Cybersecurity skills crunch blog

8 Key Cybersecurity and AppSec Skills for the Generative AI Era

Worried about cyberthreats? You should be. The digital realm was dangerous enough even before the
rise of generative artificial intelligence (GAI), with a cyber-attack striking every 39 seconds. Now, as
hackers use a new generation of GAI tools for everything from automated spear phishing and deepfakes
to rapid malware generation, the problem will only intensify. A 2022 estimate of $10 trillion in annual
damage by 2025 already seems low.

As businesses work to protect their data, customers, and employees, they face critical challenges in two
key elements of security: cybersecurity and application security (AppSec).

Working on the front lines of protection, cybersecurity teams can help keep attacks at bay by detecting
and defending against threats to servers, mobile devices, electronic systems, networks, computers, and
databases. But cybersecurity talent is notoriously hard to come by, with an estimated 3.5 million open
jobs worldwide. GAI makes it possible to create and iterate malicious code and complete phishing
campaigns at blinding speed, pushing traditional tools and methods to the breaking point—and
threatening burnout for shorthanded cybersecurity groups.

Within the network, AppSec professionals work to harden systems and applications against external
threats through measures like vulnerability management, testing, authentication, authorization, and
logging, but these tactics have become much more challenging to apply as innovations around cloud,
APIs, microservices, open source, and infrastructure as code (IaC) have transformed the attack surface.
Meanwhile, remote work has scattered potential entry vectors across a vast array of public and private
access points. As in cybersecurity, AppSec budgets and staffing levels tend to lag far behind what’s
needed.

With talent in short supply, businesses need to prioritize the aspects of cybersecurity and AppSec most
relevant to the threats we face today. Here are eight key areas of focus for hiring and skills
development.

1. AI-powered threat detection

As hackers embrace artificial intelligence to amplify their impact, defenders are doing likewise. While
traditional threat detection tools could be trained only on existing malware examples, generative AI
makes it possible to anticipate potential variants before they appear in the wild. As a result, they can
train threat detection solutions proactively to detect these threats as soon as they enter the
environment, rather than only after they’ve begun infecting targets. AI can also increase the speed and
scale of threat detection by analyzing vast amounts of data more quickly than humanly possible, and by
automating workflows and response tactics to limit damage.

AI-powered tools can help reduce the workload of security analysts, but they will not entirely eliminate
the need for human staff. Instead, organizations should focus on hiring or training staff on the skills
needed to use these technologies to their fullest potential, including data engineering, detection
engineering, threat modeling, and automation engineering.

2. Cloud security
The cloud isn’t exactly a new technology, but organizations can’t afford to be complacent about the
maturity of their cloud security capability. As on-premises infrastructure is combined with public and
private cloud resources in a hybrid environment, misunderstandings about the shared responsibility
model can easily lead to security gaps where neither the vendor nor the customer is ensuring
protection. Misconfigurations in identity and access management can leave sensitive data exposed,
while the same encryption tools used to protect data in transit can also leave malware and exfiltrated
data invisible to security solutions.

To protect data and system across hybrid and multi-cloud environments, organizations will need to
leverage tools such as Cloud Access Security Brokers (CASB), Cloud Infrastructure Entitlement
Management (CIEM), and Cloud Security Posture Management (CSPM), as well as improved encryption
methods in tandem with solutions for SSL/TLS inspection. The ability to use these technologies
effectively will be critical for security teams.

3. Cloud-native AppSec
Cloud technologies have transformed application development as much as infrastructure. Modern
cloud-native apps are built using microservices, deployed using containers, and managed using
orchestration platforms such as Kubernetes—adding new layers of infrastructure, new levels of
complexity, and the potential for new security risks. As microservices use APIs to communicate with
each other across cloud environments, they greatly increase the volume of data traveling across the
network, often without the strict authentication and authorization controls enforced for human
identities. A breach of a single microservice can easily spread throughout the entire app and beyond.
AppSec teams and developers alike need to understand risks such as these and how to address them
through measures such as microservices isolation, network isolation, image security, configuration
security, and runtime security monitoring.

4. Mobile, IoT, and 5G security

Mobile app usage continues to surge, and with it, the potential vulnerabilities that come with personal
devices used for work, sideloaded apps, consumer services, and lost or stolen devices. Mobile device
management combined with strong authentication can help mitigate these risks, but as a key area of
focus for hackers, mobile security should be a top priority for every cybersecurity team.

Internet of Things (IoT) devices pose many of the same risks as smartphones, tablets, and laptops,
introducing a vast array of distributed access points into the enterprise ecosystem, while typically
leveraging an even lower level of security. Many such devices lack even rudimentary capabilities for
encryption, secure communication, or monitoring. Patching and vulnerability management is often
minimal as well—unsurprisingly, given that many IT groups struggle to keep even traditional desktop
and laptop computers updated. Authentication and authorization can be an afterthought, with default
admin names and passwords remaining in place indefinitely. But make no mistake: a compromised IoT
device can put the entire network in danger.

