Cybersecurity requires both experts, tools

By Karen Hanna  

No technology exists to ensure that technology always runs smoothly.  

For that, there are humans.  

For manufacturers at risk of a cyberattack and already stressed to find workers, cyber experts offer a frustrating insight: You’re gonna have to find a guy — and some room in the budget — for protecting yourself.  

“Really good cybersecurity is not out of reach. It can be affordable. It doesn't need to be super-complex. There’s what we’re there to do,” said Patrick Curtin, director of technical sales for Field Effect, a firm that offers monitoring and other services to companies concerned about their cybersecurity.  

But, according to cybersecurity expert Jesse Varsalone, sometimes the person who can help — or who has the potential to learn — is in your own shop.  

“We see people who may have a lot of experience in manufacturing or plastics or something like that, and know the lay of the land and the way the companies work and operate, and say, ‘Well, I don’t really want to do that anymore, but I’d kind of like to stay around and do some of the IT, and here’s something new and interesting and cool,’ ” said Varsalone, who has helped companies prevent and recover from attacks.  

Whether it’s a third-party company, like Field Effect, that provides cyber monitoring and protection or an in-house expert, cybersecurity experts say you can’t replace humans with tools; you need both.  

“We believe that the way to solve your problems is actively, through the perfect combination of humans and artificial intelligence and [software] platforms, and really everything coming together to solve and detect and respond [to] the cybersecurity problem,” said Christopher Fielder, field CTO at Arctic Wolf, which provides cybersecurity services and publishes research about cybersecurity topics. “We wish that there was an easy button and magic solution, but the real solution is just hard work and finding that right formula to resolve problems.”  

That’s why he advises: “Invest in people over tools.”  

In a survey earlier this year of 1,200 IT and security decision makers at companies in the U.S. and abroad, 18 percent of respondents in the U.S. told Arctic Wolf they believe their organization is incorrectly investing in their technology, but 48 percent reported there’s adequate staffing for IT. The company’s “2025 Trends Report,” which includes the survey, provides this advice: “Mature organizations should regard cybersecurity products, solutions, services and capabilities — like MFA (multifactor authentication), for example — not as sunk expenses, but as investments to preserve continuity and protect productivity.” 

According to the Arctic Wolf survey, more than two-thirds of respondents are satisfied with the return on investments in IT.  

“We have to understand that the IT component of our business is core to our business now,” Curtin said. “... When someone gets [a] ransomware [demand], the IT is wiped out. It’s all encrypted. You’re not able to use your systems. Can you run your business without that? People need to think about, 'IT is core to my business. It needs to stay modern to be defendable. It requires investment.’ It’s table stakes today.”  

Someone to turn to  

Manufacturers have options when it comes to IT matters, including cybersecurity. In-house? Or third-party? Maybe a combination of both? 

The investment, and how it’s allocated, varies by organization.  

Fielder said there’s no best practice when it comes to spending levels — but some investment is definitely required. “What we say instead is, spend the appropriate amount to protect your environment, to at least say, ‘You know what, I’ve done my due diligence, I’ve gotten that visibility.’ ”  

Just don’t overlook the importance of people. As Fielder said, “If you spend most of your allowed budget on a tool, you’re probably not going to have much left for somebody to actually utilize that tool.”  

Many companies opt to outsource cybersecurity, giving them 24/7 coverage, as well as assurance of a full-throttle response in the event of a breach.  

“If a company realizes, ‘OK, I need help,’ they typically need to seek a partnership to do it right, as opposed to, ‘OK, I’m going to hire a cybersecurity expert,’ ” Curtin said.  

However, Varsalone has seen firsthand that people from all walks of life can thrive in cybersecurity careers. In fact, some can enter the field straight from the shop floor.  

As an associate professor of cybersecurity at the University of Maryland Global Campus, who’s also taught students in middle school and high school, he said his top students have included people who moved into the field after careers in the military, retail and bars. One of his stars was a bike mechanic; another served in the U.S. Navy.  

“Anyone is a good candidate, if they want to really put their mind to it, to be a part of cybersecurity,” he said.  

Varsalone admitted he’s so fascinated by the field, he can’t resist making casual observations of the types of software he sees running at businesses he visits, like banks and grocery stores.  

Often, unfortunately, that reconnaissance just underscores how critical IT experts are — there are a lot of vulnerabilities to address.  

“I encourage people to go into the cyber field, because we talked about extensively how there’s just so many things, so many moving parts, so many changing applications, so many changing technologies. You have to invest in people to do that, and you have to train your people. ...,” Varsalone said.