Compiling data drawn from surveys sent out to more than a thousand IT and IT security practitioners within the UK and US, the Ponemon Institute, in collaboration with DomainTools, have recently published their insights in the report titled “Staffing the IT Security Function in the Age of Automation”.
Will automation shrink IT security functions’ headcount?
According to the report, more than half of the respondents (51%) believe that automation will lead to a loss of employment opportunities within the security field. This mentality seems to have shifted quite dramatically as it has risen by 30% in comparison to the results obtained last year. Between the UK and the US, however, it would appear that this rising belief is especially pronounced among the UK respondents, with 56% answering that it would reduce headcount, compared to 45% of US respondents. Correlating with this belief, is the upsurge of concern that they may be made redundant due to automation, from 28% to 37% in the last year alone. Yet, despite these fears, around 1 in 7 organisations’ IT security functions are understaffed.
Humans won’t become obsolete
While most respondents agree that automation has the benefit of freeing IT security staff from the more mundane tasks to focus on resolving serious vulnerabilities, there is still an underlying understanding that the role of humans is indispensable. Indeed, only 40% of respondents trust automation to reduce human error and 74% insist that automation is not capable of accomplishing certain tasks done by IT security staff. In this way, it looks as if the sentiment towards automation is bittersweet.
Nevertheless, rather than the loss of bodies within the sector, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, responds with optimism. He states that “What is more likely is for there to be a consolidation of existing roles, rather than an elimination. This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.”
Automation makes security professionals’ jobs a little easier
In fact, automation does provide a multitude of benefits. For example, 60% of employees affirm that automation has aided in reducing stress levels and 43% confirm it increases productivity, whether through decreasing false positive and/or negatives (43%), increasing the speed of analysing threats (42%) or prioritising threats and vulnerabilities (39%).
As Corin Imai, Senior Security Advisor at DomainTools, maintains, “Automation is already improving the productivity of security personnel across industries. We are … just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles. However, the human factor remains the most important player in information security…those that become experts in deploying and managing automating solutions will have a new valuable skill set for many years to come.”
Apart from having the skills to deploy and manage automating solutions, it also important to be aware of the environment we operate in, including being familiar with regulatory compliance standards such as GDPR. With 77% of respondents citing that such standards have a global influence on organisations’ use of automation, it is increasingly mandatory that job candidates are acquainted with new and existing regulations, regardless of their experience, whether entry-level or otherwise.
For more insights and additional trends, download the full set of findings.