Can generative AI help address the cybersecurity resource gap?

At every cybersecurity event I attend, CISOs and other security professionals discuss the challenges of finding, hiring, and retaining a team of cybersecurity professionals. Not surprisingly, ISC2 recently revealed that the industry is facing a workforce shortage of nearly 4 million people, and that number continues to grow.

Anything you can do to reduce the burden on your security analysts and engineers means they can spend more time mitigating cyber risks, which is a huge benefit. Fortunately, generative AI can help address this skills shortage and positively impact cybersecurity. Gen AI enables:

lowering the barrier to entry

The cybersecurity industry often requires specialized training and certifications, but these requirements can prevent people from finding and securing jobs in the field. Apply Gen AI to technical documentation and other cybersecurity information to create training materials that are tailored to specific users' backgrounds, allowing new hires to do the same work before joining the organization. Create more dynamic training that takes you where you are.

Create more user-friendly documentation

There are pages and pages of technical documentation for almost every cybersecurity tool on the market today. Users are often overwhelmed and require vendors to train them on how to use the solution. With Gen AI, the same information can be processed and extracted to yield highly accurate and meaningful information for users.

Suppose a customer needs to know how to run a query with this tool. Instead of customers spending hours sifting through technical documentation, security teams can use gen AI to quickly provide customers with the 3-5 steps they need to take to perform this action. . Gen AI helps organizations create more user-friendly documentation, enabling customers to access information faster and spend less time implementing and mitigating risks.

Reduce the risk of burnout

Security professionals often experience burnout when performing tedious tasks such as searching for documents and recording processes and results. Large-scale language models (LLMs) are built for data analysis and synthesis. This can be applied to an organization's large volumes of internal and external documents, reducing the time security analysts need to find information to do their jobs and communicate with the broader team. By reducing the amount of “busy work” that burdens your team, you can spend more time remediating and focusing on reducing risk.

Stay up to date with the latest news and research

One area that I believe will greatly benefit from Gen AI is continuing education. As you know, cybersecurity threats, attack vectors, and malicious actors are constantly changing. But security professionals are often hunkered down handling incidents, writing policies, and drafting architectures. They don't have the time to be educated about what's going on outside the organization. Gen AI allows you to collect and extract industry-relevant information from your organization's trusted sources, from your favorite industry publications and trade associations to other favorite research and resource sites. .

Improving organizational security communication between teams

Organizational education is another ongoing challenge for cybersecurity teams. The time spent synthesizing phishing information can be reduced through AI and automation. For example, if an organization sees persistent phishing attacks, Gen AI can analyze the text and create custom messaging that best equips each department to mitigate risk based on their capabilities. This gives security organizations time and reduces the burden of incidents.

Take the time to build the right guardrails

These are just a few of the ways Gen AI can be used to bring more talented talent into the cybersecurity space and expand the work of those already in the cybersecurity space. I'm looking forward to seeing what other use cases will benefit from it in the future.

But with any cutting-edge technology, you need to carefully consider how you use it and put in place appropriate policies and other safeguards.

For example, what we recommend to all of our clients is that once an organization selects the Gen AI platform, they enter into a paid contractual relationship so that the vendor can provide guidance on the tool and help troubleshoot issues. It means there is a need. why? Because you shouldn't have your security team go to her ChatGPT on their own and create their own accounts where they have no visibility or control. You also need the ability to audit vendors and ensure transparency in the process.

Organizations must also train their generative AI solely on documents, data, and other information. reliable sauce. Finally, always remember that Gen AI can do a lot of good things, but what it outputs is everything. Must Checked and executed by humans.

Gen AI is already transforming the cybersecurity industry and will help close the gap in cybersecurity resources.

Kyle Black is a Cybersecurity Architect at Symantec by Broadcom.