The Analyst Shortage Is Forcing MSSPs to Rethink Operations
The cybersecurity industry has been grappling with a talent shortage for years, and security managed services providers (MSSPs) sit at the center of the problem. According to the (ISC)² 2024 Cybersecurity Workforce Study, there is a global shortfall of approximately 4 million cybersecurity professionals—a gap that has widened for three consecutive years.
For MSSPs, this shortage translates into a concrete operational problem: the analysts they do have are too valuable—and too expensive—to spend time on tasks that don't require security expertise. Yet those tasks pile up relentlessly.
Compliance documentation. Client status reports. Incident ticket formatting. Vendor coordination. Onboarding paperwork. These are the administrative costs of running a security services business, and at most MSSPs, they fall on the same analysts who should be investigating alerts and advising clients on risk.
Virtual assistants are providing a structural solution.
Where VA Support Fits in MSSP Operations
The critical question for any MSSP considering VA support is where the line falls between work that requires security expertise and work that doesn't. The answer, once examined carefully, reveals a substantial category of tasks suitable for VA delegation.
Compliance report preparation: Clients in regulated industries—healthcare, finance, government contractors—require regular compliance deliverables: SOC 2 evidence packages, HIPAA risk assessment documentation, PCI-DSS quarterly attestation support. VAs trained in compliance documentation frameworks can compile evidence, format reports, and coordinate the review process, while analysts focus on the substantive risk assessments.
Incident documentation and post-incident reporting: After a security incident is resolved, detailed post-incident reports are required for both internal records and client delivery. VAs can take an analyst's raw notes and format them into polished post-incident reports that follow the MSSP's template standards.
Client onboarding administration: New MSSP clients require extensive onboarding: asset inventory collection, tool deployment coordination, policy acknowledgment signatures, and CRM record creation. VAs own this administrative workflow, ensuring onboarding is thorough and consistent without consuming analyst time.
Vendor and technology management: MSSPs work with numerous security tool vendors—SIEM platforms, EDR providers, threat intelligence feeds. VAs track license renewals, coordinate with vendor support on integration issues, and maintain the vendor relationship documentation that account managers need.
The Analyst Time Recovery Argument
The (ISC)² workforce study data is clear: analysts at MSSPs spend an average of 28% of their working hours on non-analytical tasks. For an MSSP with 10 analysts earning an average of $95,000 annually, that's roughly $266,000 in annual labor cost allocated to work that a VA could handle at a fraction of the price.
Even recovering half of that time—14% of analyst capacity—is worth $133,000 annually. Against a VA program cost of $36,000 to $60,000 per year for two to three full-time VAs, the return is compelling.
More importantly, recovering analyst capacity directly addresses the talent shortage problem. Instead of hiring additional analysts—a difficult, expensive, and slow process—MSSPs can extend the effective capacity of their existing team.
Building a Secure VA Program for Security Operations
Security-conscious MSSP principals will rightly scrutinize the security implications of deploying a remote VA. The concerns are legitimate, and addressing them requires deliberate program design.
VAs should be provisioned with access only to the specific systems needed for their assigned tasks. For compliance documentation work, that might mean read access to a document management system—not the SIEM or EDR platform. For onboarding administration, access to the CRM and onboarding checklist tools—not the threat intelligence platform.
Reputable VA providers operate under documented security protocols, conduct background checks, and work under NDA agreements. MSSPs should treat VA onboarding with the same rigor they apply to any third-party vendor relationship.
What Progressive MSSPs Are Doing
The MSSPs that have moved furthest with VA support treat it as a permanent structural feature of their operations, not a temporary workaround. They've redesigned their workflows to separate analytical work from administrative work, staffing each category appropriately.
The result is a more scalable business. When client volume grows, they add VAs to handle administrative scale before adding analysts to handle security workload.
For security MSPs ready to explore professional VA support, Stealth Agents provides trained virtual assistants with experience in security operations administration and compliance documentation.
Sources
- (ISC)², Cybersecurity Workforce Study, 2024
- Cybersecurity Ventures, MSSP Market Report, 2024
- SANS Institute, SOC Survey, 2024