Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10:00 AM
Corin Imai
Corin Imai
Connect Directly
E-Mail vvv

Could Automation Kill the Security Analyst?

Five skills to ensure job security in the Age of Automation.

We have entered the Age of Automation, accompanied by a surge in discussions about artificial intelligence (AI), machine learning (ML), and deep learning (DL). Speculation about how automation will affect the future of the security workforce is rising, too — including the impact on the new remote workforce.

Could automation kill the role of the security analyst? A recent study of 1,027 US and UK IT and IT security practitioners conducted by the Ponemon Institute, and sponsored by DomainTools, reveals the opposite.

An important takeaway from the study is that automation and IT security workers must work hand-in-hand to achieve maximum effectiveness. Automation will never replace the need for the "human element" — especially for security professionals who have the expertise to manage these new technologies. In fact, 68% of respondents said they believe human involvement is important when using automation.

With this in mind, rather than viewing automation as a threat to job security, analysts can instead view it as a catalyst to opportunity. Below are five tips for you to hone your skills to stay well ahead of the automation curve.

Become Proficient in How Automation Technologies Operate
Thirty-nine percent of survey respondents said automation improves their ability to prioritize threats and vulnerabilities, 43% said it increased the productivity of security personnel, and 42% saw the benefit in increasing the speed of analyzing threats. Additional benefits of automation cited were numerous, ranging from reducing false-positive and/or false-negative rates to reducing the complexity of the cybersecurity architecture.

However, automation — as valuable as it is — is not perfect. Therefore, continue to develop your ability to uncover patterns in false-positives, as well as the skills to mitigate risk. You need to have the capacity to start from "worst-case-scenario" and brainstorm to prevent the backfiring of automation.

Programming is also a critical skill to maintain, as is analyzing large datasets. Make a commitment to learn how your tech stack functions so you can keep on top of the downstream impact of a false-positive across the entire operation. Current Tier-1 analysts should focus on developing data science, programming, and communication skills, as well as studying the attacker.

Finally, exceptional communications skills — especially the ability to explain security issues to the business side of the company — are also extremely important and an intrinsically human element.

Seek Out an Experienced Mentor 
Fifty-three percent of respondents reported their organizations do not have a plan to adopt automation because they currently lack the in-house expertise to manage these solutions. To counteract that, deliberately seek out skilled IT practitioners within your organization or through professional industry associations. Learning from them is one of the best resources available.

A qualified mentor will be able to assist in making intelligent and informed decisions about automation technology — knowledge you can leverage going forward. AI and ML still have a way to go in order to match the cognitive capabilities of a human security analyst. Mentorship from an experienced analyst will not only provide additional insight into your organization's past security perspective, but it will help build your expertise as you move forward in learning new technologies together.

Highlight an Understanding of Automation Technologies
Sixty-nine percent of survey respondents said their organizations' security team is typically understaffed. This is an opportunity to establish a plan and define yourself as an in-house automation resource, and then grow your role and skills matrix to further develop the position. Create a playbook for the processes you want to build in conjunction with AI and ML technology. Highlight your understanding of the automation technologies by creating and adopting a hybrid approach wherein you can champion your tactical and creative work, while using AI and ML for the mundane, repeatable workload they handle best. Your advancement plan should contain education opportunities, as well as a maintenance plan to keep you and your team informed of new findings and technologies.

Benchmark How Automation Is Being Used Effectively    
Measuring automation success and SOC efficiency will help you gain an even greater understanding of automation. Fundamental measurements such as automation outcomes, high fidelity signals, and noise reduction will supply deeper insights into how the automation is working, where more effort should be made, and which best practices your organization should move to adopt.

Further, consider measuring the time savings, accuracy, and usefulness of the automation. In some cases, automation could potentially increase the need for resources. When doing an ROI analysis, take into account the ongoing cost of maintenance and support. Metrics should be gathered to both improve protections and provide confidence to the C-suite that automation is secure. Currently, 15% of organizations do not adopt automation as they would like due to lack of C-level support. An easy-to-understand ROI analysis showcasing the business value of automation can help change their perceptions.

Get Involved in Organizations to Share Best Practices  
Joining an industry ISAC, for example, can help you expand your expertise through the sharing of knowledge about threats and incidents, and increase your security maturity level through the validation of experience and ideas. Today, only 48% of organizations are engaging in threat intelligence sharing, meaning there's much room for growth in collaborating with industry peers.

Other opportunities for collaboration can come through joining online communities (such as Slack peer groups) or through building yourself as an industry influencer through social marketing (blogging, podcasts, etc.). By facilitating conversations about AI, ML, DL, and security, you will have the opportunity to support other organizations' efforts to use automation as well.

Although automation is a scalable way to enhance the security of your organization, it is also a vast magnifier of human efforts. Humans are still in critical need as automation is developed: It takes an actual person to own and maintain the automation tools, implement the new automation technology, define processes and workflows, and more. Those who put forth the effort to learn new skills in order to work side-by-side with AI, ML, and DL will have a secure place in the Age of Automation.

Related Content:

 Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register

Corin Imai is senior security advisor at DomainTools. She began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-04
An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
PUBLISHED: 2020-08-04
An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a device's plus or r...
PUBLISHED: 2020-08-04
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the applicat...
PUBLISHED: 2020-08-04
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information.
PUBLISHED: 2020-08-04
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash...