Re: The Untold Realities of Cybersecurity Jobs

Caute_cautim · ‎05-22-2023

Hi All

An interesting prediction, and backed up by a Gartner report:

https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybers...

The original piece link is here:

https://www.linkedin.com/pulse/unmasking-shadows-untold-realities-cybersecurity-jobs-nermin-smaji%25...

Isn't this really a call for augmentation by AI to assist cybersecurity professionals?

Regards

Caute_Cautim

AndreaMoore · ‎05-23-2023

@Caute_cautim

We just published a blog yesterday on this topic too

ELIMINATING STIGMA AROUND MENTAL HEALTH IN THE CYBERSECURITY PROFESSION

https://blog.isc2.org/isc2_blog/2023/05/eliminating-stigma-around-mental-health-in-the-cybersecurity...

It is mental health awareness month. This is a good reminder to all of you to prioritize your mental health! You can't pour from an empty cup; so take care of yourself so you can take care of the security of your organziations!

Help each other out, share what tips you all do to de-stress in the comments.

ISC2 Community Manager

dcontesti · ‎05-23-2023

@Caute_cautim @AndreaMoore @

Here is a blog, we (@Caute_cautim, @trickydicky and I) wrote last May 2022.

How to Prevent Burnout Among Cybersecurity Professionals Before, During and After a Breach - (ISC)² ...

Burnout amongst security folks has been an issue for many years.

Will AI help? In some ways, it may but in others, it will add to the stress. Why do I say it will add to the stress? Not only will Security folks leverage the tool to try to improve security but the hackers will be using it to build bigger and better ways of breaching our systems.

At the very first security conference I attended, I heard William H. Murray speak and one thing he said stuck with me through the years. That the FBI stated 75-85% of all security incidents were caused by insiders. I came away in disbelief. I had many questions after that.....oh how soon I learned that stat was correct.

d

ericgeater · ‎05-23-2023

"That the FBI stated 75-85% of all security incidents were caused by insiders."

Would you say that also includes unintentional or unknowing insiders, such as email clickers and social engineering marks?

-----------
A claim is as good as its veracity.

dcontesti · ‎05-23-2023

@ericgeater

That quote was from the late 1990's and at the time, it included both malicious and unintentional events. They did not make a distinction.

We know that phishing, etc. have become the bane of our lives. Sometimes, the user is curious and sometimes they do not realize.

The attacks are becoming more and more sophisticated. These types of attacks will become more difficult to defeat as AI is leveraged to develop them and make folks believe that the invoice is valid or that it's just an innocent story or whatever......

Part of the stress that I feel comes from trying to keep up or ahead of what is happening. Another part of my stress is worrying that one of these attacks will ultimately cause the loss of human life (remember, I work for a steel manufacturer who uses computers in their processes).

Other folks may stress over losing their employment if something happens.

d

Caute_cautim · ‎05-23-2023

Hi All

It seems to coincide with some recent reports which were released from various sources:

https://www.cybersecuritydive.com/news/ciso-concerns-material-cyberattacks/649787/

Burnout is a real issue, yes AI can assist, but there is also a greater need for augmentation and automation to assist organisations too. The use of Enterprise Attack Security Management (EASM) would certainly prepare organisations to identify the real threats 24x7 and reduce approximately 30% of unknown vulnerabilities.

We have to get smarter about tackling cybersecurity within our organisations, making it more tangible as to the real threats vs the potential threats.

Regards

Caute_Cautim

Steve-Wilme · ‎05-24-2023

And if you've worked in organisations in which people do get fired for events which are beyond their reasonable control, it's obviously going to make anyone left in post uncomfortable. No set of controls is going to be 100% effective and if they work for a smaller organisation without significant resources or budgets, being expected to defend against national state sponsored actors isn't reasonable. The concern about APTs can easily distract from focusing on getting the cyber security basics right.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

parmstrong · ‎05-24-2023

@Steve-Wilme wrote:
And if you've worked in organisations in which people do get fired for events which are beyond their reasonable control, it's obviously going to make anyone left in post uncomfortable....

Any such organization would quickly find itself populated with craven individuals who never speak up, take action only when told, and avoid innovation like the plague.

Steve-Wilme · ‎05-26-2023

@parmstrong Possibly, but more likely to find that they suffer a sudden shortage of cyber security staff and then have to pay over the odds to hire replacements.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS