Maksim Kabakou - Fotolia
Cyber platformisation is a skills issue for security teams
The Security Think Tank looks at platformisation, considering questions such as how CISOs can distinguish between a truly integrated platform and 'integration theater, and how to protect unified platforms.
As organisations consolidate security into unified platforms, chief information security officers (CISOs) face a new challenge: ensuring teams have the technical capability to validate whether those systems actually reduce risk.
CISOs are turning to unified security platforms to manage expanding attack surfaces with limited resources, and the appeal is clear. Consolidation offers efficiency and automation to help manage complex environments. But as platforms centralise security functions, concentrate operational dependency, meaning the potential impact of a failure becomes far greater.
Platforms can combine identity, endpoint protection, cloud monitoring, detection and response, and automation within a single ecosystem. And when these components operate together effectively, they strengthen visibility and coordination. However, the danger is that a misconfiguration, integration flaw, or behavioural anomaly in one component can cascade across multiple layers of the security architecture.
The real risk isn’t platformisation itself, it’s the assumption that integration automatically creates resilience. True resilience depends on whether security teams have the technical capability to validate how these systems behave in practice.
Platformisation amplifies risk when teams lack the skills to validate it
When properly implemented, most platforms deliver powerful capabilities. The challenge is that many organisations lack teams equipped to test, challenge and verify those capabilities under real-world conditions.
Integration amplifies the impact of failure. Without the right cross-domain expertise, teams cannot reliably assess whether their security platforms are robust, resilient and secure by design.
Our recent global benchmarking of cyber security skills highlights this gap. In an evaluation of 796 teams and more than 4,500 professionals across 40 technical challenges, security teams demonstrated strong performance in reactive disciplines such as threat detection, investigation and digital forensics. Coding challenges achieved solve rates of 53.6%, while forensics reached 48.2%.
However, preventive and architectural disciplines were significantly weaker. Secure coding challenges saw solve rates of just 18.7%, while web and cloud security averaged 21.1% and 21.3% respectively. These capabilities are essential for validating whether integrated systems are secure by design.
Organisations may be effective at detecting incidents, but they are far less capable of assessing whether their platforms are built securely in the first place. As more security capabilities are consolidated into fewer systems, this imbalance becomes increasingly dangerous.
AI-driven platforms may increase the blast radius of failure
Platforms with AI-powered detection, automated investigation and intelligent response systems promise faster analysis and improved operational efficiency. But they also introduce new questions around reliability, transparency and behaviour under adversarial conditions.
Data from our recent AI-Augmented vs Human-Only Cybersecurity Performance Benchmark Report, the largest side-by-side benchmark of agentic AI and human performance on cyber security tasks to date, shows that AI-augmented teams can deliver up to a 70% higher challenge solve rate than human-only teams. However, the gains are highly dependent on how effectively humans direct, validate and govern AI-driven workflows. Teams that combine human expertise with AI outperform human-only teams in many scenarios, with the advantage driven by orchestration and judgement rather than automation alone.
AI-augmented security operations will become the norm. But they are not a replacement for human defenders. Success depends on maintaining a strong human-in-the-loop model. Agentic automation must be paired with deliberate skill development, ensuring practitioners can challenge outputs, interpret context and manage failure modes.
Without that expertise, AI risks becoming a black box embedded within critical security infrastructure, shaping detection, response and automation across the entire platform. As AI-driven automation consolidates decision-making into fewer systems, the need for cross-domain, adversarial and architectural security skills is even more urgent.
Platform resilience requires continuous technical validation
As cyber security increasingly becomes a board-level risk issue, many organisations still measure maturity through operational metrics such as alert volumes, mean time to detect or incident counts. Although useful, these indicators reflect activity rather than resilience. Resilience is defined by whether teams can identify architectural weaknesses before attackers exploit them.
Achieving this requires hands-on expertise in adversary emulation, secure development, cloud architecture and cross-domain testing. It also requires continuous technical validation, the ability to simulate real-world attacks, observe how integrated platforms behave under pressure, and verify that security controls function as intended.
In a platform-driven environment, resilience must be continuously tested and evidenced, not assumed.
The Computer Weekly Security Think Tank on platformisation
- Stephen McDermid, Okta: Open cyber standards key to cross-platform integration.
- Aditya K Sood, Aryaka: Platformisation without illusion: Separating integration from theatre.
- Martin Riley, Bridewell Consulting: Strong security balances consolidation and best-of-breed capabilities.
- Vaibhav Dutta, Tata Communications: How CISOs can build a truly unified and resilient security platform.
- Joe Mayhew and Ahmed Tikail, PA Consulting: Beyond integration theatre: Building stronger cyber platforms.
- Rik Ferguson, Forescout: Cyber platformisation: Don't fall into the integration debt trap.
Building AI-ready, cross-domain security teams
As security platforms consolidate capabilities and AI becomes embedded across security tooling, the skill requirements for defenders are evolving rapidly.
Security professionals increasingly need a combination of adversary emulation and offensive testing skills, defensive operations expertise, secure development knowledge, and strong cloud and identity security capabilities. Equally important is the ability to evaluate integrated systems holistically rather than as isolated tools.
For CISOs, this shift has significant strategic implications. Investments in platforms or automation alone cannot guarantee resilience. The effectiveness of those technologies ultimately depends on the people responsible for validating them.
The organisations that succeed will not simply deploy more tools. They will build teams capable of continuously testing, challenging and verifying the security architecture those tools create.
Platform consolidation will continue because the operational advantages are too significant to ignore. However, cyber resilience will not be defined by the platforms an organisation deploys. It will be defined by whether security teams can prove the platforms work as intended under real-world conditions, against evolving threats and in environments increasingly shaped by AI-driven automation.
In platformised security, resilience is not a feature. It is a capability that must be continuously tested and verified.
Haris Pylarinos is founder and CEO of Hack The Box.
Read more on Cloud security
-
![]()
Cyber platformisation: Don't fall into the 'integration debt' trap
By: Rik Ferguson
-
![]()
Gartner: Ditch ‘big transformation’ cyber strategies for continuous improvement
By: Stephen Withers
-
![]()
Beyond integration theatre: Building stronger cyber platforms
-
![]()
How CISOs can build a truly unified and resilient security platform
