Skip to Content

How Blackstone Made Its Security Team 3 Times More Productive

There’s such a crunch to hire cyber-security talent that private equity giant Blackstone took a different approach: It stopped trying.

“We really have a talent problem and we know that—no matter how many head counts you get approved—you can’t hire enough people,” Blackstone chief security officer Jay Leek said on Tuesday.

Faced with this reality, Leek says Blackstone turned to automation instead. Instead of trying to hire evermore security analysts, it developed a system that replicated some of the run-of-the-mill tasks that took up much of his team’s time.

Consider the familiar problem of employees who locks themselves out of the network. In the past, Leek says analysts would go through a checklist to ensure the problem was simply a “fat finger” mistake by the employee—and not an outsider hacker trying to break into the network.

The process used to trigger a 30 to 40 minute investigation (that turned out to be a “fat finger’ case 99.99% of the time) but now, thanks to software, it takes 40 seconds. Leek said the automation runs through a similar checklist and then passes them to a help desk for a final human verification process.

Get Data Sheet, Fortune’s technology newsletter.

Leek, speaking at the Structure Security conference in San Francisco, says the process began in 2014 with his team writing software to automate these sort of routine security tasks, and eventually led to the creation of a full-blown system to centralize the process. He says this has led both junior and security analysts to be 2.5 to 3 times more productive in their jobs.

Other tasks that have proved ripe for automation include collecting and analyzing the security alerts that flood in when anti-virus software is doing its job. Leek says such alerts are run-of-the-mill, but looking at them as a group provides insight into threat patterns.

Automation has another benefit: It’s easier for Blackstone (BX) to retain security employees since people feel their work is more meaningful—instead of running down a monotonous checklist, they can proceed directly to remediation tasks. And for junior analysts, this means they spend more time on more challenging tasks.

For more about hackers, watch:

Leek says this meant that Blackstone is eliminating a lot of what was once considered “Tier 1” work, and pushing what was formerly “Tier 3” work down to a “Tier 2” level. Eventually, he hopes to eliminate Tier 1 and Tier 2 work altogether.

In response to a “build or buy” question, Leek said that Blackstone ultimately decided to buy a system to manage the automation since the in-house process quickly became so sprawling.