Automation and the existential opportunity

A lot of people are scared automation will eliminate their jobs. That’s going to be true in some industries, but ours is not one of them. Cybersecurity professionals who are accustomed to dealing with existential threats need to flip their mindsets and think of automation as an existential opportunity.

There are millions of unfilled jobs in security today. The pressure on our people is tremendous, and burnout is a big problem. Cybersecurity professionals are similar to first-responders, addressing one crisis after another with no end in sight. The number of alerts is overwhelming, and a sense of futility can creep in.

Almost 1 in 5 cybersecurity professionals are not happy in their careers, despite lucrative compensation and the ability to pick and choose their employers. And it’s not just the defenders in the trenches who are mentally exhausted by constant hyper-vigilance; 17 percent of CISOs say they’ve turned to alcohol or medication to manage their stress.

The Maslach Burnout Inventory identifies three critical components of burnout: exhaustion, cynicism, and a lack of self-efficacy. Anyone who’s spent time in a Security Operations Center (SOC) can make the connection between these three things and the never-ending need to do too much work with too few resources without ever making a dent in the number or frequency of incidents.

Cybersecurity professionals can feel stuck. Stopping the next breach takes priority over getting additional training or bringing innovative ideas to life. It’s no surprise that 65 percent of cybersecurity professionals say they struggle to define their career paths. But while cybersecurity professionals may be dissatisfied with their jobs at times, most are still passionate about their work.  What they do is important, and they know it.

People in our industry want to acquire new skills, find more interesting career paths, and do more exciting work. Automation can enable that progression to occur.

The deep chasm between “intelligence” and “thought” 

People are beginning to think of AI as a human brain, but it isn’t. A machine can’t detect the nuances between one group of threat actors and another, or make the connection that shows a sophisticated group of actors incorporating commodity malware in a new style of attack. AI is just math, a collection of algorithms that perform tasks but lacks the intuition and associative memory-the spidey sense-that is a common trait of experienced cybersecurity professionals.

White hat researchers have been experimenting with the security of deep neural networks for some time, and we can be sure bad actors are doing the same. However, just as we worry more about an average worker succumbing to a simple social engineering exploit than we do about devious plots orchestrated by evil geniuses, we should focus on getting good decisions out of our AI instead of blindly moving forward based on what machines tell us to do. A human element is still essential, and that’s not going to change in the next 10 years.

What will change are the roles of cybersecurity professionals. Start by saying goodbye to the Tier 1 analyst.

The opportunity for fun and fulfillment

Automation doesn’t mean fewer jobs. It means better jobs. Many security professionals spend their days doing tasks simple enough to be automated, like finding things in data, seeking loose associations, and looking for things that don’t come out in traditional statistical analyses. For instance, look at the work a T1 analyst performs: a person in this role gathers information and decides whether to escalate. A machine can do that more reliably and at a greater scale than any human.

When routine activities are automated, T1 analysts can put their skills to better use on important tasks like incident management, understanding campaigns, and responding to incidents. These are experiences that will help a person remain relevant through career transitions. 

According to the “Voice of the Analyst” study conducted by Cyentia Institute (page 16, figure 17) , SOC analysts enjoy forensics and threat hunting, and these activities provide excellent value. However, minimal time is afforded to these activities; they are squeezed out by monitoring activities. AI enables automation of these low-value/high-time activities to afford more time for hunting and forensics in the SOC.

From a business standpoint, automation gives space to innovate where talent is at a shortage. This is especially significant for organizations that can’t find or afford a full security team. Without enough people, some work doesn’t get done  - and some risks go unmitigated. Automation fills staffing gaps and frees up security teams to perform more elevated activities and help their employers’ address emerging challenges.

Mature companies should already be planning to eliminate or uplevel T1 roles as we know them today. But the driving reason to adopt automation should not be to reduce headcount. It should be to optimize the skills already onboard and to bring in new talent at a higher level. Companies that do this can use AI as a recruiting aid: cybersecurity professionals are decidedly more interested in joining organizations that offer them time to learn on the job and the chance to work on projects that further their careers. Businesses that can’t provide those opportunities will pay more for what they’re getting and have difficulty retaining talent.

The freedom to innovate

Cars today can warn drivers a collision is about to occur, but they can’t prevent a crash from happening. The human driver is still in control. And that’s about where we are in the development of AI: no machine can understand the total risk to the environment, nor can it instruct itself on the best steps to take when faced with the unknown. A human still needs to be at the wheel.

Security professionals are typically innovators. They’re not going to leave AI to run on its own with no oversight or tweaking. They’re going to use it to their advantage, giving it tasks that make sense for a machine to handle while they branch out into new areas of expertise, address more interesting problems, and create more exciting career paths for themselves.

So for at least the next ten years, we won’t see automation replacing analysts on a wholesale basis. AI will be like a car’s collision avoidance system, as opposed to a chauffeur - a helper, not a replacement. AI may aid in solving a particular problem today, but there’s no assurance it will be as useful when attack trends change tomorrow.

Yes, AI can compress detection times and build situational awareness, but don’t make the mistake of believing it has infinite value. An experienced cybersecurity professional is far more valuable than any artificial intelligence system can be, and that will remain true as long as attacks are the products of human minds.

By Jason Lamar, sr. director, product management, security business group, Cisco

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.