already seen clear efficiency gains from AI. The challenge now is maturing implementation and governance to build wider confidence.

Tool Fragmentation Problem

Q: How has tool fragmentation become such a major issue, and what does a genuinely unified security platform look like in practice?

A: Tool fragmentation can often stem from rapid growth and a piecemeal “buy a new tool for every threat” approach. If each new addition adds complexity rather than capability, it’s not part of a cohesive integration strategy.

A genuinely unified security platform isn’t just about a single vendor. It’s about meaningful connections across telemetry, detection, response, and orchestration. In practice, that means fewer screens, smarter alerts, and more time investigating real threats instead of managing systems.

When more than half of SOC teams report faster response times with unified platforms, the case for consolidation becomes clear.

Analyst Burnout on the Rise

Q: Given that over half of cyber professionals have considered leaving the field, what’s changed to make burnout such a pressing issue now?

A: Burnout isn’t new, but it’s become more intense. Today’s security professionals face a scale and sophistication of attacks like never before, coupled with arguably greater internal pressures.

They can often juggle the roles of gatekeepers and being those-with-whom-the-buck-stops, especially when compliance issues or incidents occur.

Heightened regulations, the speed of business, and the push to balance security with agility can create tension. SOC teams firefighting in fragmented environments with limited support are particularly vulnerable.

Addressing burnout means streamlining tools, clarifying roles, and moving from reactive defense to proactive resilience. It also means recognizing that mental health is not a side issue – it is a core component of sustaining performance and protecting the people behind the screen.

The High Cost of Inaction

Q: Looking ahead, what’s the cost of inaction for organizations that don’t address internal inefficiencies in their security operations?

A: The cost of doing nothing goes far beyond technical debt. It includes brand damage, loss of customer trust, legal and regulatory exposure, and significant financial consequences. The State of Security and Cost of Downtime reports both highlight these risks as existential for modern businesses.

Security isn’t just an IT issue anymore – it’s a boardroom priority. Inefficient SOCs represent serious risks to business continuity and reputation. Organizations that don’t modernize risk more than breaches – they risk losing the trust of customers, regulators, and even their own people.

The good news is that the path to smarter, more resilient SOCs is more apparent than ever.

But just like your body needs exercise, vegetables, and water, your security operations need consistent care, which can include streamlining processes, improving visibility, and doing the hard, unglamorous work of cyber hygiene. It’s about eating your cyber vegetables. The real challenge is committing to it.

The Bottom Line

Security operations today are being crushed by complexity, fragmentation, and fatigue. Mick Baccio’s insights reinforce the findings from Splunk’s wider research. Too many SOCs are buried under tool maintenance, stuck with disconnected systems, and running on the fumes of overstretched teams.

While AI holds real promise, trust must be earned through transparency and measurable results. Throwing cash at better tech or the latest shiny AI solution is not enough. Smarter integration, streamlined workflows, and sustained investment in people should be at the heart of everything. Burnout isn’t a side effect. It’s a signal. Fixing the problem starts with facing it head-on.

References

  1. State of Security 2025: The Stronger, Smarter SOC of the Future (Splunk)
  2. .conf24: Splunk Report Shows Downtime Costs Global 2000 Companies $400B Annually (Splunk)

Related Reading

Related Terms

Advertisements
Neil C. Hughes
Senior Technology Writer
Neil C. Hughes
Senior Technology Writer

Neil is a freelance tech journalist with 20 years of experience in IT. He’s the host of the popular Tech Talks Daily Podcast, picking up a LinkedIn Top Voice for his influential insights in tech. Apart from Techopedia, his work can be found on INC, TNW, TechHQ, and Cybernews. Neil's favorite things in life range from wandering the tech conference show floors from Arizona to Armenia to enjoying a 5-day digital detox at Glastonbury Festival and supporting Derby County.  He believes technology works best when it brings people together.

Most Popular News

  1. From Silicon to Software: Building Resilient Supply Chains
  2. AI at Scale, But at What Price? Taming Infrastructure Costs in 2025
  3. The Subnet Economy: Bittensor’s Blueprint for Scalable AI
  4. The Risks of Cognitive Offloading: Are AI Models Making Us Dumb?
  5. AI Superintelligence by 2030: Sam Altman’s Bold Timeline & Risks
  6. Apple’s Epic Antitrust Loss Could Trigger Mobile Gaming Reboot
  7. Stablecoins Might Not Be Stable at All
  8. Neuralink Blindsight: Will a New Implant for Vision Work?
  9. How Sitecore’s Agentic AI Rewrites Customer Engagement in 2025
  10. OpenAI for Government: The Rise of Military AI by 2026

Related Features

How Does Social Media Affect Teens? Mental Health in 2025
Tech 101

How Does Social Media Affect Teens? Mental Health in 2025

 Maria Webb 3 days
What Needs to Happen Before Agentic AI Goes Mainstream? Digital.ai Insights 
Tech 101

What Needs to Happen Before Agentic AI Goes Mainstream? Digital.ai Insights 

 Nicole Willing 3 days
Where Do People Get Their News in 2025? A Look at 48 Countries
Tech 101

Where Do People Get Their News in 2025? A Look at 48 Countries

 Maria Webb 1 week
As Altcoin Trading Evolves, Are Non-Custodial Swaps the Real Winners? 
Tech 101

As Altcoin Trading Evolves, Are Non-Custodial Swaps the Real Winners? 

 Nicole Willing 1 week
How Coursera Is Shaping the Global AI Skills Race
Tech 101

How Coursera Is Shaping the Global AI Skills Race

 Neil C. Hughes 2 weeks
Next-Gen Deep Tech: Who’s Leading the Space?
Tech 101

Next-Gen Deep Tech: Who’s Leading the Space?

 Nicole Willing 2 weeks
CRISPR Gene Editing: The Tech Behind Dire Wolf De-extinction
Tech 101

CRISPR Gene Editing: The Tech Behind Dire Wolf De-extinction

 Mark de Wolf 2 weeks
Neuralink Blindsight: Will a New Implant for Vision Work?
Tech 101

Neuralink Blindsight: Will a New Implant for Vision Work?

 Alex McFarland 3 weeks
Popular Categories
Show All
Artificial Intelligence icon
Artificial Intelligence
Business Software icon
Business Software
Cybersecurity icon
Cybersecurity
Cryptocurrency icon
Cryptocurrency
Data Management icon
Data Management
Gaming icon
Gaming
Network icon
Network
Personal Tech icon
Personal Tech
Advertisements