Listen, I’m just as excited about artificial intelligence as everyone else. However, like with many things, I am firmly in the camp of “proceed with caution.” AI is and will continue to power a lot of amazing things, but it also continues to have a lot of unknowns I sometimes feel aren’t properly vetted. Also, the improper application of AI concepts can (in my opinion), negatively impact our markets.
If you’ll recall, the Red Pill brings one out of their simulation, and into the real world. The Blue Pill perpetuates the illusion of the fantasy world. AI, if not applied properly, can create an illusion of success, without addressing a huge part of what is broken in cybersecurity.
Let’s dive in.
AI for Cybersecurity
You must have known that I was going to go the cybersecurity direction. As news of Microsoft Security Copilot becomes more real, I’m getting more and more excited about it. The thought of using collective knowledge fed to an AI engine to help me as a defender understand a threat is a good one. A great one, as a matter of fact. Security Copilot and products like it are going to be a huge force multiplier in our space.
AI will drive not only faster time to detection, but I think it will drive faster and more meaningful response and recovery efforts. AI will unlock a layer of data that responders used to have to dig up somewhat manually. It will also empower junior responders to more quickly grow their skillset and knowledge base to become more effective responders.
AI Doesn’t Solve the Talent Gap
It is no secret that we have a massive shortage of cybersecurity talent. Cybersecurity is one of the most important industries in the world, so a talent shortage in this space is a really bad thing. We need only look at the news on any given day to see why this issue is so pressing. At the end of the day, we need more talent.
And this point in particular is where I start to disagree with the AI theory. Security AI is not a red pill that will pull us into reality to solve real challenges. In fact, I would argue it could be a Blue Pill that will perpetuate a fantasy of magical security fixes. It could be the Blue Pill that enables the ongoing talent shortage to potentially be dismissed. It could turn into a concept that perpetuates the cycle of gatekeeping aspiring cyber talent, pushing them away from the industry. At the end of the day, the only solution available for the talent gap is a very human solution. We need to attract, welcome, encourage, and teach a new generation of cyber professionals.
So, is this AI stuff bad?
No, not at all. In fact, I think AI will be an empowering force in the Cybersecurity space and empower the next generation. I’m simply saying that, in my opinion, we need to think about it differently. AI will empower the next wave of cybersecurity professionals, not replace the need for us to bring them into the fold.
To sum it up. Let’s not look at AI as a magic solution for the talent shortage. Instead, let’s position AI as a tool that will attract the next wave of talent that will be the people that solve the talent shortage. A new generation of defenders that will use tools like AI as a force multiplier to power their own careers and provide even more effective coverage than today’s generation.
