In my experience, the gap between the capability to perceive and the capability to comprehend is significant. I have encountered this challenge both in my studies and in my professional life. I believe this is a critical factor to consider on the path to achieving situation awareness. If we have the data, why is it so difficult to analyze it in a way that leads to true comprehension?

Definitions

Let’s start by defining two key concepts:

• Perception is the ability to detect, identify, and pick out relevant signals, events, or data points from a complex environment.
• Comprehension is the ability to interpret those perceived elements, place them into context, and combine them with prior knowledge to form a meaningful understanding of the situation.

The issue

It would be an understatement to point to a single reason for the challenges involved in creating multidimensional constructs such as situation awareness. However, one of the most interesting aspects, in my humble opinion, is the following:

The ability to perceive relevant data in a cyber environment is, in many ways, binary. Either you have access to the relevant data, or you don’t. It’s simple and, in a way, comforting — like the old saying: you’re either pregnant or you’re not; there’s no such thing as being a little bit pregnant.

Because of this, perception often feels like a solvable problem. We can launch a project to collect logs from our critical systems — set it up and move on.

And this is where things get uncomfortable: comprehension is not a tooling problem — it’s a cognitive one. Tools and processes can support it, but they do not create it. At the end of the day, comprehension happens in the human mind.

Creating processes that support data fusion — transforming raw data into situational awareness — is already a challenging task in itself. But what about identifying and using technical tools in a way that supports the right analytical elements and provides meaningful, contextual understanding for different people? And to make it even more challenging, the goal itself keeps shifting — driven by changes in the threat landscape, operational criticality, and the broader environment.

Now, instead of a project we can tackle, we are dealing with a continuous process. This means we can no longer “complete” the problem. There is no finish line, no final architecture, no perfect dashboard. Instead, we are operating a living system — one that must continuously adapt, learn, and recalibrate how it turns data into understanding.

Perception can be engineered. Comprehension must be cultivated.

That, my friends, is something we need to understand if we are to shorten the distance between perception and comprehension.