Why we must strike a balance with AI to solve the cybersecurity skills gap

How to solve the cybersecurity skills gap by striking a balance with artificial intelligence.

Why we must strike a balance with AI to solve the cybersecurity skills gap How to solve the cybersecurity skills gap by striking a balance with artificial intelligence.

TechRepublic's Karen Roby talked with Awake Security CEO Rahul Kashyap about artificial intelligence (AI) and the cybersecurity skills gap. The following is an edited transcript of their interview.

SEE: How to become a cybersecurity pro: A cheat sheet (free PDF) (TechRepublic)

Rahul Kashyap: There is a perception in the industry that AI can solve a lot of challenges, particularly in the skills gap challenge that we face in cybersecurity. And that's true to some extent, but one of the problems I am seeing as people deploy some of the AI technology is that several leaders see that now they have automated a lot of the mundane tasks, and a lot of the complex tasks are now piling up for the advanced people.

It's hitting an imbalance where some of the stuff which was easier is getting done faster, and the tough stuff is piling up now as a result. So there can be a lot of imbalance. You have to be more thoughtful about how you use AI and make sure that there are good team synergies in adopting them, and there's a balance. Otherwise, you could come up with a problem where you are kind of stuck in a big pile of stuff that you do not want.

Karen Roby: How can we effectively use AI to make sure we don't have that lopsidedness with our cybersecurity experts?

Rahul Kashyap: Paying the price for automation in cybersecurity is about balance, and we can't just innovate or educate our way out of the skills deficit that the cybersecurity industry faces. We need to continue to support our existing frontline defense on as many levels as we can while creating a sustainable funnel of cybersecurity professionals. From there, all the executives should discuss and ask themselves, "How are they purchasing software? Am I purchasing a platform, or am I just following every small niche problem?" and, "Will this purchase widen or close my skills gap, and can and should we automate it all?" These are the questions we should ask ourselves before we move ahead.

Karen Roby: What are you seeing from some of those high-level cybersecurity experts? Are they experiencing a lot of burnout, or what are they feeling right now?

Rahul Kashyap: It is a tough job, and it's a very stressful job. As I talk to my industry friends, a lot of them are having a burnout syndrome and even the team members, because sometimes the reputation of a large organization, or large company is at stake by one infection. That's all it takes. I continuously see the stress in the industry. 

Karen Roby: Talk a little bit about some of the trends that you're seeing and how difficult it is to hire someone that is specialized.

Rahul Kashyap: Cybersecurity is one of those few sectors where there are more jobs than there are people available. And we're talking about millions of open jobs, and there are just not enough skilled people. What has happened is that, as we open up the internet for doing everything, literally from trading to gaming and everything that we could have ever thought about, it's opening up new doors and avenues for hackers.

That's why the need for the skills to protect and defend our assets has just grown significantly higher. People are adopting new strategies, starting from college education. How can you go out and educate and have people tell a college grad student that there is something called cybersecurity, and you can be a part of this big industry? People are adopting and trying out new ways to make sure that they can get talent before it's too late.

Karen Roby: Do you think small businesses are most at risk right now when it comes to cybersecurity?

Rahul Kashyap: Small businesses are the worst affected in this. A large organization, large banks, they have well-staffed people, and they even have funds in case a catastrophe happens, they can cover themselves. I've seen several small businesses that have gone out of business due to attacks by ransomware, and there is just no recovering from that. Small businesses are the worst impacted, and they just don't have the people skills or the knowledge to really help get out of the situation. They are in a tight spot for sure.

20191106-rahul-karen.jpg

Also see