The future of talent in a security-first world

I hope everyone is enjoying August! Here in the US we are winding down our last few weeks of summer, and I’m reflecting on how eventful it has been! It’s been inspiring to see the security community come together and work to solve problems, help customers and learn from one another. When there are incidents that impact our everyday lives, it really emphasizes the importance of community in security and why it is critical we all work together as an industry. Security after all is a team sport! 

As we head into back-to-school season with its focus on learning, a topic that is top of mind for me is the future of talent, and what AI transformation means for the cybersecurity industry as a whole. I truly believe AI is changing our world for the better and unlocking new ways to enhance human abilities. Security is an especially powerful use case because AI allows security teams to reason over vast amounts of data in real time, catch threats that might otherwise go unnoticed and defend at machine speed. It can also enhance security teams’ analytical and operational capabilities by providing real-time risk assessment through the utilization of advanced algorithms to analyze and identify potential threats. Consequently, it is already reshaping the field of cybersecurity in incredible ways and enhancing the work that security professionals perform on a daily basis, helping us take security from defensive to preventive and predictive.  In fact, one of the most gratifying things I hear from defenders is that AI is helping reduce stress and burnout by eliminating many rote tasks and helping them be more efficient and effective in their roles. It’s bringing more joy and fulfillment back into the critical work that defenders do every day

So, with all of benefits that AI can offer, it’s no wonder that CISOs often ask whether AI can also help them solve the massive talent gap that exists today, how the adoption of AI is changing the skillsets they’ll need on their teams for evolving security roles and what will the future of security talent look like. Those are great questions – and the answers are really exciting! 

Security has been an asymmetrical challenge and it’s been hard for defenders to keep up let alone stay ahead as they must gather and analyze a deluge of data, determine and respond to the threats and work on resiliency. Generative AI can bring new superpowers to help defenders to do this. 

There is no doubt that AI will soon supplant the need for manual data gathering and analytics by detecting threats and patterns, automating instant responses, rapidly analyzing large data sets, and accelerating recovery processes. This change allows security professionals to automate many more menial cybersecurity operations and focus instead on high-level strategy and creative tactics.  Accordingly, security leaders will have the opportunity to prioritize business innovation, strategy, and security preparedness, thus redefining roles and allowing organizations to draw talent from a wider pool of potential applicants.   

This is so critical because ISC2 reports a shortfall of roughly four million professionals in the cybersecurity sector, which is an alarming 12.6 percent increase from the prior year. In the face of an ever-evolving threat landscape, it’s clear that the demand for skilled cyber professionals is more pronounced than ever.  

Leveraging AI will surely help address this gap. Generative AI empowers people with transferable skills from various sectors to enter the field of cybersecurity and quickly put their skills to work. It can provide tools such as security playbooks that augment a defender’s skillset, and it can assist in performing specialized tasks like threat hunting and malware reverse-engineering. In this way, generative AI will help democratize human expertise, making knowledge more readily available to everyone.  

In addition to scaling expertise, one of the most promising aspects of AI in security is its ability to diversify the cybersecurity workforce. AI technology can help to level the playing field in cybersecurity by breaking monumental barriers, such as proficiency in languages, access to data, and access to training. It can help us attract and provide skilling for those in underserved populations within our global community who may not have viewed a career in cybersecurity as practical or achievable. This is important because we know that hackers exploit the biases and perceptual homogeneity in security teams, as well as the tools they use, including AI. Diversity of thought and experience is critical to helping close those gaps and also to ensure that technology and expertise are free from biases that can degrade their efficacy. Cybersecurity is an art as much as a science, and every new viewpoint provides deeper understanding and better outcomes. 

At the end of the day, we’re all part of one cybersecurity discipline. Its inspiring to recognize that as we grow our profession, we’re not just strengthening cybersecurity for the world, we’re creating opportunity for people in every community around the globe. And my hope is that with AI, we will create an abundance of new opportunities for cybersecurity professionals everywhere. That we will create environments where our defenders get more joy out of their work and leverage their superpowers to do more innovation so we can think of security in ways we haven’t done before and create a safer and better world for all. 

I’ve been lucky enough to partner with Darren on a few initiatives, including NBN’s efforts to secure diverse talent through an internship program, which aims to bring women with non-English speaking backgrounds into the security space. Australia’s National Broadband Network (NBN), whose wholesale broadband capability connects over 8.6 million homes and business premises and 20 million Australians, has a longstanding relationship with Microsoft. I knew that Darren would have a unique perspective on the future of talent, especially as a CSO with a background in physical security. 

Darren started his career at the Australian Federal Police, with a focus on global transnational organized crime, where he first encountered Microsoft through our work with national law enforcement. Upon entering the telecommunications industry, he witnessed the growing awareness of online dangers and the acknowledgment that technology would play a significant role in evaluating and mitigating security risks moving forward. Darren was an early advocate for a converged security model, or “CISO to CSO—drop the I—with a one approach fits all security model” that breaks down the silos between those two verticals. Darren is a “huge believer that in the years to come, CSOs can become the future CEOs, since CSOs own the horizontal accountability across the organization.” 

As for the future of security talent? Darren says, “Our new world is shaped in a way where it’s making it more and more difficult to ensure generational change because of an ability to retain or hang onto a career longer. We, in the industry, particularly in cybersecurity, have continually said we need more talent. Technology advancements, in particular automation and GenAI, are going to take some of today’s opportunities away, especially with junior roles. We have to be conscious of how we develop generation next for the opportunities of the future.” Darren also highlights the importance of educating graduates in the security space about the broader perspective and where opportunities exist now and in the future. “In order to address the issue of what tech is doing to better careers, we need to change the language, the narrative, to better tell people how opportunities have changed and how they stand to benefit.” 

Darren and I agree that it's essential to broaden the understanding and interest of non-technical people in security issues – and that the future of our business depends on it. The future for security is bright and security must be for all and by all.

• Earlier this month our leaders further our Security Future Initiative with the announcement that every employee will be responsible for security as a part of their review process. You can read more from GeekWire.  

• Read our analysis of CrowdStrike's outage report and learn how customers and security vendors can use the flexibility and integrated capabilities of Windows for increased security and reliability. 

• Last week, Microsoft shared our deep expertise in AI-first end-to-end security and extensive threat intelligence research at Black Hat and DefCon. I loved this piece from Dark Reading about how a thriving community means stronger security. 

• Brad Smith recently wrote a piece on how to protect the public from abusive AI-generated content and how our laws need to evolve to combat deepfake fraud. 

• Don’t miss the recent Security Insider about how to deter cyber warfare in the age of AI.  

• I highly recommend reading latest MTAC Elections Report concerning Iranian interference targeting the 2024 US elections. 

• Last month we announced the launch of the new Microsoft Entra Suite, which brings together identity and network access controls to secure access to any cloud or on-premises application or resource from any location. Learn more here. 

Something that recently inspired me is the Olympics! It’s incredible to watch athletes from all over the world as they push the limits to what is possible and inspire us to push our limits. 

A quote I love in honor of that: “Before you can achieve, you must believe in yourself. You are more capable than you think.” – Simone Biles.