Cybersecurity Staffing: The Transformative Impact of Generative AI

When you look at the IT and cybersecurity spaces, what's the biggest benefit you see generative AI (GAI) bringing to these professionals? You could say it's the ability to remove tedious work like writing reports or making complex tasks like analyzing code more approachable or even having AI work behind the scenes to automate portions of your job. All of these are right, but when I look at GAI, the biggest benefit I see is in staffing.

For years, cybersecurity has suffered from a shortage of workers and the latest numbers produced by ISC2 and summarized by CSO Online put the deficit just under 4 million. This lack of workers places more stress on those in the field today and a recent survey of 200 IT security practitioners conducted by Devo highlights that stress and burnout go beyond the individual and could increase the chances of a breach or loss of customer data.

From my perspective, GAI gives those looking to join our industry a fast-path to learning and it gives organizations the confidence that tooling will be able to assist these new users in doing the job. In this post, I'll touch upon my origin story in security and outline how GAI could help workers and organizations.

Taking a Chance

My security origin story began early in high school and through the lens of networking, specifically through a Cisco Systems curriculum. I spent my early teens configuring routers and switches, learning to "hack" and taking night classes at the local community college on programming, operating systems and more. I was hooked on technology and eager to work despite being young, but I was consistently turned away due to a lack of experience.

My persistence eventually paid off and allowed me to land a few unpaid jobs selling T1 lines or fixing computers for friends and family. Through the help of a friend who had been recruited by the NSA, I was able to land a position within a surface mount technology lab at a local defense contractor despite having no direct experience. My curiosity and willingness to learn was encouraged by resident experts across a wide array of technologies and applications. This organization took a chance on me, those working there invested time to teach me and I am forever grateful for that as it shaped my entire career.

Our industry suffers from the experience paradox where entry-level positions often require experience, yet those looking to enter the field have yet to establish this background and can't get hired. I know many others with similar stories to mine, but just as many who wish they worked in our field and are unlikely to be given that chance. In a world where we are short millions of workers and burning out those we do have, I believe GAI can have a significant impact in disrupting this paradox and creating more opportunity.

Disrupting the Experience Paradox

I believe that GAI has the potential to enable organizations to hire those with less experience in our field and make them successful long-term. Training, certification and daily guidance can all be greatly augmented through the use of GAI. This will take time to adopt, but there are opportunities now to close gaps in our industry with the technology.

Customized Training. GAI gives every person with an Internet connection access to vast amounts of knowledge. They can learn on their own time and in their own ways without significant investment.

• Workers. GAI can be prompted to build a personalized learning path for a variety of topics, including cybersecurity. Materials can be tailored to the user preference and skill level. Examples can be rich and informed from past experience or for the type of company the user is seeking to apply. Beyond building materials, users can "flip the script" to have the model interview them, asking questions on the learning topic and grading their results. This method also works well for helping the user work through complex examples and assessing what they should do next.
• Organizations. GAI can be leveraged to onboard new hires, interviewing them on various topics related to the job they are hired to perform. The interview could assess the user's ability and put together training materials based on organization information including best practices and corporate policies. Scenarios likely to be seen on the job could be generated easily to better prepare users for the future.

Continuous Certification. Pairing GAI with structured materials could provide new ways of certifying users continuously instead of point-in-time. Technology is constantly evolving and continuously assessing user knowledge for the role they are performing sets them up for success.

• Workers. GAI can serve as a way to let a user know if more training is required before they can advanced to the next stage in their position. Based on these results, users could continue to invest in training with a clear understanding of where to focus. This idea could also work for lateral movement within a company, giving users an idea of what to expect in the new role and how they may need to adjust.
• Organizations. GAI can help to assess the proficiency of the user. Imagine the model testing new hires and certifying them to be ready to move into an operational role of the business. Once in their job, performance could be assessed in real-time and shared with the user and their support system. This type of system would promote continuous development and growth of employees.

Daily Guidance. GAI integrated within existing tooling will create productivity boosts and help those with less experience avoid making mistakes. Additionally, some work could be automated such that workers have a greater foundation to operate from.

• Workers. GAI can help the user achieve aspects of their job faster and with less errors. This technology could give those with less experience new skills that otherwise may be out of reach for them while also educating them on the focus area. GAI will also remove tedious work that takes time away from more important business tasks such as documenting actions taken to complete a task.
• Organizations. GAI can be used to provide step-by-step instructions on how to perform a task within a specific tool leveraging company policies and procedures. As staff perform their work, knowledge can be retained, stored and later recalled for those with less experience.

Parting Thoughts

When I worked at RiskIQ, I got to see first-hand what it meant to take a chance on others. Several hires within our Kansas City office came from outside of technology and had backgrounds as real estate agents, car salesman and administrative work. Some of these hires had to provide for families and changing careers while also joining a startup was a big risk––more for them than us. RiskIQ leaders took a chance on those who were eager to learn and in many cases, that bet paid off.

I believe that GAI has the potential to change the rules of our industry, specifically when it comes to hiring. Imagine being able to join our field without having direct experience, earning a good wage and both you and the company equally invested in joint success. How many retail workers, real estate agents, car salesman and other professionals would help to fill the millions of jobs we need? When I think about applying GAI to our industry, this is the person I have in my head. If I can help make the technology work for them, then everyone benefits.