Can AI Help Reduce The Cybersecurity Workforce Gap?

Uploaded on 2023-07-10 in TECHNOLOGY-Key Areas-Artificial Intelligence, JOBS-Careers, FREE TO VIEW

Much has been made of whether Artificial Intelligence (AI) will steal our jobs but what if it could do the opposite and help us to resolve the current skills crisis? According to (ISC)2 there are 3.4m job vacancies in cybersecurity worldwide, equivalent to 42% of the total workforce and its growing, with 14,100 vacancies arising every year in the UK alone. 

These skills shortages have already forced businesses to look at where they can automate processes, with 17% of organisations using AI/ML and automation in cybersecurity operations, according to (ISC)2. But such figures predate the emergence of generative AI.

Now, according to the Future of Work 2023 study by the World Economic Forum (WEF), 75% of businesses intend to adopt AI and automation technologies over the next five years. Moreover, automation is now regarded as a primary workforce strategy that 80% of organisations intend to pursue. 

AI As An Aid

There’s now much more belief in the ability of the technology to aid us in tasks. AI is already being used in a cybersecurity context to generate reports and documentation in GRC. It’s able to draw from libraries and rapidly write secure code which means it could be used to both create and debug code jeopardising those in DevSecOps. Penetration testers and red teamers are also likely to use its capabilities to create phishing tests and social engineering exercises as it can grab OSINT from social media platforms etc. 

These and other use cases illustrate the ability of the technology to lighten the load of security teams and that’s vitally important because stress is directly contributing to the workforce gap. A recent survey found that over half of UK IT industry decision makers think they will lose cybersecurity staff this year due to burnout.

Alleviating the pressure on security personnel also frees up resource, so that instead of having to start from scratch when generating code or a report, the cybersecurity professional simply needs to check, verify and extend the results produced by the AI. This is likely to see job remits change overtime, and AI skills become prized.  

Changing Roles

The same WEF survey found that AI and big data roles are predicted to grow 30-35% over the next five years. Furthermore, while AI only ranks 15th on its list of core skills today, that is still well above the ranking of computer programming, network and cybersecurity skills, suggesting AI will soon be regarded as an essential core skillset. 

We’re also now seeing vendors offer the technology alongside their solutions. This enables their customers to use AI to summarise SOC incident reports and SOAR playbook outputs, for instance, improving the speed of response. And these advances are driving investment.

A recent Blackberry survey revealed that 48% of IT decision makers plan to buy AI-driven cybersecurity solutions during the course of this year and 82% over the next two years.

Taking all these factors into consideration, it appears that AI is in many ways a logical extension of the automation we’ve already seen in the industry, such as automated threat hunting, incident response, and even red teaming. It’s by no means perfect and as with any tool the results will need to be verified with quality checks in place. But it does move us on from the point of cybersecurity being a purely technical career.

The Human Factor

As we’ve seen in recent reports such as the (ISC)2 Cybersecurity Hiring Managers Guide, soft skills are becoming far more sought after and valued. They’re a core part of any cybersecurity job interview, with the top non-technical skills being the ability to work in a team and independently, with project or customer facing experience, and good presentation skills.

Top soft skills include problem solving, creativity, analytical thinking, the desire to learn and critical thinking. This is because it is now widely acknowledged that while technical skills can be taught, these other skillsets are innate.

Of course, many cybersecurity jobs do require technical competency but there are now such a diversity of roles and skillsets that the UK Cyber Security Council has been tasked with mapping these into a Cyber Career Framework using 16 Cyber Pathways. In a similar fashion, the EU launched its European Cybersecurity Skills Framework (ECSF) in September to enable employers, recruiters and candidates to more accurately advertise job positions and plan their workforce. 

My guess would be that those roles will again morph over time as AI begins to permeate the workplace and we’ll see prompting, for example, become core skillset.

We can expect some roles to merge, others to expand and new ones to evolve – but the constant will be the human in the machine. AI has great potential and will almost certainly help alleviate the cyber skills shortage. But it is no substitute for human intellect, intuition, reasoning and analysis.

Jamal Elmellas is COO at Focus-on-Security                      Image:  Adi Goldstein on Unsplash

You Might Also Read: 

The Skills Gap Is Increasing Risk & Exposure To Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Malvertising Proliferates As Half Of Online Ads Are Now AI Generated 
Zero Trust: A Paradigm Shift in Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

Dotsquares

Dotsquares

Dotsquares leverage the latest web and mobile technologies to build, grow and support your business.

Black Alps

Black Alps

Black Alp's mission is to promote cybersecurity through the organization of dedicated events.

SeQure

SeQure

SeQure is a novel cybersecurity and data observability company that offers Fortune 100 and Governments a zero-trust service to continuously monitor large network environments.