Will Cybersecurity Jobs Be Automated?

Yes, to a certain extent, cybersecurity jobs have already been automated. With the evolution of technology, systems such as Security Information Management (SIM) have transformed into Security Information and Event Management (SIEM), which have been augmented by artificial intelligence (AI) for over a decade. Consequently, there is a need for fewer staff to read logs compared to a decade ago, allowing us to focus on more critical tasks.

Network-based AI is now used for intrusion detection, tracking ransomware, and over a hundred other Internet of Things (IoT) devices that no human could possibly monitor. It is virtually impossible for any human to handle the sheer volume of data these systems generate. This means that these automated tools are continuously making the cybersecurity space evolve in response to the sophisticated threats posed by cyber adversaries.

However, it is unlikely that cybersecurity jobs will become fully automated. As automated detection tools have improved, adversaries have increasingly relied on exploiting human vulnerabilities and utilizing authorized access and tools. Consequently, resources that were once devoted to automated monitoring are now being redirected to threat hunting for detecting novel human behavior.

Current State of Cybersecurity Automation

While today's smarter firewalls and Popup (Potentially Unwanted Program) scanners have brought about significant changes, it is believed that the job of cybersecurity will not fully automated. Despite the advancements in technology, cybersecurity professionals are still needed to counter real human-driven attacks and sophisticated viruses developed by hackers.

The short answer is that a partial degree of automation is already in place and will continue to grow. Almost all of the daily operational processes in information security, such as IDS IPS alerts, log reviews, SIEM vulnerability scans, and basic remediations, can be automated. Standard remediation actions, based on penetration test (pentest) reports, identity and access management operations, governance operations, data loss prevention (DLP), threat management operations, antivirus, and spam filtering, are already partially automated.

Challenges in Fully Automating Information Security

The main challenge lies in automating the intelligence or context behind cybersecurity decisions. For example, a remote code execution vulnerability found on a server in the DMZ (Demilitarized Zone) might be critical, whereas the same vulnerability on a well-protected server inside the internal network may be less significant. This context and the decision-making process require significant computing power and cost, making it challenging to fully automate.

While intelligent and smart risk engines can make fairly accurate decisions, the complexity and context involved in cybersecurity cannot yet be fully captured by current AI technology. Therefore, cybersecurity jobs are likely to remain an integral part of our technological landscape for the foreseeable future.

Conclusion

While the current state of cybersecurity involves a lot of automation, the human touch is still essential in identifying and mitigating modern cyber threats. The intelligence behind cybersecurity decisions, such as understanding the context and prioritizing risks, is inherently complex and cannot be fully replaced by automation. Thus, cybersecurity practitioners will continue to play a crucial role in the fight against cyber threats.