At every cybersecurity event I attend, CISOs and security professionals share the challenges of recruiting and retaining cybersecurity talent. Not surprisingly, ISC2 has revealed an alarming workforce shortage of nearly 4 million professionals in this field—and this gap continues to grow.
Finding ways to alleviate the burden on security analysts and engineers will allow for more effective cyber risk mitigation. Fortunately, generative AI (Gen AI) can address this skills deficit and enhance cybersecurity efforts in several key areas:
1. Lowering Barriers to Entry
The cybersecurity field often demands specialized training and certifications, which can deter potential job seekers. Gen AI can transform technical documentation and cybersecurity knowledge into dynamic training materials that cater to diverse backgrounds. This approach allows new hires to engage with training content tailored to their specific needs, enhancing their preparedness for organizational roles.
2. Creating User-Friendly Documentation
Cybersecurity tools often come with overwhelming technical documentation. Users frequently depend on vendors for training. Gen AI can distill complex information into concise, actionable steps. For example, if a user needs to execute a query, Gen AI can quickly provide a streamlined guide, saving time and accelerating implementation while reducing risks.
3. Reducing Burnout Risk
Security professionals often face burnout due to repetitive tasks like searching for documentation and logging processes. Large Language Models (LLMs) can analyze vast amounts of internal and external information, minimizing the time analysts spend searching for essential data. By reducing tedious tasks, organizations can allow security professionals to focus on critical remediation and risk reduction efforts.
4. Staying Updated with Industry Trends
The fast-evolving nature of cybersecurity requires continuous education. Security professionals may struggle to stay informed about new threats and trends while managing daily incidents. Gen AI can aggregate and summarize vital information from trusted industry sources, ensuring that teams remain knowledgeable about the latest developments.
5. Enhancing Cross-Team Communication
Effective organizational education is another significant challenge. Gen AI can streamline the dissemination of information related to phishing attempts, generating customized messaging tailored to each department's functions. This approach would not only save time for security teams but also equip different departments to mitigate risks more effectively.
Implementing Strategic Safeguards
These examples illustrate how Gen AI can both attract new talent to the cybersecurity field and empower current professionals. However, it is crucial to thoughtfully integrate this technology and establish proper policies and guidelines.
One recommendation is to maintain a contractual relationship with Gen AI vendors to ensure guidance and troubleshooting support. This approach helps prevent security teams from independently accessing unregulated platforms, thus maintaining visibility and control over their use. Additionally, organizations should limit Gen AI training to documentation and data from trusted sources, and always verify its outputs with human oversight.
Gen AI has the potential to revolutionize the cybersecurity landscape, playing a pivotal role in closing the resource gap in this critical industry.
Kyle Black is a cybersecurity architect with Symantec by Broadcom.