Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

6/4/2020
10:00 AM
Corin Imai
Corin Imai
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

Could Automation Kill the Security Analyst?

Five skills to ensure job security in the Age of Automation.

We have entered the Age of Automation, accompanied by a surge in discussions about artificial intelligence (AI), machine learning (ML), and deep learning (DL). Speculation about how automation will affect the future of the security workforce is rising, too — including the impact on the new remote workforce.

Could automation kill the role of the security analyst? A recent study of 1,027 US and UK IT and IT security practitioners conducted by the Ponemon Institute, and sponsored by DomainTools, reveals the opposite.

An important takeaway from the study is that automation and IT security workers must work hand-in-hand to achieve maximum effectiveness. Automation will never replace the need for the "human element" — especially for security professionals who have the expertise to manage these new technologies. In fact, 68% of respondents said they believe human involvement is important when using automation.

With this in mind, rather than viewing automation as a threat to job security, analysts can instead view it as a catalyst to opportunity. Below are five tips for you to hone your skills to stay well ahead of the automation curve.

Become Proficient in How Automation Technologies Operate
Thirty-nine percent of survey respondents said automation improves their ability to prioritize threats and vulnerabilities, 43% said it increased the productivity of security personnel, and 42% saw the benefit in increasing the speed of analyzing threats. Additional benefits of automation cited were numerous, ranging from reducing false-positive and/or false-negative rates to reducing the complexity of the cybersecurity architecture.

However, automation — as valuable as it is — is not perfect. Therefore, continue to develop your ability to uncover patterns in false-positives, as well as the skills to mitigate risk. You need to have the capacity to start from "worst-case-scenario" and brainstorm to prevent the backfiring of automation.

Programming is also a critical skill to maintain, as is analyzing large datasets. Make a commitment to learn how your tech stack functions so you can keep on top of the downstream impact of a false-positive across the entire operation. Current Tier-1 analysts should focus on developing data science, programming, and communication skills, as well as studying the attacker.

Finally, exceptional communications skills — especially the ability to explain security issues to the business side of the company — are also extremely important and an intrinsically human element.

Seek Out an Experienced Mentor 
Fifty-three percent of respondents reported their organizations do not have a plan to adopt automation because they currently lack the in-house expertise to manage these solutions. To counteract that, deliberately seek out skilled IT practitioners within your organization or through professional industry associations. Learning from them is one of the best resources available.

A qualified mentor will be able to assist in making intelligent and informed decisions about automation technology — knowledge you can leverage going forward. AI and ML still have a way to go in order to match the cognitive capabilities of a human security analyst. Mentorship from an experienced analyst will not only provide additional insight into your organization's past security perspective, but it will help build your expertise as you move forward in learning new technologies together.

Highlight an Understanding of Automation Technologies
Sixty-nine percent of survey respondents said their organizations' security team is typically understaffed. This is an opportunity to establish a plan and define yourself as an in-house automation resource, and then grow your role and skills matrix to further develop the position. Create a playbook for the processes you want to build in conjunction with AI and ML technology. Highlight your understanding of the automation technologies by creating and adopting a hybrid approach wherein you can champion your tactical and creative work, while using AI and ML for the mundane, repeatable workload they handle best. Your advancement plan should contain education opportunities, as well as a maintenance plan to keep you and your team informed of new findings and technologies.

Benchmark How Automation Is Being Used Effectively    
Measuring automation success and SOC efficiency will help you gain an even greater understanding of automation. Fundamental measurements such as automation outcomes, high fidelity signals, and noise reduction will supply deeper insights into how the automation is working, where more effort should be made, and which best practices your organization should move to adopt.

Further, consider measuring the time savings, accuracy, and usefulness of the automation. In some cases, automation could potentially increase the need for resources. When doing an ROI analysis, take into account the ongoing cost of maintenance and support. Metrics should be gathered to both improve protections and provide confidence to the C-suite that automation is secure. Currently, 15% of organizations do not adopt automation as they would like due to lack of C-level support. An easy-to-understand ROI analysis showcasing the business value of automation can help change their perceptions.

Get Involved in Organizations to Share Best Practices  
Joining an industry ISAC, for example, can help you expand your expertise through the sharing of knowledge about threats and incidents, and increase your security maturity level through the validation of experience and ideas. Today, only 48% of organizations are engaging in threat intelligence sharing, meaning there's much room for growth in collaborating with industry peers.

Other opportunities for collaboration can come through joining online communities (such as Slack peer groups) or through building yourself as an industry influencer through social marketing (blogging, podcasts, etc.). By facilitating conversations about AI, ML, DL, and security, you will have the opportunity to support other organizations' efforts to use automation as well.

Although automation is a scalable way to enhance the security of your organization, it is also a vast magnifier of human efforts. Humans are still in critical need as automation is developed: It takes an actual person to own and maintain the automation tools, implement the new automation technology, define processes and workflows, and more. Those who put forth the effort to learn new skills in order to work side-by-side with AI, ML, and DL will have a secure place in the Age of Automation.

Related Content:

 
 
 
 
 Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register

Corin Imai is senior security advisor at DomainTools. She began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5421
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...