51% say automation will result in job loss for IT security pros
For IT security professionals, automation is reducing stress levels in the short term but threatening job security in the future.
A majority of companies are still having a hard time finding and keeping qualified IT security people, according to a new survey by the Ponemon Institute and DomainTools. At the same time, 51% of respondents believe that automation will cut the headcount in the security department, up from 30% in last year's study.
Also, 37% of respondents think they will lose their jobs in the next four years.
"The 2020 Study on Staffing the IT Security Function in the Age of Automation" found a strange reality that combined hiring challenges and some positive impacts of automation with predictions of smaller security teams in the near future.
The survey of 1,027 IT security professionals in the US and the UK found that short-handed security teams are glad to have help in triaging the increasing amount of daily alerts, which was 407 in 2019 but up to 468 in 2020.
Seventy-four percent of respondents said automation allows staff to focus on more serious vulnerabilities and overall network security. Only 42% said automation helps with time intensive, manual processes that are mission critical but not a good use of staff time.
Among the 24% of companies that are not using automation, the top two reasons were a lack of in-house expertise and a heavy reliance on legacy IT.
James Litton, CEO and co-founder of Identity Automation, said that artificial intelligence and machine learning are not ready to take over most security tasks.
"In terms of serious decision making, it's nowhere close to being able to take one the role of making good pragmatic decisions for business," he said.
Fifty-four percent of survey respondents agreed, stating that automation will never replace human intuition and hands-on experience.
Litton said the best application he sees for AI and ML is increased authentication based on a user's habits. An algorithm could monitor an individual's behavior and flag actions that stray outside the normal routine.
"If a user doesn't usually access Oracle financials in the middle of the month, and you see that occur, it could raise a red flag for further authentication," he said.
The 2020 survey asked IT pros about the pros and cons of automation as well as what solutions they are using to protect company assets.
Benefits of automating IT security
On the bright side, 60% of respondents say automation is helping to reduce the stress on the security team. Also, 43% said automation is reducing the rate of false positive and false negative reports.
The security work most likely to be automated now or to become automated in the next three years includes:
- Log analysis 68%
- Threat hunting 60%
- Malware analysis 57%
- Pen testing 47%
- Incident response 40%
In the 2019 survey, only 15% of respondents said that DevOps was a likely candidate for automation but this year that was up to 37%.
Respondents said these were the top 5 benefits of automation:
- Increases productivity
- Reduces false positives and false negatives
- Increases the speed of analyzing threats
- Improves the ability to prioritize threats
- Accelerates the containment of infected endpoints/devices/hosts
Drawbacks of automation
In this year's survey, more respondents said automation will reduce the headcount of the IT security team at 51% up from 30% in 2019.
Also, fewer people agreed with the idea that automation would increase the need to hire people with more advanced technical skills, 43% in 2019 as compared to 35% in 2020.
Slightly more people think automation will make jobs more complex, 50% in 2020 vs. 47% in 2019. More people said automation is not capable of performing certain tasks that humans can do, 74% in 2020 and 68% in 2019.
Finally, 10% more respondents said automation is not able to catch certain threats, 45% in 2020 and 35% in 2019.
About the online poll
The Ponemon Institute, with sponsorship from DomainTools, conducted an online survey of 1,027 IT and IT security practitioners in the US and the UK who are responsible for hiring, promoting and retaining IT security employees. Respondents have been at their current position for an average of 6.5 years and have an average of 9.3 years of relevant experience.
source techrepublic
Industry: Cyber Security
Latest Jobs
-
- Cyber Security Senior Consultant | London | FS
- London
- Apply today
-
London | FS | Cyber Security Senior Consultant We are looking for experienced cyber security consultant with experience helping clients within the financial services industry. The role will include, but not be limited to; Conduct cyber security assessments, develop strategies, and provide advice to clients. Oversee and deliver security improvements projects. Help clients understand and comply with financial sector regulations. Provide insights and thought leadership on emerging trends in cyber security. Current experience within a client facing, cyber consulting role within Financial Services is essential. All the usual badges are nice to have, although not essential- for example; ISO27001, CISSP, CISM etc etc Sponsorship is not available for this role. Applicants must be UK based and able to travel on occasion to client site and the office in London To find out more reach out to me on 07884666351 or chris.holt@dclsearch.com
-
- Senior Penetration Tester - UK - Ability to achieve security clearance.
- United Kingdom
- To attract the right person
-
Senior Penetration tester, who has the ability to achieve security clearance. (Visa sponsorships NOT available - sorry) UK based - remote first - occasional travel. Red teaming experience desirable. The successful person needs to have a history of engaging directly with customers (consultancy experience) technical delivery of penetration tests AND report writing. Limited travel - company operates a remote first approach. Must be living in the UK. Not one of the usual names in the pen testing industry. Looking for someone highly technical but looking to grow and develop their skills. Apply here or Reach out to me on chris.holt@dclsearch.com or 07884666351 All details kept discreet
-
- Cloud Architect- German Speaker
- Hungary
- Upto €48000 per year + bonus + benefits
-
As a Senior Pre-Sales Solutions Architect, you will play a pivotal role in driving our sales success by translating complex technical solutions into compelling proposals that resonate with our clients. You will collaborate closely with our sales teams to understand customer needs, design tailored solutions, and negotiate successful deals. Responsibilities: Solution Design: Develop comprehensive technical solutions that align with customer business objectives and industry best practices. Proposal Development: Create compelling proposals, including requirements gathering questionnaires, presentation materials, and Statements of Work (SOWs). Customer Engagement: Build strong relationships with clients, understanding their technical, business, and commercial requirements. Collaboration: Work closely with sales teams, delivery teams, and third-party partners to ensure successful project execution. Pricing Strategy: Define and deliver pricing strategies that align with customer needs and company objectives. Requirements: Experience in technical pre-sales or sales support roles. Proven track record in designing and delivering successful customer solutions. Strong technical foundation in areas such as VMware, Azure, AWS, cloud computing, and data center technologies. Excellent understanding of sales principles, account management, and negotiation techniques. Ability to explain complex technical concepts clearly and concisely. Experience working in international teams and supporting clients across multiple regions. Fluency in German and English is essential. Benefits: Competitive salary and benefits package Opportunity to work on challenging and rewarding projects Collaborative and supportive work environment Potential for career growth and advancement Please note that this role is focused on supporting German clients, but will also involve global client support as needed.