When protecting Polaris Alpha’s growing infrastructure, CISO Eric Schlesinger believes that a people- and process-based approach is superior to a tools-based approach. But five years from now, those priorities may change.
I think machine learning and artificial intelligence are the future of security development. In the long run, an ‘AI analyst’ can replace a full-time employee or two, as it will make decisions based on patterns on the web…and take action for you.
He said the company has invested in several “leading edge” machine learning security tools and expects these new capabilities to emerge.
Those cyber professionals who are being replaced by AI tools may face even greater challenges. In many companies, they will be trained in more specialized cyber skills to deal with threats from cloud platforms, the Internet of Things and the proliferation of ransomware.
AI is just one of many factors that will transform the cybersecurity career over the next five years. While data from the Center for Cyber Safety and Education shows that the global cybersecurity job gap will continue to widen through 2022 (it is estimated that the global cybersecurity job gap will reach 1.8 million by 2022), Five years from now, these roles, and the cybersecurity career as a whole, will be different.
First, according to Steven Weber, longtime director of cybersecurity at the University of California, Berkeley, the cybersecurity career will become more nuanced as advanced attackers pursue more deceptive avenues such as adversarial machine learning, ingenious deepfakes, and training Minor changes to the dataset skew the algorithm.
The proliferation of connected devices will require IT security teams to align their knowledge with operations teams, while the digital transformation of the enterprise will require security-related roles to exist across the organization—product development and customer experience teams.
Cybersecurity researchers and consultants give a brief look at the future of security careers.
Future Needs: Combining IT and OT Skills
Today, millions of devices connect plant-level technology with business systems. This has led to a convergence or sharing of security roles and technology roles in industries such as power, gas and manufacturing, Paller said.
Operational technology security is often addressed at the factory level, but digital transformation requires them to share security responsibilities with the IT team.
There is no communication between them. These industries will need security personnel who are experts in control systems and who are well versed in cybersecurity.
The Future Needs: Embrace AI
AI is expected to take over many of the day-to-day first-level security responsibilities, freeing up employees for more pressing issues.
Paller said the U.S. State Department gave a brief overview of the capabilities of AI. Every night, AI tools automatically scan 80,000 systems and prioritize security efforts. In the morning, sysadmins will know the top jobs. These fixes still require security professionals to perform, but those who write and run vulnerability reports and submit them to fixes are no longer required.
Phil Quade, author of the book “the Digital Big Bang: the Hard Stuff, the Soft Stuff and the Future of Cybersecurity,” and chief information security officer at Fortinet, says people should embrace AI, not fear it. AI will never take over all network jobs, but every layer of AI will make it easier to achieve cybersecurity.
The cybersecurity heroes of the future will be those who understand how to combine the results of machine learning and artificial intelligence with human decision-making.
Future needs: more diversity
Quade says that if done right, organizations will add diversity to their security positions — diversity of gender, race, background and experience. This will help us create better cybersecurity solutions, he said. Quade recalls being one of the best cybersecurity analysts he’s ever worked with, with an anthropology background and an amazing problem-solving approach, as he was trained in a different discipline, another colleague had previously trained CIA agent.
From a diversity standpoint, some of these skills do come into play because they help you understand how people work, what they’re good at and what they’re not good at, which will allow us to use technology to do what it’s good at, Train teams to do things that technology is not good at.
Future needs: CISOs drive a culture of safety
Paller points to the proliferation of ransomware and “compliance — the end of an era of complacency” as a turning point in the new role of cybersecurity.
He said that despite the well-done security report, ransomware attacks continued to hit organizations and boards realized they had to pay more attention. They now recognize that meeting minimum compliance standards does not ensure the security of an organization. This makes security efforts more focused on risk than checking compliance lists.
(ISC)? Chief Operating Officer Wesley Simpson said that as cybersecurity is further integrated into every aspect of the business, the CISO’s role and influence will help drive the development of a security culture across the organization.
CISOs are really on an island, and when something goes wrong, there is no one else around. Now they have the whole organization behind them. They will be the heart and center of the organization and business. They will affect all non-teams.