Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind
Cybersecurity professionals need to learn, unlearn, and relearn every day. Not once a quarter. That's the new leadership muscle required in this AI-driven era.
AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats.
AI offers a way to level the playing field, but only if security professionals learn to apply it effectively.
Organizations are beginning to integrate AI into security workflows, from digital forensics to vulnerability assessments and endpoint detection. AI allows security teams to ingest and analyze more data than ever before, transforming traditional security tools into powerful intelligence engines. AI has already demonstrated its ability to accelerate investigations and uncover unknown attack paths, but many companies are hesitant to fully embrace it.
The Implementation Challenge
Many AI models are implemented with such velocity that they remain untested with few organizations that have any basic security or auditing guidelines for their implementation. As a result, AI can increase risks instead of reducing them, particularly when it comes to privacy and data protection.
There is a lack of proper security culture for AI implementation in organizations that have to remain competitive and reduce the costs of compute needed. On the other side, you have many organizations completely not implementing AI at all, even banning it among their employees, due to a lack of understanding of the risks as well.
There has to be balance – decreasing risk, increasing competitiveness, reducing costs, and making fast decisions for an entire organization like a fighter pilot in the middle of a dogfight. One wrong decision can become irreversibly devastating for the organization.
The Skills Gap Crisis
One of the biggest challenges in cybersecurity today is the lack of professionals who are studying and learning how to apply AI effectively. Security teams need to study AI advancements daily/hourly because adversaries are adapting in hours/minutes.
There is no time to wait for someone to write the book to solve these challenges, wait a single week, and the book is now aged – that is how fast the field is moving. The organizations that embrace AI will have a significant advantage over those that delay its adoption.
If you're good at machine learning and AI, you're commanding, in some cases, seven figure salaries. I guarantee you're not touching cybersecurity. You're doing straight up implementation for new businesses. The pain is just not there. It's like the opposite effect, where cybersecurity was the field to be in. Now, what's the incentive for all these engineers to potentially go into cybersecurity?
Business leaders are trying to turn to their CISOs, CTOs, and CIOs, and saying, what do we do? And their CISOs are trying to answer the question, but I'm encouraging them to say the words "I don't know," because they're always looked at as the people who always know. In this case, I almost guarantee you don't know what's going on.
Practical Steps Forward
To meet this need, organizations need to focus on Applied Data Science & Machine Learning for Cybersecurity. This hands-on training covers how to utilize and build AI and machine learning models for threat detection, automate security processes, and improve threat intelligence analysis.
Security teams do not need a background in data science to take this journey, just a desire to learn and apply AI in their lives – daily.
The question is not whether AI will be a part of cybersecurity operations, but who will master it first. Cybersecurity is evolving at an unprecedented pace, and defenders must evolve with it.
Organizations must invest in people before products. While technology will continue to evolve, the ability to detect and respond to threats depends on the people behind the technology. Make sure your teams have hands-on training that reflects real-world conditions. The best defense is a capable, confident team.
Cybersecurity professionals need to learn, unlearn, and relearn every day. Not once a quarter. That's the new leadership muscle required in this AI-driven era.
Rob T. Lee is Chief of Research, Emerging Threats & AI at SANS Institute, is the "Godfather of Digital Forensics," an AI strategist working to help C-Suite leaders drive tech transformation securely, and a technical advisor to the US Government.
Contact Rob via LinkedIn
To schedule a media interview with Rob T. Lee, please contact jelston@sans.org