In a sign of the growing importance of artificial language risk assessment to business assets, organizations are increasingly seeking candidates with skills in machine learning and large language models to fill cybersecurity positions . At ISACA State of Cybersecurity Report 2024Just under a quarter of respondents (24%) cited LLM SecOps and ML SecOps as the biggest skills gaps they see in cybersecurity. Soft skills (communication, flexibility, and leadership) remain the top category of skills cybersecurity professionals lack, according to 51% of respondents.
Wanted: LLM, ML skills
LLM SecOps and ML SecOps are relatively new skill sets, but, like the technologies they secure, they now seem to be ubiquitous.
MLSecOps is the discipline of integrating security into the development and deployment of machine learning systems. It covers ML-specific processes, such as securing the data used to train a model and preventing bias through transparency, as well as applying standard security operations tasks such as secure coding, modeling threats, security audits and incident response to ML systems.
LLM SecOps refers to secure the entire life cycle of LLMsfrom data preparation to incident response. LLM SecOps covers concerns as varied as ethical reviews in the design phase, sanitization of training data, analysis of why the system made the decisions it did during training, blocking of generating harmful content and monitoring the model once deployed.
There is a growing list of resources for security professionals to develop their skills. For ML SecOps, Benjamin Kereopa-Yorke, senior information security specialist and AI security researcher at telecommunications provider Telstra, maintains a GitHub repository for resources and trainingwith courses categorized based on required prerequisite ML knowledge and classified as vendor-neutral or vendor-centric. The Open Worldwide Application Security Project (OWASP) has a project Top 10 Machine Learning Security List describing how ML attacks like data poisoning or member inference work and how to counter them. OWASP also maintains the OWASP Top Ten for LLMs, which covers topics relevant to LLM SecOps such as rapid injection, disclosure of sensitive informationAnd model flight.
Organizations are looking for specific skills to fill open cybersecurity positions. After soft skills, cloud computing is the second largest skills gap (42%), followed by implementing security controls (35%) and software development (28%).
With much of organizations’ workload now residing in the cloud, it makes sense that organizations need cybersecurity professionals with cloud computing skills. Securing cloud assets requires a different mindset and technical skills than traditional networks, and cloud providers handle some tasks differently, requiring specialized knowledge.
Implementing security controls refers to the protection of endpoints, networks, and applications. The skills gap in software development was not related to coding, but rather to things like testing and deployment. Once again, this highlights the challenges organizations face in securing their software development pipelines and integrations.