The Barrier to Entry in the Security Industry

I do not believe within a cups of data one event is going to tell me enough to say yes or no, X happened really. So I'm very much advocate for stringing multiple data events together. And if we can actually have that visibility in terms of the lemon tree, then that's going to help me make a better decision. But how many people are really comfortable doing incident response on a Kubernetes cluster? Like I'm certainly not an expert. I don't know all the logs sources that are available to me. That's the world we're shifting towards.