cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

The Untold Realities of Cybersecurity Jobs

Hi All

 

An interesting prediction, and backed up by a Gartner report:

 

https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybers...

 

The original piece link is here:

 

https://www.linkedin.com/pulse/unmasking-shadows-untold-realities-cybersecurity-jobs-nermin-smaji%25...

 

Isn't this really a call for augmentation by AI to assist cybersecurity professionals?

 

Regards

 

Caute_Cautim

 

 

 

 

 

8 Replies
AndreaMoore
Community Manager

@Caute_cautim 

 

We just published a blog yesterday on this topic too

ELIMINATING STIGMA AROUND MENTAL HEALTH IN THE CYBERSECURITY PROFESSION

https://blog.isc2.org/isc2_blog/2023/05/eliminating-stigma-around-mental-health-in-the-cybersecurity...

 

It is mental health awareness month. This is a good reminder to all of you to prioritize your mental health! You can't pour from an empty cup; so take care of yourself so you can take care of the security of your organziations!

 

Help each other out, share what tips you all do to de-stress in the comments. 




ISC2 Community Manager
dcontesti
Community Champion

@Caute_cautim @AndreaMoore @

 

Here is a blog, we (@Caute_cautim, @trickydicky and I) wrote last May 2022.

 

How to Prevent Burnout Among Cybersecurity Professionals Before, During and After a Breach - (ISC)² ...

 

Burnout amongst security folks has been an issue for many years.

 

Will AI help? In some ways, it may but in others, it will add to the stress.  Why do I say it will add to the stress?  Not only will Security folks leverage the tool to try to improve security but the hackers will be using it to build bigger and better ways of breaching our systems.  

 

At the very first security conference I attended, I heard William H. Murray speak and one thing he said stuck with me through the years.  That the FBI stated 75-85% of all security incidents were caused by insiders.  I came away in disbelief.  I had many questions after that.....oh how soon I learned that stat was correct.

 

d

 

ericgeater
Community Champion

"That the FBI stated 75-85% of all security incidents were caused by insiders."

 

Would you say that also includes unintentional or unknowing insiders, such as email clickers and social engineering marks?

--
"A claim is as good as its veracity."
dcontesti
Community Champion

@ericgeater 

 

That quote was from the late 1990's and at the time, it included both malicious and unintentional events.  They did not make a distinction.

 

We know that phishing, etc. have become the bane of our lives.  Sometimes, the user is curious and sometimes they do not realize.

 

The attacks are becoming more and more sophisticated.  These types of attacks will become more difficult to defeat as AI is leveraged to develop them and make folks believe that the invoice is valid or that it's just an innocent story or whatever......

 

Part of the stress that I feel comes from trying to keep up or ahead of what is happening.  Another part of my stress is worrying that one of these attacks will ultimately cause the loss of human life (remember, I work for a steel manufacturer who uses computers in their processes).

 

Other folks may stress over losing their employment if something happens.

 

d

 

Caute_cautim
Community Champion

Hi All

 

It seems to coincide with some recent reports which were released from various sources:

 

https://www.cybersecuritydive.com/news/ciso-concerns-material-cyberattacks/649787/

 

Burnout is a real issue, yes AI can assist, but there is also a greater need for augmentation and automation to assist organisations too.  The use of Enterprise Attack Security Management (EASM) would certainly prepare organisations to identify the real threats 24x7 and reduce approximately 30% of unknown vulnerabilities.

 

We have to get smarter about tackling cybersecurity within our organisations, making it more tangible as to the real threats vs the potential threats.

 

Regards

 

Caute_Cautim

Steve-Wilme
Advocate II

And if you've worked in organisations in which people do get fired for events which are beyond their reasonable control, it's obviously going to make anyone left in post uncomfortable. No set of controls is going to be 100% effective and if they work for a smaller organisation without significant resources or budgets, being expected to defend against national state sponsored actors isn't reasonable. The concern about APTs can easily distract from focusing on getting the cyber security basics right.
-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
parmstrong
Viewer III


@Steve-Wilme wrote:
And if you've worked in organisations in which people do get fired for events which are beyond their reasonable control, it's obviously going to make anyone left in post uncomfortable.... 

Any such organization would quickly find itself populated with craven individuals who never speak up, take action only when told, and avoid innovation like the plague.

Steve-Wilme
Advocate II

@parmstrong Possibly, but more likely to find that they suffer a sudden shortage of cyber security staff and then have to pay over the odds to hire replacements.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS