Security leaders live under constant pressure from ever-changing threats, technology trends and business requirements. Many of us have had to play a difficult game of catch-up when we failed to “ride the wave” of a movement and didn’t have the right skilled team. If this hasn’t happened to you yet, congratulations, stay in this industry long enough and it will happen. Of course, security leaders are now concerned about how to prepare for AI – yes, as a business technology, but also the unique impact it will have on different disciplines/tools cybersecurity over time.
Whether you are in the camp of being very impressed by the current version of AI or despising its hallucinations, there is no doubt that there will be significant new disruptions. It’s easy to imagine the impact on SOC, or forensics, incident detail research, etc. I also believe that offensive value exceeds defensive value, but that this will rebalance over time.
Wild technology problems like AI always attract an army of salesmen, evangelists, and experts claiming to have a crystal ball. Proposed futures can be exciting and help determine where technology will go, but none of them tend to have enough certainty to make a plan. So what kinds of things are leaders doing now to prepare for AI in cybersecurity?
- Security teams always tend to operate at 100%, even 105%. You need to think about your strategy for building AI project capabilities, especially if you want to quickly keep up with developments: evaluating AI security technologies, creating custom tools, or responding to business requirements. Build bandwidth now.
- Technology familiarization programs are essential. In any case, many people are integrating AI tools into their daily activities (this is a good thing in some ways, but it requires interventions in policies and working practices!), but this does not mean not that the teams you plan to join on a future project are and could be simply too busy. . You need to create positive excuses to engage.
- Include a few in-depth experts. Most see the user-friendly side of AI: chat-like interfaces that make it easy to ask questions. Behind these technologies are machine learning and statistical methods. AI probably doesn’t have a major use case, but it shows up in many tools and processes, which means your team needs to prioritize and separate the wheat from the chaff. Understanding the methods behind these tools allows you to evaluate them and understand their best use for your organization. At SANS, we have noticed that many security managers enroll their level 3 people in our courses, such as SEC595, to know more than the layman; understand the power of AI technologies and how to prioritize them.
- Interestingly (I’ve observed this in many large organizations), with many hot trends, people are “waiting for it to happen to them.” “I will wait for AI to develop and find out later.” You can get your team engaged now with webinars, summits, hackathons and more.
Building bandwidth for your teams and skills and ensuring people participate with their peers to learn the latest use cases always produces the best results for jumping on the wave once a trend starts to become bigger in its impact.
At SANS Network Security 2024, taking place this September in Las Vegas, Nevada, your team will have the chance to participate in discussions on AI use cases with industry professionals from around the world and from put their learning of theory into practice. Learn more here.
