The Remediation Series — Part 6
Automation as a Permanent Stopgap
The use of artificial intelligence and machine learning is already well-established within cybersecurity. Such systems are commonly used to extract, process, and disseminate large amounts of information quickly, often in the pursuit of developing more accurate intrusion detection heuristics. Automation is also used in active defense measures, mitigating credential stuffing attacks committed by bot computer systems (Sawers, 2020). Automated systems are so prevalent that by 2030, an estimated 30% of organizations will have implemented Security, Orchestration, Automation, and Response (SOAR) technologies. SOAR technology enables an organization to efficiently collate and analyze data from a variety of sources and apply workflow modifications in response to anomalies, such as cyber attacks (Bari, 2019). Such extensive implementation is anticipated to replace an estimated 800 million workers worldwide (Mohammad & Lakshmisri, 2018).
While this trend may be viewed as a threat to human job security in numerous industries, the cybersecurity industry has had a necessary reliance on such technology. Assuming the same trend of replacement applies to the industry, only 22% of cybersecurity roles are considered fully replaceable, with another 37% being considered hybrid-capable where man and machine share mutual responsibility (Luit, 2017). Even if the industry were to undergo the same level of automation by 2022, only about a quarter of the currently vacant positions would be filled (Luit, 2017). Additionally, with the mass implementation of automation, new roles will be created, with an estimated 85% of jobs that will exist in 2030 not yet being created, many in direct response to automation (Bourne, 2020).
Professional roles that are created in response to the advent of mass automation are likely to be in one of three roles: teachers, explainers, and sustainers. Teachers refer to roles involved with development and training of AI systems, whereas Explainers enable the implementation and usage of these systems, and finally Sustainers examine the impact of AI systems (Luit, 2017). As one may see, each of these roles have the potential to be intimately involved in the spheres of private industry, government, and education. Because of this potential, it is essential the education-to-industry pipeline be repaired or restructured, so the course of the cybersecurity jobs gap be reversed. Once the issue of the gap is resolved, the cybersecurity industry will undergo maturation and attain a level of maturation as that of the medical or legal fields.