Artificial intelligence is a double-edged sword when it comes to cybersecurity — and will be a core driver of demand for new cybersecurity professionals, according to the keynote speaker at an event organized by the Washington State Cybersecurity Center of Excellence.
Generative AI, said Jim Reavis, CEO of the nonprofit Cloud Security Alliance, is “the change dynamic that’s sort of the elephant in the room.”
“Generative AI creates a lot of work for us in that it creates all these new, different attack vectors,” said Reavis, ranging from potentially more effective phishing emails to more rapid, automated vulnerability scanning. “It’s going to create all these zero day vulnerabilities.”
But Reavis said simultaneously, the cybersecurity profession has taken notice of generative AI’s potential.
“Every cybersecurity company is trying to figure out how they leverage generative AI to actually make their solutions better,” he said, including using it to scale up solutions and “automate things that you didn’t think you could automate before.”
Reavis’ keynote was part of an afternoon-long public event last Wednesday in Bellingham, Wash., called, “Securing the Next Generation of Technology Workers.”
The focus, however, was directly on cybersecurity since the venue — Whatcom Community College — hosts several state or federal cybersecurity initiatives, including both the National Cybersecurity Training & Education Center (NCyTE), funded by the National Science Foundation, and the state’s Cybersecurity Center of Excellence (CCoE).
More need for more pros
Brent Lundstrom, director of CCoE, said AI is just one of several developments spurring demand for more professionals and new positions. He said, in talking with industry in his role directing the statewide cybersecurity information hub, that the move to “cloud-first” infrastructure is another factor.
“People used to be running their own servers and owning those servers and now they’re doing that in a public cloud environment,” he said. “It brings in a lot of different complications.”
Another trend contributing to demand? Growing organization concerns about “governance, risk and compliance,” the types of regulation and policy matters that can also overlap with AI.
“There’s a concern about your privacy and what you put into the AI technologies and how that information is stored,” he said.
All told, Lundstrom estimated there were more than 7,500 unfilled jobs in cybersecurity across the state and the CCoE, founded in 2022, was continuing to work to bring employer needs and cybersecurity workforce education into better alignment.
Reavis cited estimates that, in total, there were 5.5 million cybersecurity professionals today. He compared that to the roughly 12 million police officers at work.
“When you understand and think about technology enveloping us like never before, and more and more of our life depends upon it, you can easily make the case that that 5 million cybersecurity professionals is a drop in the bucket,” Reavis said.
Advice to students and industry
About 100 employers, educators and students — including those from Whatcom Community College’s cybersecurity program — attended the afternoon forum.
As part of the event, a panel of cybersecurity leaders from Boeing, Chipotle Mexican Grill, TIRO Security, the Washington State Auditor’s Office and the Cloud Security Alliance offered career advice to the students and potential students in the audience.
One repeated theme: Students should network, whether it’s in person at inexpensive regional BSides cybersecurity conferences or virtually with professionals on LinkedIn. And industry should reach out to education programs to get involved with students’ capstone projects and create more internships.
“I’d also love to see more industry internships turn into full-time jobs,” said Jessica Lewallen, IT security auditor in the Washington State Auditor’s Office. She described her earlier career progression from an internship role to full-time work with the City of Anacortes as “let’s find somebody here who can at least mostly do the job and we’ll train them from there.”
“That was amazing for my career,” she said. “I’d love to see more of those opportunities.”
All the recent developments lead to a future cybersecurity workforce that keynoter Reavis said will have to be able to knowledgeably apply a broad and likely AI-enhanced tool set.
“The amount of creativity, the amount of patience, the amount of thinking outside of the box, the amount of not just following instructions, but having real creativity, using all the different skill sets you have, become really important in how we’re able to be cyber warriors,” he said. “How we’re able to protect things.”