Header background

How automation and AI can help close the security talent gap without alienating cyber teams

The cybersecurity talent shortfall is real and not going away anytime soon. There are now 3.5 million global vacancies for the profession, up from 1 million vacancies ten years ago. In attempting to address this difficult workforce challenge, chief information security officers (CISOs) are considering automation and artificial intelligence (AI) defense tools as a cost-effective, highly efficient option. But, in the process, they cannot risk alienating current employees who may view these technologies as a threat to their positions.

During the 14th annual Billington Cybersecurity Summit in Washington, D.C., a panel of government and private sector leaders discussed how to strike an appropriate balance in working to resolve the cybersecurity talent gap. Dynatrace public sector chief technologist Willie Hicks moderated the panel comprising the following cybersecurity leaders:

  • Amy S. Hamilton, Ph.D., senior cybersecurity advisor for Policy and Programs at the U.S. Department of Energy;
  • Mark Gorak, principal director for Resources & Analysis for the
    Department of Defense, Office of the Chief Information Officer, U.S. Department of Defense;
  • Marcus Fowler, CEO of Darktrace Federal; and
  • Alberto Yepez, managing director at Forgepoint Capital.

The panelists offered valuable insights into how their respective organizations are addressing the talent shortage and providing opportunities for their teams to continue learning and growing. They also highlighted the challenges and opportunities they see with incorporating AI and automation solutions and how to integrate these tools into security operations.

Assign people to the right roles and give them the training they need

Attacks are only growing more complex to identify and process. That’s why CISOs cannot afford to hire many people at once, toss them into the fire, and wish them good luck. CISOs must assess individuals for their proficiency levels and then assign roles based on their strengths. On determining which employees have basic, intermediate, and advanced skills, CISOs can assign those in the latter category to the toughest challenges.

“We will track every single individual on their proficiency levels,” said Gorak. “One way we can go about that is annual assessment. I’m not talking about an ABC test: I’m talking about putting you into your environment that you’re going to be working in and seeing how well you do.”

Additionally, we must expand our investment into training, not just for the current workforce but for the next generation. Today’s high school and college students rank the fields of science, technology, engineering and mathematics (STEM) as their top career choice, with many of them seeking jobs with the CIA, FBI, and other intelligence community, justice, and homeland security agencies.

Acquire the right technology for the right tasks

Similarly, CISOs shouldn’t simply buy a horde of tools and throw them at their team. They must align automation and AI with their mission requirements, as well as the needs of their current workforce.

Senior leaders had asked Gorak about AI. “I asked a specific question: ‘What problem are you trying to solve?’ Because AI might not be the solution,” he said. “I go to workers and ask them, ‘What part of your job is mundane and routine?’ That could be a good use for AI or automation or some process improvements.”

Show teams that automation and AI tools are useful resources, not threats

Analysts are drowning in alerts. Some even fear they will overlook a relevant security event because it’s “buried” under alerts. Research from IBM reveals that organizations with extensive use of automation and AI will identify and contain a data breach 108 days faster than those that do not use the technologies. This is all while reducing the average cost of breaches by nearly $1.8 million.

Given the potential to profoundly enhance security operations and effectiveness while saving significant costs, CISOs will likely look to increase their investment in automation and AI tools. But they must convince their teams that the tools are there to help – not replace – them.

“Anyone who thinks AI is going to replace humans in all aspects is wrong,” Gorak said. “We need more humans to work with the AI to make sure that it’s doing what we want it to do.”

By implementing the technologies, team members will be able to focus more on strategic efforts. “It’s less about reducing their fear that they’re going to be replaced, more listening to their cries for help that they need this,” said Fowler. “That they recognize that this is an absolute need.”

Maximizing the value of AI and automation tools

Hiring more personnel alone will not solve our problems. Acquiring automation or AI tools won’t, either. But, we will gain a greater edge against cyber threats by working with team members to maximize the value of the tools. Hamilton summed it up best: “We need people to not be afraid. And we need to start showing them how you can use these tools in different ways.”

If you are interested in hearing more insights from the Billington Cybersecurity Summit, check out the following resources:

  • Tech Transforms Episode 68 with Dynatrace’s Federal CTO, Willie Hicks summarizing the 2023 Summit.
  • My blog summarizing the “Protecting Data in a Zero Trust World” panel.
  • Tech Transforms Episode 66 with Billington CyberSecurity’s CEO, Tom Billington. The episode discusses the Billington Cybersecurity Summit’s roots and the work that goes into developing this event.