As 5G networks increase their reach and power, so will the cybersecurity challenges they represent.
Ensuring the resiliency of these networks and enforcing 5G security protocols will be critical to ensure
that this expansion of the attack surface doesn’t lead to expanding attacks.

Taken together, the growth of mobile, IoT, and 5G make it clear that modern businesses are truly
borderless—at least as far as security is concerned. With no perimeter to defend, organizations can be
exposed to threats in more places than ever before. Their security teams must have similarly far-
reaching skills.

5. Identity & access management and Zero Trust

Stolen or abused credentials are one of the most common factors in successful cyberattacks. Keep in
mind too that for every human identity in the organization, there may be many more constantly
changing machine identities used to connect various systems and endpoints. Keeping all of these
identities up to date and managing the associate privileges can be a massive undertaking.

Multi Factor authentication (MFA) has become a baseline requirement for many organizations, but it’s
only part of the solution. Security professionals need to be able to manage identities across the entire
lifecycle, perform predictive access risk analysis to understand where privileges need a higher level of
restriction, and continuously monitor user access and behavior to detect anomalies and signs of abuse
or attack.

Zero Trust architecture, another widely adopted best practice, includes the principle of least privilege:
allowing the lowest possible level of access and authorization, for the shortest time possible, to the
fewest resources possible, as required for essential work. While Zero Trust is simple in its essence, its
dynamic nature calls for a high level of understanding and skill to make the right decisions, perform
effective monitoring and analysis, and keep pace with ever-shifting business requirements without
compromising security.

6. DevSecOps
Continuous development/continuous integration (CICD) methodologies like DevOps brought new speed
and agility to software development—and threatened to leave security behind along the way. In
response, some organizations are working to integrate security into the CICD pipeline with DevSecOps,
an approach in which security professionals help teach developers to identify and correct security gaps
and misconfigurations earlier in the DevOps pipeline. By shifting-left on security and testing, these teams
can push out code more quickly while preventing vulnerabilities from reaching production.

While DevSecOps offers clear advantages, its implementation can be an uphill struggle. Cultural barriers
between AppDev and security get in the way of collaboration. Developers often find security tools hard
to use and resent the distraction from coding. Hybrid cloud environments make it difficult to gain a
comprehensive view of the application landscape across cloud and on-premises systems.

For DevSecOps to succeed, developers must come to see security as an enabler, not a blocker—a
partner to deliver better apps, faster, without unintended consequences. This calls for both technical
and political skills on the security side. Candidates who can bridge the DevSecOps gap will be worth their
weight in gold.

7. Security automation
In a fast-moving threat ecosystem, cybersecurity depends on speed. Security automation software can
use AI and machine learning to identify threats, flag suspect data and user behavior, offer context,
provide next steps, and even take action on its own to stop an attack or limit its extent. Automated
monitoring can cover more of the environment, more effectively, reducing visibility gaps and time lags
to close windows for attack.
Security teams today need to know how to automate processes such as investigations into malware and
phishing, behavioral analysis, policy changes, and vulnerability management. As part of the evolution to
DevSecOps, they should be able to provide security as code as part of an automated application
development pipeline. Beyond increasing speed, consistency, and accuracy, automation can help ease
the workload for security teams—helping mitigate the ongoing talent shortage.

8. Regulatory compliance
The enforcement of the General Data Protection Regulation (GDPR) has already led to massive fines
against U.S. companies operating in the E.U., and it’s only one of many new and updated mandates on
data security and privacy. Cybersecurity and AppSec professionals will both have essential roles to play
to ensure that their organizations are secure, from the applications in the environment to the systems
and networks through which they are delivered. Understanding the specific regulations that apply to the
organization, the provisions they contain, the mechanisms to meet these requirements, and the
intricacies of compliance management will be critically important for these teams.

Rethinking security hiring

As organizations strive to close the cybersecurity talent gap, it’s worth taking into consideration the
recommendations of a recent report by the World Economic Forum. Noting that the postings for these
positions are often too vaguely defined, overly focused on certifications rather than capabilities, and
don’t effectively communicate the benefits of working within the industry, the report identifies
weaknesses in recruiting as a key part of the problem. The WEF also finds that efforts focusing on a
greater diversity of candidates, in terms of both underrepresented groups as well as professional
backgrounds beyond computer science, can prove successful. Soft skills such as effective
communication, problem solving, strategic thinking, and people management can be especially valuable.

As AI-powered security tools and automation reach maturity, methodologies such as DevSecOps gain
widespread adoption, and the candidate pool for cybersecurity and AppSec broadens, we can hope that
the security talent gap begins to ease in the years to come. Until then, focusing on these eight areas can
help your organization mitigate risk and keep pace with cybercriminals—or even one step ahead.

[CTA?]