51% say automation will result in job loss for IT security pros
.jpg)
For IT security professionals, automation is reducing stress levels in the short term but threatening job security in the future.
A majority of companies are still having a hard time finding and keeping qualified IT security people, according to a new survey by the Ponemon Institute and DomainTools. At the same time, 51% of respondents believe that automation will cut the headcount in the security department, up from 30% in last year's study.
Also, 37% of respondents think they will lose their jobs in the next four years.
"The 2020 Study on Staffing the IT Security Function in the Age of Automation" found a strange reality that combined hiring challenges and some positive impacts of automation with predictions of smaller security teams in the near future.
The survey of 1,027 IT security professionals in the US and the UK found that short-handed security teams are glad to have help in triaging the increasing amount of daily alerts, which was 407 in 2019 but up to 468 in 2020.
Seventy-four percent of respondents said automation allows staff to focus on more serious vulnerabilities and overall network security. Only 42% said automation helps with time intensive, manual processes that are mission critical but not a good use of staff time.
Among the 24% of companies that are not using automation, the top two reasons were a lack of in-house expertise and a heavy reliance on legacy IT.
James Litton, CEO and co-founder of Identity Automation, said that artificial intelligence and machine learning are not ready to take over most security tasks.
"In terms of serious decision making, it's nowhere close to being able to take one the role of making good pragmatic decisions for business," he said.
Fifty-four percent of survey respondents agreed, stating that automation will never replace human intuition and hands-on experience.
Litton said the best application he sees for AI and ML is increased authentication based on a user's habits. An algorithm could monitor an individual's behavior and flag actions that stray outside the normal routine.
"If a user doesn't usually access Oracle financials in the middle of the month, and you see that occur, it could raise a red flag for further authentication," he said.
The 2020 survey asked IT pros about the pros and cons of automation as well as what solutions they are using to protect company assets.
Benefits of automating IT security
On the bright side, 60% of respondents say automation is helping to reduce the stress on the security team. Also, 43% said automation is reducing the rate of false positive and false negative reports.
The security work most likely to be automated now or to become automated in the next three years includes:
- Log analysis 68%
- Threat hunting 60%
- Malware analysis 57%
- Pen testing 47%
- Incident response 40%
In the 2019 survey, only 15% of respondents said that DevOps was a likely candidate for automation but this year that was up to 37%.
Respondents said these were the top 5 benefits of automation:
- Increases productivity
- Reduces false positives and false negatives
- Increases the speed of analyzing threats
- Improves the ability to prioritize threats
- Accelerates the containment of infected endpoints/devices/hosts
Drawbacks of automation
In this year's survey, more respondents said automation will reduce the headcount of the IT security team at 51% up from 30% in 2019.
Also, fewer people agreed with the idea that automation would increase the need to hire people with more advanced technical skills, 43% in 2019 as compared to 35% in 2020.
Slightly more people think automation will make jobs more complex, 50% in 2020 vs. 47% in 2019. More people said automation is not capable of performing certain tasks that humans can do, 74% in 2020 and 68% in 2019.
Finally, 10% more respondents said automation is not able to catch certain threats, 45% in 2020 and 35% in 2019.
About the online poll
The Ponemon Institute, with sponsorship from DomainTools, conducted an online survey of 1,027 IT and IT security practitioners in the US and the UK who are responsible for hiring, promoting and retaining IT security employees. Respondents have been at their current position for an average of 6.5 years and have an average of 9.3 years of relevant experience.
source techrepublic
Industry: Cyber Security
Latest Jobs
-
- Senior Presales Consultant | Managed Security Services | London
- London
- N/A
-
Senior Presales Consultant – Managed Security Services Location: London-commutable (Hybrid) A well-established cyber consultancy is seeking a Senior Presales Consultant to drive growth across its managed security services / advisory portfolio. This hybrid role bridges commercial and technical expertise supporting solution design, shaping customer proposals, and guiding conversations from scoping through to delivery. Key experience: Background in managed security services, including SOC operations and threat detection Strong knowledge of cloud and on-prem security tooling (SIEM, EDR, IAM) Penetration testing Proven ability to translate technical concepts into clear business value Confident in customer-facing engagements and pre-sales delivery Experience contributing to bids, proposals, and RFI/RFP responses To find out more contact me on 07884666351 Visa sponsorship is unfortunately not available for this role.
-
- New Business | Cyber Security | Overlay sales (UK Based- London commutable)
- London
- N/A
-
New Business Sales Hunter needed | Cybersecurity (UK Based- London commutable) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding team. New business focused - £500-750 GP Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351
-
- New Business Sales Hunter | Cyber Security (UK Based)
- London
- To attract the right person
-
New Business Sales Hunter needed | Cybersecurity (UK Based) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Be UK based - and able to achieve UK SC clearance. (sorry no visas) Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding cyber security firm. New business focused - £1m GP year one target (ramped). Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable 1x per week. Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351