The cybersecurity industry has a major people problem: it doesn’t have enough of them. The global shortage of more than 4 million cybersecurity workers isn’t a new phenomenon, but as digital and cloud initiatives accelerate, the effects are even more profound. This is especially true in the identity security domain. There aren’t enough skilled professionals to securely manage the ever-growing number of identities in the enterprise, and many teams lack specialized expertise in critical areas such as cloud security and Zero Trust architectures. This is, in part, why compromising identities remains the most effective way for cyberattackers to circumvent cyber defenses and access sensitive data and assets.
Reimagining the Classic Run-Grow-Transform (RGT) Model
Many organizations are turning to generative artificial intelligence (GenAI) and machine learning (ML) technologies to help bridge gaps, upskill existing teams, boost productivity through automation and improve their defensive strategies. When supported by robust processes and people practices, these technologies have the potential to optimize and elevate IT and security organizations at every step – from run (maintaining day-to-day business operations) to grow (scaling systems to support business evolution) to transform (implementing new systems and processes that drive new business value). Perhaps most importantly, GenAI and ML technologies can make cybersecurity an even more enticing career option by eliminating manual drudgery and emphasizing creativity, analytical thinking and other uniquely human characteristics.
Bridging Skills Gaps with GenAI and ML
GenAI and ML offer incredible promise for identity security areas such as policy optimization, risk reduction and threat detection – empowering teams to accomplish more with greater speed, increased accuracy and less manual work.
Take endpoint security policy creation, for example. Historically, experienced IT security professionals would spend hours sifting through alerts and creating policies based on these alerts. Before the policies could actually be enforced, they had to be tested manually, implemented without breaking the business and propagated to the organization. AI-powered policy creation is changing the game by delivering prescriptive policy recommendations within minutes. Teams can set these policies quickly and confidently for rapid risk reduction without manual analysis or senior-level (tier-3) analyst involvement. Of course, it’s important to test the outcome before moving to production, but an AI capability makes this a much easier task.
Security operations centers (SOCs) are harnessing ML algorithms to analyze vast amounts of identity-centric threat data in real-time and integrate it with security orchestration, automation and response (SOAR) systems to optimize response workflows. This can significantly reduce the workload on human analysts while driving down mean time to detection (MTTD) and mean time to response (MTTR) to improve overall security posture.
AI/ML can also give cybersecurity education a boost, helping to reduce the number of human-led security errors and incidents. AI-based user behavioral analytics (UBA) tools, for instance, help organizations analyze large datasets and identify patterns that could indicate risky user activities. By configuring security systems to alert on anomalies automatically, these organizations can quickly investigate potential issues and address risky habits or inadvertent slipups before they become problems.
Throughout my career, I’ve learned to take advantage of teachable moments like these, as a majority of people are very receptive to feedback and want to do the right, secure thing. With the appropriate training and support, employees outside of IT and security functions can become cybersecurity champions.
Investing in People to Elevate Security
One of the best cybersecurity investments an organization can make is in their people, empowering staff with the skills they need to navigate the evolving threat and regulatory landscapes, utilize emerging tools to enhance security measures and achieve their professional ambitions. Training doesn’t have to be a heavy lift. Simple actions can make a big difference, such as hosting a lunch-and-learn session for executive assistants – primary targets of many phishing campaigns – or sharing security guild insights.
Though the sky’s the limit with online education options in 2024, convenience and customization are key for busy cybersecurity professionals. Keep them informed of relevant upcoming training opportunities, such as online courses offered by a partner university, industry webinars or certification training. Incentivize upskilling and make learning a non-negotiable part of their work schedules. Otherwise, it may fall through the cracks.
Specialized training programs, such as the identity security courses offered through CyberArk University, can help supplement professional development curricula. By deepening their knowledge and technical abilities, team members can advance their professional goals and validate their expertise, increasing job satisfaction and retention.
The cybersecurity industry at large must continue to improve its approach to re-skilling workers and attracting new professionals to a field that needs them urgently. Recent data-backed research from ISC2 makes a compelling case for more open-minded hiring practices, diversity, equity and inclusion (DEI) and professional development reimbursement. As IT and security leaders, we must pay attention to such findings and act on them to move our industry forward – all while exemplifying optimism, cultivating trust and inspiring commitment.
Aligning with Business Processes to Effectively Manage Change
Enterprise IT environments are complex and hyper-connected – they’re not green fields. Newton’s Third Law often comes to mind in my work as a CIO, bringing me back to my university days as a physics major: for every action, there is an equal and opposite reaction. Introducing AI-powered technology (of any sort) into the mix can create a ripple effect of changes.
Each new tool must be implemented to correlate with existing processes, systems and policies. Understanding the new tool’s impact on, and interplay with, upstream resources (i.e., databases, microservices), downstream resources (i.e., logging and security monitoring tools) and entities (i.e., business users and service accounts) is critical. And ultimately, it comes down to Zero Trust.
AI/ML tools must also be optimized for your specific environment and use cases. It’s important to lean on vendor partners who can help fine-tune algorithms, adjust alert thresholds and streamline integrations with existing security infrastructure to meet organizational requirements. Once you’re up and running, establish feedback loops with your internal security teams and make continuous process improvements based on their hands-on experiences.
For the Love of the Game
GenAI and ML cannot replace cybersecurity’s critical human element. Still, with a focus on enablement and close business process alignment, these technologies can help bridge skills gaps, strengthen identity security programs and even reignite a passion for cybersecurity work. After all, the love of the game is why 73% of cybersecurity professionals say they joined this business to begin with.
Omer Grossman is the global chief information officer at CyberArk. You can check out more content from Grossman on CyberArk’s Security Matters | CIO Connections page.