
Artificial Intelligence Might Solve the Security Skills Shortage - christianbryant
http://www.darkreading.com/operations/how-artificial-intelligence-will-solve-the-security-skills-shortage/a/d-id/1327756?piddl_msgid=324922&piddl_msgposted=yes#msg_324922
======
christianbryant
I have to beg a revision to this analysis of AI as a solution to the InfoSec
industry skills shortage. Point of fact, the skills shortage in cybersecurity
is no longer about a lack of bodies performing any of the automated data
mining and intrusion detection functions AI is currently able to do, and may
advance further in years to come, but actually about human beings with the
right skillset to do what AI can never do. We are looking at human beings who
can not only intelligently leverage "tools" like AI, pentesting toolkits like
Kali Linux, and the myriad hacking/cracking soft and hardware tools out there,
but also to think like and counter Black Hat human threats with similar
skillsets.

The Canadian Security Intelligence Service published an insightful paper "2018
Security Outlook - Potential Risks and Threats". In this paper they
acknowledge that the skills shortage in cybersecurity will continue to be
unsolved. In fact, they predict such a growth in automated tools with
decision-making and other AI attributes and there is an embedded warning in
this outlook that we can not blindly trust everything these systems produce.
We need human beings as hackers, as analysts, as overseers of the AI armies
predicted for 2017-2018 or we will lose control of the cyberwars we are
currently managing.

To sell current and predicted AI tech as a solution to the security skills
shortage is to suggest the problem is something other than it is. And if we
suggest that, when AI is improved and proliferated, there will be a mistaken
sense of comfort among some in the industry, and especially among those who
are not "in the know" that will actually do more to threaten InfoSec as an
industry, and the actual safety and security of our systems, in that it will
create a vulnerability in the widening of the security skills hole - the human
factor.

We love our tools, we love AI and we love technology. It will never be a
solution to the ever-growing shortage in qualified human hackers desperately
needed to fill seats in InfoSec roles across the needy customer base. All new
tech needs human monitoring and if the AI as anticipated here comes to pass,
you will need yet another large body of human assets to make it successful.

~~~
purple-dragon
Perhaps it's because I am involved in the security industry, but I struggled
to find any substance or "thought-leadership" in this article. Your comment,
on the other hand, was far more interesting and substantial—so thanks for
that!

~~~
christianbryant
Having worked in tech for as long as I have, and being able to apply some of
that human element of foresight based on "gut feeling" to what I read, I see a
lot of the same sentiment echoed out there among the InfoSec talents who are
in the trenches. I'm not the only one who sees the InfoSec talent shortage as
being about people. Add more tools, add more people.

------
amelius
Please prove me wrong, but I fear that "AI security" means that if your
behavior/usage pattern is different than anybody else's, you are automatically
marked as suspect.

~~~
gooseus
Yeah, this is something I've been thinking about more and more...

At what point will AI get "good enough" where the work to accommodate edge
cases in human behavior is considered too expensive to implement?

Will it simply be more economically viable to expect those people to conform
to the "standard" or else be selected out?

We already see this to some extent where so much energy for improving peoples
lives and "changing the world" is built on the assumption that everyone has an
Android/iOS smart phone with Wifi/4G/LTE data access and a Facebook/Google
account.

