According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume\/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage, CISOs need alternatives to hiring their way out of this quagmire.How can organizations proceed? By automating security operations processes. ESG research reveals that nearly half (46%) of security operations center (SOC) teams are automating security operations processes \u201cextensively,\u201d while another 44% are automating security operations processes \u201csomewhat.\u201dMultiple approaches to security automationWhen it comes to security operations process automation, one might equate this activity with security orchestration, automation, and response (SOAR) technology. In some cases, this is a correct assumption, as 37% of organizations use some type of commercial SOAR tools. Interestingly, more than half (53%) of organizations eschew SOAR, using security operations process automation functionality within other security technologies instead \u2013 security information and event management (SIEM), threat intelligence platforms (TIPs), IT operations tools, or extended detection and response (XDR), for example. Those organizations using SOAR admit that it is no day at the beach \u2013 80% agree that using SOAR was more complex and time consuming than they anticipated.Technology aside, security professionals acknowledge that there are a few major impediments to security operations process automation. For example, 39% claim that their SOC team doesn\u2019t have the software programming skills necessary for developing automation workflows, and 21% say that their security operations processes are relatively immature, requiring re-engineering before they can be automated. This last obstacle reflects Bill Gates\u2019s well-known observation about process automation: \u201cAutomation applied to an efficient operation will magnify the efficiency\u2026automation applied to an inefficient operation will magnify the inefficiency.\u201dTips toward security automation successClearly, there\u2019s work to be done before many organizations can and should apply resources to security operations process automation. Is it worth the effort? Yes. The research exposes that security pros believe security operations process automation can lead to benefits like improved mean time to respond (MTTR), improved threat detection using playbooks, improved staff productivity, and faster acceleration of addressing critical alerts. The balancing act is in achieving benefits while addressing security operations process automation complexity and skills requirements. Based upon countless interviews with SOC personnel, ESG suggests:Start security operations process automation projects with the basics. Every SOC manager I speak with wants to automate pedestrian tasks they undertake dozens of times each day \u2013 looking up IP addresses, enriching alerts, checking file hashes against VirusTotal or other malware zoos, etc. Some SOC managers tell me automating tasks alone leads to tremendous productivity improvements. SOC teams should query all staff members regardless of their seniority, get their input, and then compile and prioritize a list of tasks for automation. Complement this list by defining metrics that can help the SOC team gauge progress.Look for shortcuts in existing technologies. As described above, task automation is no secret. Before writing code or investing in SOAR technology, its worth assessing the process automation capabilities you already have with tools like SIEM, XDR, TIP, or ServiceNow. Many of these vendors now bake in some of the task automation capabilities mentioned previously. It may also be worthwhile to go beyond the vendors and seek out other users to see if they\u2019ve addressed SOC process automation in creative ways within common technologies.Research existing security operations process templates. After assessing your own security operations processes, it may be useful to review established best practices and observe what leading organizations are already doing. It\u2019s worth noting that some SOAR vendors provide basic workflow templates for processes such as phishing investigations, threat hunting, and incident response that can be customized for applicability to individual organization\u2019s needs.Explore low code\/no code options. To overcome the development skills impediment, leading SOARs such as Demisto (PAN XSOAR), Siemplify (Google), Splunk SOAR, or Swimlane offer drag-and-drop menus that can help organizations create simple automated workflows. Newer SOAR offerings from Tines and Torq are designed around low code\/no code from the ground up. Low code\/no code SOAR not only eases workflow creation, but it also democratizes process automation for all SOC employees \u2013 from junior Tier-1 analysts to seasoned threat hunters, researchers, and incident responders.