The number of cybersecurity professionals that are required now versus perhaps needed in the future is always a subject for furious debate. It’s been estimated that by 2021 there will be 3.5 million cybersecurity jobs unfilled.
However, a recent survey of 1,000 IT and IT security practitioners suggests that thanks to the rise of automation demand for cybersecurity expertise may soon be leveling off.
The survey finds 77% of organizations will either continue to use or plan to employ automation in the next three years. Over half the survey respondents (51%) said they also now believe that automation will decrease headcount in the IT security function. That compares to only 30% that held a similar opinion in the same survey a year ago
In the short team at least, however, most respondents (69%) said IT security functions are currently understaffed. However, that’s down six points from those that held that view last year (75%).
The survey also notes that rank and file cybersecurity professionals are now more concerned about losing their jobs because of automation (37%) than there were a year ago (28%). However, not everyone seems to agree on what level of benefits are provided by automation. Only 40% of respondents said believe automation reduces human error. Half the respondents said automation makes their jobs more complex, while 54% said they automaton will never replace human intuition and hands-on experience. Nearly three quarters (74%) said automation is not capable of certain tasks done by IT security staff.
The same percentage, however, said automation does enable IT security staff to focus on more serious vulnerabilities and overall network security. The irony is the number one obstacle to automation adoption cited by survey respondents (53%) is the lack of in-house expertise required to automate cybersecurity processes in the first place. Even when that in-house expertise is available, the level of enthusiasm for configuring platforms to automate cybersecurity tasks is likely to be limited. When it comes to automation cybersecurity professionals are conflicted. There is no end of mind-numbing tasks that most cybersecurity professionals wish were automated. The issue is cybersecurity professionals don’t necessarily want that automation to achieve a level of artificial intelligence (AI) that might one day replace them.
It is unlikely organizations will be shedding cybersecurity positions in droves anytime soon. However, given the inability to hire and retain cybersecurity experts most organizations will continue to invest in automation. The primary goal isn’t to eliminate jobs. Rather, organizations are trying to maximize what has become a constrained resource. In fact, the survey notes that when it comes to cybersecurity many organizations are their own worst enemy. Nearly half of all organizations (47%) do not invest in training or other methods of onboarding of security personnel.
The simple fact is that like it or not, it’s a lot easier and more tempting to invest in higher levels of security automation than it is people that almost inevitably at some point leave the company.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.