The introduction of new technology has always forced the workforce to adapt – creating great benefits and new challenges alike. The significant integration of technologies such as AI is accelerating the pace of change in the workplace, prompting questions about the human role in a modern workforce. While the ‘networked’ nature of these technologies provides many benefits, it also increases risks, particularly risks relating to cybersecurity. Addressing these challenges will require a workforce and leadership that is ready to shift its thinking to incorporate emerging technologies into capability planning and risk management efforts.
In , we examined how the workforce should evolve to address cybersecurity risk. Here, we will look at AI as an example of how organizations must be prepared to adapt to the changes brought on by new technologies. AI is a great example of how emerging technology can give us fantastic new capabilities to help cybersecurity efforts, but it will require flexibility to ensure that it is being used properly and that we have the right workers in place to capitalize on the benefits it provides.
As AI begins to take over tasks and become a critical part of our projects, there are critical questions that we will need to answer. How will we work alongside AI to maximize its benefits? How will the workforce respond to new security challenges that AI introduces? How can each of us play a role in mitigating these risks? The next step to develop the cyber secure workforce is to figure out our role and what critical thinking skills we will need to work with new tools such as AI.
The Future of the Cybersecurity Workforce
Cybersecurity is increasingly part of our lives and our jobs. Cyber threats are more common, and the consequences of incidents are more widespread. But there is an alarming shortage of cyber-trained professionals.
Some believe AI will fix the cybersecurity talent gap by filling positions like rote data analytic jobs or detecting malware on a network. However, like most new technology, AI is a tool, not a solution. More importantly, it is a tool that doesn’t work the same way in every situation. The cyber needs of a large power plant are different than those of a coffee shop. A bank will have different cyber resources than someone protecting a personal computer.
AI can’t solve all of our problems. Figuring out how best to deploy AI and the rest of our tool kit will require a cyber-literate workforce that thinks critically and incorporates new practices into planning and operations.
Facing New Cyber Challenges
Promote cyber culture in the workplace. We must advance cyber culture in our work, preparing everyone for the changes that AI technology will bring and the potential cybersecurity risks that it could introduce. We are increasingly connected to our devices and digital platforms, and the introduction of AI means more devices are being connected and connecting to each other. This means that everyone should get into a cyber-secure mindset – it’s not just a problem for your IT staff anymore.
The good news is that it’s not hard to start. In fact, almost all of us are already doing it. Every day, we encrypt information, report phishing attacks, and follow basic cyber measures when accessing our personal email accounts. We can build on this basic familiarity with cyber measures to make cybersecurity a normal part of our everyday work.
But preparing for the future of cyber also requires continuous learning. Cyber technology is ever-changing, so our training and understanding of the issues must be as well. can help individuals and companies share expertise and develop best practices. These Centers have developed initiatives to improve employees’ ability to recognize cyber threats and address IT staffing shortages.
Remember that cybersecurity is everyone’s job. The introduction to AI has created countless new automated systems and processes that connect more and more of our daily operations. As its use continues to grow, it becomes more and more important that everyone helps safeguard their portion of cyber systems. HWC is one of the principal authors of forthcoming guidance from the National Institute of Standards and Technology (NIST) National Initiative on Cybersecurity Education (NICE) that discusses steps that businesses can take to build a cyber-secure workforce. A basic premise is that even if cybersecurity is not your primary role, you still have an obligation to be cyber-secure.
“In an age of persistent cyber threats, no organization can be secure without the active participation of everyone on the team. Effective security can’t be achieved through a set of specialized activities performed in isolation by designated professionals; everyone has a role to play in protecting the organization. Each member of the team, from the chief executive to the newest intern, holds the power to harm or to help, to weaken or strengthen, the organization’s security posture.” —NIST NICE guidance
AI is a powerful tool for improving cybersecurity efforts and daily operations, but it also means that everyone in an organization needs to understand how that tool works, what it needs to work properly, and what to do if something goes wrong.
Take a critical look at how skills are prioritized. Promoting strong cybersecurity in the face of rapidly changing technology requires the right balance of how to promote and train for a wide range of skills. The lays out some of the work roles, knowledge, skills, and abilities that will help shape the cybersecurity workforce of the future. Beyond the need for workers with technical skills, a cyber secure workforce can utilize non-technical skills to help adjust to the very rapid learning curve of new technology. Companies’ ongoing evaluations of employees have shown this to be true across industries. Cathy N. Davidson’s new book, , discusses Google’s evaluation of employee skills. When Google looked at hiring, firing, and promotion data to see what skills were being valued most in daily operations, they were shocked by the results. STEM skills were ranked lower than the “soft skills” they had traditionally spurned. AI has illustrated this need. You don’t just need employees who can program the AI – you also need employees who can think critically about how incorporating everything AI can and cannot do changes their work.
Develop curriculum that addresses how to ‘work’ with emerging technology. It is impossible to predict and train for future technologies. Technological change vastly outpaces our ability to develop and implement policy and training. What we can do, however, is focus on building skills that make it easier to adapt to technological changes. The workforce must have critical thinking and reasoning skills to meet new challenges. At some companies, like GE and Shell, . Humans increasingly work in jobs that require non-technical skills such as creativity, emotional intelligence, problem-solving, and risk management.
“Humans can think orders of magnitude into the future, and machines cannot… Agility and understanding context are some of the things that the human mind can do better.” —
Training should include a focus on the skills needed to bridge technological capabilities and dynamic project needs – emphasizing the things that we can do best and making sure people understand how they can use these new tools.
What Hath Technology Wrought
While AI and other technologies can help address cyber workforce gaps, we are still learning how to use these tools effectively. Everyone must play a part in solving the broader challenges presented by these changing technologies. We should update cybersecurity curriculums, workforce frameworks, training, exercises, and competency models to reflect changing needs.
Most of all, we need to be adaptable—personally, professionally, and organizationally. Get used to the new reality. Your new co-worker might be more data bytes than human bits, but that doesn’t mean cybersecurity is no longer your responsibility. You still need to be ready to make decisions and build up the skills needed to ensure our cyber secure future.
Share your experiences with how you’ve worked to address the capability gaps created by changing technology. What do you think it will take to adapt to working alongside these new tools?