Will AI take the wind out of cybersecurity job growth?

Read original article

Artificial intelligence won't make cybersecurity jobs redundant, but any security engineers not using AI in their daily work might soon be out of a job.

Endless waves of hacks, ransomware, malicious code, and insider abuse continue to invade our systems, applications, and services, and there is one thin red line of defense keeping them at bay: cybersecurity professionals. These days, it seems intuitive that artificial intelligence could pick up a lot of the heavy lifting of cybersecurity, detecting suspicious patterns and automatically quarantining or quashing the bad stuff.

If AI can play a major role in cybersecurity, what does this mean for cybersecurity professionals or those entering the field?

So far, there's little to no impact on employment prospects -- it remains a booming employment field. Cybersecurity employment (information security analysts) is projected to grow 32% from 2022 to 2032, much faster than the average for all occupations, according to the Bureau of Labor Statistics. Estimates from CyberSeek indicate there are close to 470,000 openings in cybersecurity jobs, but only 85% of openings are filled at this time.

But will cybersecurity jobs look the same a few years out, with AI subsuming many job roles and skill demands? Of 1,100 cybersecurity professionals surveyed by ISC2, 88% said AI will "significantly impact" their jobs in the next few years, and 35% stated that AI is already impacting their daily job functions.

"This is not a positive or negative measure, just recognition of the fact AI plays a role, be that dealing with AI-driven attacks, or working with AI-based tools such as automated monitoring applications and AI-driven heuristic scanning," the report's authors stated. "Add to the above those who believe that AI will impact their job in the near future, and we see that more than eight in 10 (88%) expect AI to significantly impact their jobs over the next couple of years."

Most cybersecurity professionals don't feel threatened by AI -- rather, they see it as a positive development, the ISC2 survey authors also observed. Overall, 82% agree that AI will improve job efficiency for them as cybersecurity professionals. That is countered by 56% also noting that AI will make some parts of their job obsolete.

"Again, the obsolescence of job functions isn't necessarily a negative, but rather noting the evolving nature of the role of people in cybersecurity in the face of rapidly evolving and autonomous software solutions, particularly those charged with carrying out repetitive and time-consuming cybersecurity tasks," the report added.

Also: AI's employment impact: 86% of workers fear job losses, but here's some good news

Tasks that can be handled by AI include analyzing user behavior patterns (81%), automating repetitive tasks (75%), monitoring network traffic for signs of malware (71%), and predicting areas of weakness in the IT estate (also known as testing the fences) as well as automatically detecting and blocking threats. (62%).

Cybersecurity teams are already applying AI "in assessing authentication, usage, and access abnormalities," Rob Hughes, chief information security officer of RSA, told ZDNET. "The jobs that are most at risk in cybersecurity are jobs where people are manually doing the same work that AI excels at, such as poring over logs and looking for anomalies." In this example, "the value you can bring is utilization of AI analysis to help locate those anomalies faster and with higher coverage," he added.

It's not likely that "there are specific skills in the cybersecurity field that will be fully usurped by AI and machine learning tools, as most tasks require human skills that we haven't seen from AI yet," Jose Selvi, executive principal security consultant at NCC Group, told ZDNET.

Cybersecurity "will always need human oversight to train AI, contextualize its output, and secure it from attacks," said Hughes. "If you aren't using AI and becoming familiar with publicly available AIs and prompts today, definitely get started, find something that's useful and safe to use it for -- such as a policy draft or outline for a generic policy, and start thinking about where AI can help your work and where it can't."

AI "won't make cybersecurity jobs redundant, but any cybersecurity engineer not using AI assistance in their daily work might be completely out of the market in a few years," Selvi said.