With AI-powered cyber threats growing by the day, the cyber skills gap reached 4 million people in 2023. Gartner theorizes that by 2028, the adoption of GenAI will significantly reduce that gap, removing the need for specialized education from 50% of entry-level cybersecurity positions. This would alleviate a major challenge facing the cybersecurity community… but what about today?
Most businesses are anxious to embrace the power of generative AI, but only a small proportion currently feel they have the technology, funding, culture and skills in place to support its adoption — and the cybersecurity skills gap is at the heart of this deficit, which is why the industry is already seeing changes in how we work to create a safer world.
The AI cyber revolution has just begun
When computers first shifted into the mainstream, many feared the new technology would steal their jobs. While some roles did indeed become obsolete, most simply evolved and adjusted — and today, it’s hard to imagine doing our work without computers, let alone smartphones.
Now, AI and GenAI are promising to augment work to be even more productive.
Eventually, they will become as second nature as using laptops, but currently, society is still in the Wild West of this technology. By exploring this new frontier and learn how to use AI wisely, knowledge and best practices on it will grow. There will be more regulations and additional security KPIs around utilizing it.
As with all technology, AI could very well replace some aspects of some security roles. The cybersecurity industry will also continue to evolve and adjust — and the changes are already coming, fast.
How AI is changing cybersecurity roles, today
Perhaps the most buzzed-about change in cybersecurity is the CISO’s ever-increasing responsibilities, which were only bolstered by the recent SEC regulations. Instead of working in the trenches as they once did, today’s CISOs are starting to take on broader business-related responsibilities as they are increasingly reporting directly to the CEO and becoming more actively involved in board decisions.
Alongside this, there are often new technologies, terms and categories coined by thought leaders. Despite pervasive fears of job loss, the cybersecurity community has yet to see any roles become obsolete. Instead, the community is seeing roles evolve and expect a whole new sphere of AI security specialist roles to emerge.
With a reduction in manual analyst tasks and responsibilities, for example, analysts are now learning to manage AI-driven cybersecurity technologies. As the technology becomes more powerful, professionals foresee the introduction of more AI security analyst roles or Machine Learning Engineers who will verify and train AI-derived models and technologies.
Whatever the future holds, with 3.5 million unfilled cybersecurity expected to remain unfilled through 2025, the need for cybersecurity talent must be addressed now. While AI isn’t expected to dramatically reduce that number, it is already augmenting work and enhancing and accelerating training and education — which is why 86% of CISOs agree it will alleviate security skills gaps and talent shortages.
Managing today’s skills gap
Even as new capabilities and roles in cyberspace emerge, the cybersecurity community must be prepared to handle today’s escalating threats. Taming this new Wild West of AI requires holistic, collaborative approaches that involve government, academia and the private sector.
To attract, train and retain skilled workers, for example, the industry needs more than simple certification programs. It needs novel solutions like the Department of Defense (DoD) Cyber Service Academy, which covers academic expenses in return for service with the DoD after graduating, and the Women in Apprenticeship and Nontraditional Occupations Grant Program, which addresses a significant underrepresentation.
In addition to luring in new talent, we must ensure our education keeps pace. That means that instead of relying on university faculty for research in this field, we must turn to experts working on the frontlines of the industry to keep our programs in sync with real-world needs.
With their guidance, offerings like university SOC labs can prepare students for the pace of cyber jobs by mimicking real-world experiences. Industry leaders can also serve as guest speakers or offer targeted courses that go beyond how AI is shaping emerging threats to also provide hands-on training and lectures about how AI technologies are being developed to more-rapidly address cyber threats and attacks.
Both government and private sectors can also help support the wealth of amazing associations committed to helping cybersecurity workers upskill.
Looking to the future
In the face of this critical struggle, the cybersecurity community will continue to lean into our tradition of collaborating and sharing best practices — and thankfully, the efforts of the Cybersecurity Infrastructure Security Agency (CISA) and the billions of dollars allocated to cyber in Biden's proposed 2025 budget reflect the government’s commitment to keeping us safe.
Even as the industry upskills its workforce to manage the cybersecurity skills gap and learn how to harness and protect its businesses and customers with AI, that very technology is the key to empowering today’s workers to do more. Instead of a defined shift, cybersecurity roles and AI are tied together in a continuum. The future is happening now.