Last Updated on July 18, 2017
My niece just graduated college. Her four-year degree gets her into the job hunt, but with no guarantees. Like the rest of us—especially in ever-changing fields like IT and InfoSec—she’ll need to constantly refine and expand her newly minted skills and training to stay relevant as she gains work experience.
Right now there’s a widely publicized cyber security “skills gap” and workforce shortage. But does that mean all cyber security skills are in high demand? Given budget constraints and a hyper-dangerous threat landscape, organizations aren’t looking for “just anybody.” In fact, they’re increasingly looking to machines rather than humans to help cover their InfoSec bases.
AI and Cyber Security
InfoSec is one of the many areas where Artificial Intelligence (AI) is being applied with increasing success. AI enables analysis across volumes of data never dreamed of before. Many time-consuming, analytical tasks that people have performed manually are now within the capability of software. This could eventually render some InfoSec skill sets obsolete.
Are you on a career path that could be subsumed by emerging AI capabilities? Or will AI ultimately augment your work processes and enhance your contribution and value to your employer?
At this point, trained and experienced humans are still very much needed to handle most InfoSec analysis and activity, such as audit/compliance, incident response/management, application security development, etc. But AI and machine learning can help us with tasks that require the synthesis of large amounts of data, such as first-pass anomaly detection. This potentially frees security professionals to do more work in less time—and hopefully to also branch out and explore new areas and develop new and pertinent skills.
Software like IBM Watson can “intelligently” parse huge volumes of unstructured data to identify potentially relevant patterns and then pass its insights on to human analysts for a closer look. Even better, this interaction allows both man and machine to learn and improve.
Companies should begin to factor these emerging AI capabilities into their security strategies now, so they’re poised to reap the benefits down the road. Hackers certainly will be doing so.
The Challenges of Adopting AI into InfoSec
Part of the problem we have today is market availability and adoption of AI is still in the “early adopter” stage and isn’t making a big enough impact on cyber security practices. We are also seeing the gap in security capabilities between forward-looking organizations and laggards= getting larger.
Too many firms are still behind the curve on InfoSec process maturity and are challenged to effectively leverage traditional technology, let alone AI. In the end, some will face crises that will cost many times more than the resources required to build a mature information security management system (ISMS).
Another emerging challenge with AI in cyber security is how best to manage it. If I rely on technology versus people for certain pillars of my security posture, what is my risk if the software goes sideways? How will internal and external auditors relate the performance and oversight (or lack thereof) of fully automated controls to the standards they’re validating against?
Making the right choices and understanding the actual risks, impact, and level of effort to achieve success with cyber security AI investments takes significant planning and expertise. The overall goal, as with any security investment, should be to improve and mature current processes. Whatever the latest technology trends, it’s the firms with process maturity that achieve the greatest returns on investment.
Partner with the Experts
To help ensure your organization makes the most sound, pragmatic and high-value investments in technology and talent, contact Pivot Point Security.
To learn about or apply to our InfoSec job opportunities, visit our Careers page.
For More Information on the Intersection of AI and Cyber Security:
- IBM on “cyber security in the cognitive era” (PDF)
- A 60 Minutes script on AI featuring IBM’s John Kelly, “the Godfather” of Watson
- A highly interesting (and disconcerting) article on how AI will empower hackers—possibly creating “unethical intelligence” that could run wild and “damage human well-being on a global scale”