We have entered the Age of Automation, accompanied by a surge in discussions about artificial intelligence (AI), machine learning (ML), and deep learning (DL). Speculation about how automation will affect the future of the security workforce is rising, too — including the impact on the new remote workforce.
Could automation kill the role of the security analyst? A recent study of 1,027 US and UK IT and IT security practitioners conducted by the Ponemon Institute, and sponsored by DomainTools, reveals the opposite.
An important takeaway from the study is that automation and IT security workers must work hand-in-hand to achieve maximum effectiveness. Automation will never replace the need for the "human element" — especially for security professionals who have the expertise to manage these new technologies. In fact, 68% of respondents said they believe human involvement is important when using automation.
With this in mind, rather than viewing automation as a threat to job security, analysts can instead view it as a catalyst to opportunity. Below are five tips for you to hone your skills to stay well ahead of the automation curve.
Become Proficient in How Automation Technologies Operate
Thirty-nine percent of survey respondents said automation improves their ability to prioritize threats and vulnerabilities, 43% said it increased the productivity of security personnel, and 42% saw the benefit in increasing the speed of analyzing threats. Additional benefits of automation cited were numerous, ranging from reducing false-positive and/or false-negative rates to reducing the complexity of the cybersecurity architecture.
However, automation — as valuable as it is — is not perfect. Therefore, continue to develop your ability to uncover patterns in false-positives, as well as the skills to mitigate risk. You need to have the capacity to start from "worst-case-scenario" and brainstorm to prevent the backfiring of automation.
Programming is also a critical skill to maintain, as is analyzing large datasets. Make a commitment to learn how your tech stack functions so you can keep on top of the downstream impact of a false-positive across the entire operation. Current Tier-1 analysts should focus on developing data science, programming, and communication skills, as well as studying the attacker.
Finally, exceptional communications skills — especially the ability to explain security issues to the business side of the company — are also extremely important and an intrinsically human element.
Seek Out an Experienced Mentor
Fifty-three percent of respondents reported their organizations do not have a plan to adopt automation because they currently lack the in-house expertise to manage these solutions. To counteract that, deliberately seek out skilled IT practitioners within your organization or through professional industry associations. Learning from them is one of the best resources available.
A qualified mentor will be able to assist in making intelligent and informed decisions about automation technology — knowledge you can leverage going forward. AI and ML still have a way to go in order to match the cognitive capabilities of a human security analyst. Mentorship from an experienced analyst will not only provide additional insight into your organization's past security perspective, but it will help build your expertise as you move forward in learning new technologies together.
Highlight an Understanding of Automation Technologies
Sixty-nine percent of survey respondents said their organizations' security team is typically understaffed. This is an opportunity to establish a plan and define yourself as an in-house automation resource, and then grow your role and skills matrix to further develop the position. Create a playbook for the processes you want to build in conjunction with AI and ML technology. Highlight your understanding of the automation technologies by creating and adopting a hybrid approach wherein you can champion your tactical and creative work, while using AI and ML for the mundane, repeatable workload they handle best. Your advancement plan should contain education opportunities, as well as a maintenance plan to keep you and your team informed of new findings and technologies.
Benchmark How Automation Is Being Used Effectively
Measuring automation success and SOC efficiency will help you gain an even greater understanding of automation. Fundamental measurements such as automation outcomes, high fidelity signals, and noise reduction will supply deeper insights into how the automation is working, where more effort should be made, and which best practices your organization should move to adopt.
Further, consider measuring the time savings, accuracy, and usefulness of the automation. In some cases, automation could potentially increase the need for resources. When doing an ROI analysis, take into account the ongoing cost of maintenance and support. Metrics should be gathered to both improve protections and provide confidence to the C-suite that automation is secure. Currently, 15% of organizations do not adopt automation as they would like due to lack of C-level support. An easy-to-understand ROI analysis showcasing the business value of automation can help change their perceptions.
Get Involved in Organizations to Share Best Practices
Joining an industry ISAC, for example, can help you expand your expertise through the sharing of knowledge about threats and incidents, and increase your security maturity level through the validation of experience and ideas. Today, only 48% of organizations are engaging in threat intelligence sharing, meaning there's much room for growth in collaborating with industry peers.
Other opportunities for collaboration can come through joining online communities (such as Slack peer groups) or through building yourself as an industry influencer through social marketing (blogging, podcasts, etc.). By facilitating conversations about AI, ML, DL, and security, you will have the opportunity to support other organizations' efforts to use automation as well.
Although automation is a scalable way to enhance the security of your organization, it is also a vast magnifier of human efforts. Humans are still in critical need as automation is developed: It takes an actual person to own and maintain the automation tools, implement the new automation technology, define processes and workflows, and more. Those who put forth the effort to learn new skills in order to work side-by-side with AI, ML, and DL will have a secure place in the Age of Automation.
- The Modern SOC Demands New Skills
- What Cybersecurity Pros Really Think About Artificial Intelligence
- Malicious Use of AI Poses a Real Cybersecurity Threat
- Cybersecurity Will Always Need the Human Element
- How Cybersecurity Incident Response Programs Work (and Why Some Don't)