Secure.com urges 'human-first' design for security ops

Secure.com has published a report on security operations arguing that many teams face avoidable risk because day-to-day workflows drive staff toward workarounds, missed alerts, and tool avoidance.

The Dubai-based firm frames the problem as one of design rather than staffing. Security processes often assume analysts can handle constant tool-switching, high alert volumes, and rapid decisions under pressure.

Chief executive Uzair Gadit said poor workflow design becomes an operational risk when it adds friction to routine work. "Most security workflows treat people like machines. They expect analysts to process hundreds of alerts, jump between tools, and make fast decisions under pressure all day, every day. When security workflows fight your team instead of supporting them, people stop following them and that's when the real risk begins," he said.

Alert overload

The report focuses on security operations centres (SOCs), which monitor and respond to threats. It says these teams face growing alert volumes and rising complexity across endpoint, network, and cloud systems.

Secure.com cites industry surveys pointing to stress and dissatisfaction among SOC professionals. It references figures suggesting more than 70% have considered quitting due to stress and unmanageable alert volumes. It also cites a Trend Micro survey in which 51% of SOC teams said they felt overwhelmed, with analysts spending more than 25% of their time handling false positives.

The report describes a "visibility trap" in which more data and more alerts do not translate into better outcomes. When many events appear equally urgent, teams lose trust in their tools and genuine threats can be buried in noise.

Workarounds and risk

A central argument is that bypassed workflows create security exposure. When processes are too slow, repetitive, or unclear, staff take alternative routes. Incidents and approvals may happen outside logged systems, and investigation steps may become inconsistent.

Secure.com includes an example of user frustration from an online forum discussion about security information and event management (SIEM) platforms: "I hate touching the SIEM because I feel like I don't know how to do any meaningful work there."

It positions friction as a design issue rather than a performance issue, arguing that secure behaviour is more likely when the approved workflow is the simplest option.

Human-first design

The report sets out several principles for "human-first" security workflows. It calls for prioritised, context-rich signals instead of high-volume alert streams, and for embedding security actions into tools staff already use rather than adding more dashboards and consoles.

It also highlights the value of context in incident response and vulnerability management, arguing teams act faster when tasks include information such as affected assets, likely impact, and what happened before and after an event.

The report distinguishes between tasks suited to automation and decisions that require human judgement. Repetitive work such as triage, enrichment, correlation, and routing can be automated, it says, while high-stakes approvals, escalation calls, and risk trade-offs need people.

It cites claimed operational gains from automation, including a 45% to 55% improvement in mean time to respond and a 70% reduction in manual triage workload in organisations that automate parts of these workflows. It also says some organisations using "intelligent filtering" report up to 80% fewer alerts reaching analysts without reducing detection quality.

Product positioning

Secure.com uses the publication to explain how its product approach aligns with these ideas. It markets "Digital Security Teammates" that work across existing security and IT tools, and says the system integrates with more than 200 products, including SIEMs, endpoint detection and response tools, major cloud platforms, ticketing systems, and collaboration tools.

The company says these "Digital Teammates" provide pre-written investigation summaries, flag decisions that require an analyst, and handle low-risk routine work automatically. It also says the system keeps an audit trail, making actions traceable and decisions explainable.

Secure.com describes automated triage and enrichment as a way to cut manual workload. It also says the system provides unified context in a single view to reduce tool-switching, offers a drag-and-drop workflow builder for response playbooks, and requires analyst approval for high-impact actions.

The report's emphasis on usability and workflow design reflects a broader shift in security operations as teams try to reduce burnout and improve response times. Vendors are increasingly focusing on automation, integration, and case management, while buyers ask how products fit with collaboration and ticketing tools alongside traditional security controls.

"Most security workflows treat people like machines. They expect analysts to process hundreds of alerts, jump between tools, and make fast decisions under pressure all day, every day. When security workflows fight your team instead of supporting them, people stop following them and that's when the real risk begins," said Uzair Gadit, CEO, Secure.com.

Secure.com expects more organisations to review how they prioritise alerts, present investigations to analysts, and place approvals within the incident response process as security operations teams face continued pressure on staffing and workload.