Samantha Humphries at Exabeam argues that cyber-security professionals of all ages should embrace, not fear, the influx of new technology across the sector.
According to a recent study by Exabeam, nearly 90% of cyber-security professionals believe technological advances such as automation and machine learning will make their jobs easier in the future. However, over half (53%) of respondents aged under 45 also fear the same technology could soon make their roles redundant, leaving them out of a job.
It’s a view that’s easy to understand. After all, many of these new technologies are specifically designed to cut down on time-consuming, labour-intensive aspects of cyber-security, theoretically leading to less reliance on human labour. But in the current industry climate, how worried should employees really be about the rise of the machines?
The global picture is mixed…
Last month, the World Economic Forum (WEF) forecast that half of all tasks will be carried out by machines by 2025. Drawing from research that surveyed 300 of the world’s biggest companies, the forecast suggests the increase in work being done by machines would create 97 million jobs worldwide, but make almost as many redundant. Furthermore, 50% of employers surveyed said they expected automation of some job roles to be accelerated, while 43% said that jobs being cut due to tech is a likely outcome.
…but cyber-security presents its own challenges
While this probably isn’t the kind of thing that nervous cyber-security professionals want to hear, it’s important to remember this forecast is set against a global backdrop, covering all industries and job roles. In the cyber-security industry, things look a bit different. For starters, the severe global labour shortage that’s been afflicting the industry for the best part of a decade shows no sign of abating.
According to Gartner, 61% of organisations are currently struggling to hire skilled security professionals, with the number of vacant positions around the world still in excess of four million. As such, far from replacing existing security professionals, much of the technology coming to the fore at the moment is designed to complement and augment their performance.
For instance, machine learning and automation have the potential to take on a lot of the more mundane work that cyber-security analysts often have to do, freeing them up to work on more critical or strategic activities. Time-consuming tasks such as prioritising security alerts, reducing false positives, and mapping devices to IPs can now be automated.
Elsewhere, machine learning enhances a security team’s ability to quickly detect attacker behaviour, like lateral movement, that would otherwise require significant amounts of time to investigate manually. Machine learning can also build out employee profiles, including their peer groups and personal email addresses, enabling analysts to identify insider threats far more quickly than was possible before.
In fact, previous research has shown that combining security teams with machine learning can reduce the time to complete certain security tasks by as much as 50%. Far from making junior positions redundant, this actually means teams can hire more young staff and help them to hit the ground running by putting powerful security tools and solutions at their disposal. At the same time it expands the talent pool, bringing in much needed fresh recruits who can go on to forge long and successful careers in the industry.
Tasks that machines can’t do
Technology definitely has the potential to improve team efficiency, as well as help remedy the ongoing skills shortage. However, automation and machine learning simply aren’t suited to many of the other critical tasks that cyber professionals carry out on a daily basis. Things like teaching end users good security practice, or using intuition to hunt down bad actors, require the experience and expertise that only skilled security personnel possess. That's something that can’t be replicated by machines, no matter how advanced.
While concerns are understandable, cyber-security professionals of all ages shouldn’t be afraid to embrace technology across the industry. Rather than rendering jobs redundant, it can significantly improve productivity, lighten loads on experienced staff and open the door for new recruits to enter through.
Of course, this doesn’t mean everyone should rest on their laurels. The proliferation of these technologies will be likely to facilitate future evolutions within the sector, with new and different skillsets becoming more sought after by potential employers. That being said, demand for the human touch is not going away any time soon.
Samantha Humphries is Senior Security Strategist at Exabeam. Part of the global product marketing team at Exabeam, Sam has responsibility for anything that has “cloud” in the name. She authors articles and blogs for various security publications, has a strong passion for mentoring, and often volunteers at community events, including BSides, The Diana Initiative, and Blue Team Village (DEFCON).