What’s next for the humans of cybersecurity?

Omobolaji O Vincent

3/23/20202 min read

For some of us, it’s the start of week two, for others, it’s day one and for some, it has been long in this unusual time we find ourselves as the world battles COVID-19. While I try to do my part to stop the spread by social distancing, a thought came to mind during the past week and after spending some time reflecting on it, I decided to write about it to welcome other ideas.

The thought started with my mind flashing back to how cybersecurity threats and solutions have evolved in the last two decades. We have moved from the era where the focus was just on viruses/worms and all that was required was antivirus solutions, then to network solutions such as firewalls, IDS, IPS, etc. We then moved to the era of improving visibility where it was all about log management, SIEM, Threat Intelligence, etc. Now the trend is shifting a lot more towards automation and orchestration, managed detection and response. To simply put, we have gone from prevention to early detection and now rapid response.

With the continuous evolution of trends such as Cloud, AI, etc., I couldn’t stop but wonder what the future holds for cybersecurity. I began to wonder if we would ever get to a time when technology or cyber security would become a mature industry. By mature, I mean it has passed the growth phase and is on its way to declining. Before further drowning myself in what would have been an infinite loop, I decided to pivot and think about what the fate of cybersecurity professionals would be. I was interested in what would happen if we ever get to that point where everything was fully automated. Would we still need security professionals? Or in another way, what can cybersecurity professionals do with the additional time they would have since they can push some of their current tasks to machines.

Given these puzzling questions, I discussed with my friend/brother/colleague Adolphus Bassey and we came up with the following points about the future landscape for cybersecurity professionals:

Going back to basics and reinventing how we preach security hygiene to everyone.

Opportunity to contribute more to the ever-evolving regulatory landscape to help simplify compliance. Regulation has always lagged and has failed to keep up with the rapid change in technology.

More involvement in the business and help create or capture more value by employing more quantitative and qualitative measures. For example, evaluating return on security investments or making security become a value proposition to pitch to customers, investors and other stakeholders.

Security requirements for relatively newer areas such as IoT, Robotics, Driverless Cars, AR/VR.

Engineering skills to codify security for better integration with DevOps.

The above list is an attempt to imagine what cybersecurity professionals should continue to focus and not novel in any way as most of the ideas are what is already currently in practice in some form or shape. However, I would like to know your thoughts, questions or comments.