12 Oct 2022
by Tris Morgan

Important lessons from our cybersecurity automation journey (Guest blog by BT)

Guest blog by Tris Morgan, Director, Security Advisory Services at BT #Cyber2022

Automation in cybersecurity is becoming a critical part of an organisation’s defences. Our cyber defence journey and experience in automation spans over 20 years and we’ve learnt a lot along the way.

Looking back, our automation story began in the early 2000s. We’d started to notice recurring patterns on our network, usually just before a customer reported a failure on their broadband or telephone line. So rather than keep fixing the problem reactively, we decided to investigate a way to automate a process that could detect these patterns and prevent failures before they happened.

As our earliest large-scale automation, it took the pressure off our engineers and reduced faults which improved our customers’ satisfaction. Plus, it taught us a valuable lesson, that with the right data and people we can free up our engineers, and their expertise, to focus on more complex tasks.

Introducing security automation

From here, we started exploring all the areas that automation could provide benefits for our organisation. That’s why in 2018, we began our automation journey in our Security Operations Centres (SOCs). Unlike many other companies, our SOCs managed both internal and external security so we realised we had access to this incredible set of data to automate internal and external security as one.

With this data, we set out to harmonise the customer experience when changes or incidents were handled in different or multiple locations. We wanted to save time by improving our analysts’ efficiency and provide great experiences for customers while automating best practice. But the reality was not so straightforward.

Learning from setbacks

 Our initial achievements didn’t match our ambitions. It was a big learning curve for us, and we discovered some key lessons from the start of our automation journey that went on to significantly change our approach:

  • never try to automate a complex process that’s not fully understood – it simply creates even more complexity
  • always take incremental steps - find marginal gains in existing processes to deliver real improvements
  • never accept that a system is perfect – automation is a continuous learning and improvement process
  • automation isn’t a solo task – for success, people need to pull together and collaborate around a common mission.

Discovering unexpected benefits

We also uncovered a number of unexpected benefits in a variety of areas. Across our analyst teams, the drive to collaborate around automation boosted our team’s morale, satisfaction went up and in turn this helped drive better retention, greater focus and ultimately better experiences for our customers who worked with them. Plus, there were also considerable cost and time savings.

Using these learnings, we’ve now automated large sections of our key playbooks for a more consistent experience. It’s saved us significant handling time on many simple service requests and incidents, freeing up our analysts to focus on more critical work. In a few cases, we’ve even been able to significantly reduce the number of different systems our analysts use to resolve a situation.

Informing our present

We’ve leverage all our years of experience and learning to recently launch our most sophisticated cybersecurity platform yet – Eagle-i.

Built as a response to today’s increasingly complex threat landscape, the platform uses automated decision making so that it can learn from each intervention. This means it constantly improves its threat knowledge to protect our customers, and can ultimately predict and prevent attacks before they inflict damage.

We’re also committed to tackling the cyber skills gap and developing the next generation of cybersecurity professionals. Our security apprenticeships and graduate scheme, along with our new reskilling programme in partnership with CAPSLOCK, are key ways we're achieving this.

As the number of cyber threats continues to increase, it is no longer possible to manually react to all the alerts. Adopting automation in strategic and critical security functions is therefore critical to managing the cyber threat landscape, and protecting your organisation.

Help to shape and govern the work of techUK’s Cyber Security Programme

Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.

*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.

Upcoming events 

Cyber Innovation Den

On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.

Book now!

Cyber Security Dinner

In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.

Book now!

Get involved

All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.

The Cyber Management Committee sets the strategic vision for the cyber security programme, helping the programme engage with government and senior industry stakeholders.


The CSSMEF is comprised of SME companies from the techUK membership. The CSSMEF seeks to include a broad grouping of different SME companies working in the Cyber Security (CS) sectors.




Tris Morgan

Tris Morgan

Director, Security Advisory Services, BT

Tris Morgan has over 17 years’ experience in security, working across industry, global governments and academic institutions in the advancement of ground-breaking security capability.

In his latest role leading our security consulting business, Tris Morgan and his team provide strategic security direction to both large and small customers, police forces and global governments. The consulting unit helps organisations at all stages of their security journey to assess and test their defences, understand the latest threats and trends, and select the solutions that match their security needs.

Tris Morgan has had a varied career working with start-up companies in Silicon Valley and the Massachusetts Institute of Technology (MIT) to bring in new technologies into BT. Prior to this, Tris Morgan led our security portfolio and strategy team for government accounts and has held several senior technical roles.

He graduated with a BSC (Hons) in Computer Science with Artificial Intelligence.


Read lessmore