Industry data indicates a positive trend in salary and job satisfaction over the past three years, with mild improvements in gender diversity. Samantha Humphries, Senior Security Strategist at Exabeam, tells us why she thinks automation will only serve to benefit the cybersecurity industry, and how she predicts the industry’s future will evolve in 2021.
Despite 88% of cybersecurity professionals believing automation will make their jobs easier, younger staffers are more concerned that the technology will replace their roles than their veteran counterparts, according to new research by Exabeam, the Smarter SIEM company. The finding is part of the 2020 Cybersecurity Professionals Salary, Skills and Stress Survey, an annual survey of security practitioners. Overall, satisfaction levels continued a three-year positive trend, with 96% of respondents indicating they are happy with role and responsibilities and 87% reportedly pleased with salary and earnings. Additionally, there was improvement in gender diversity with female respondents increasing from 9% in 2019 to 21% this year.
The purpose of the survey is to gain insights on trends related to salary, education level, job satisfaction and general attitudes towards innovative and emerging technologies such as Artificial Intelligence and Machine Learning (ML), among cybersecurity professionals worldwide. The survey was fielded to more than 350 professionals in the US, Singapore, Germany, Australia and the UK, collated by research company, Censuswide.
“The concern for automation among younger professionals in cybersecurity was surprising to us. In trying to understand this sentiment, we could partially attribute it to lack of on-the-job training using automation technology,” said Samantha Humphries, Security Strategist at Exabeam. “As we noted earlier this year in our State of the SOC research, ambiguity around career path or lack of understanding about automation can have an impact on job security. It’s also possible that this is a symptom of the current economic climate or a general lack of experience navigating the workforce during a global recession.”
Of respondents under the age of 45, 53% agreed or strongly agreed that AI and ML are a threat to their job security. This is contrasted with just 25% of respondents 45 and over who feel the same, possibly indicating that subsets of security professionals in particular prefer to write rules and manually investigate. Interestingly, when asked directly about automation software, 89% of respondents under 45 years old believed it would improve their jobs, yet 47% are still threatened by its use. This is again in contrast with the 45 and over demographic, where 80% believed automation would simplify their work, and only 22% felt threatened by its use. Examining the sentiments around automation by region, 47% of US respondents were concerned about job security when automation software is in use, as well as Singapore (54%), Germany (42%), Australia (40%) and UK (33%). In Exabeam’s 2019 survey, which drew insights from professionals throughout the US, UK, Australia, Canada, India and the Netherlands, only 10% overall believed that AI and automation were a threat to their jobs.
On the flip side, there were noticeable increases in job approval across the board, with an upward trend in satisfaction around role and responsibilities (96%), salary (87%) and work/life balance (77%). When asked what else they enjoyed about their jobs, respondents listed working in an environment with professional growth (15%) as well as opportunities to challenge oneself (21%) as top motivators. Just over half (53%) reported jobs that are either stressful or very stressful, which is down from last year (62%). Interestingly, despite being among those that are generally threatened by automation software, 100% of respondents aged 18-24 reported feeling secure in their roles and were happiest with their salaries (93%).
Though the number of female respondents increased this year, it remains to be seen whether this will emerge as a trend. This year’s male respondents (78%) are down 13% from last year (91%). In 2019, nearly 41% were in the profession for at least 10 years or more. This year, a larger percentage (83%) have 10 years or less, and more than one-third (34%) have been in the cybersecurity industry for five years or less. Additionally, one-third do not have formal cybersecurity degrees.
“There is evidence that automation and AI/ML are being embraced, but this year’s survey exposed fascinating generational differences when it comes to professional openness and using all available tools to do their jobs,” said Phil Routley, Senior Product Marketing Manager, APJ, Exabeam. “And while gender diversity is showing positive signs of improvement, it’s clear we still have a very long way to go in breaking down barriers for female professionals in the security industry.”
Samantha Humphries, Senior Security Strategist at Exabeam, discusses the future of the cybersecurity landscape in more detail and what it might look like in 2021.
How would you describe the current state of cybersecurity and how do you predict this will differ over the next five years?
On the list of things that are worrying me right now is hearing about organisations making cuts to their cybersecurity teams because of COVID. Granted, it’s been a really tough time financially for most organisations, and frankly I’m biased, but for me this should be the last area to make cuts.
Unfortunately, cybersecurity is still often seen as a cost centre, which is a problem. Cybersecurity is an enabler for the business, an enabler for the employees, and by extension an enabler for the customers. However, if there isn’t the support from the executives in the business, the idea of it being a cost centre will be hard to detach. One of the hardest things to get across is the value that cybersecurity brings to the organisation. Some C-suites really get it, others don’t. Unfortunately, by the time they realise the importance, it’s too late.
I’ve seen too many times that once the dust has settled after an incident, the security team is actually glad it’s happened because they now have the proof of their value to business operations. That’s a sad state of affairs.
Compared to five years ago, I definitely see cybersecurity being more on the board agenda now which is great. I think and hope that in the next five years, it will be on every board’s agenda – because it will need to be. We are seeing more cyberattacks than ever before, with more breadth of organisations being hit. This will help to improve the state of cybersecurity, but unfortunately the journey will be painful for many organisations, particularly for those who are not already prioritising cybersecurity in the way they should be.
What are some of the overall cybersecurity threats you expect to take place in the near future and how will this affect employment?
I don’t think ransomware is going anywhere soon. We will continue to see strains of ransomware evolve and ransomware as a distraction become more and more commonplace. Unfortunately, it’s something that works really well for cybercriminals – too well.
We will continue to see breaches occur because of a lack of security around remote working and the use of personal devices and home networks. The more cloud, the more connected devices, the more opportunity for cybercriminals.
How do you predict the use of automation tools will shape the cybersecurity landscape?
Cybercriminals have been using automation longer than security teams have. The cybersecurity industry as a whole needs to be quicker off the mark and needs to better embrace automation.
Automation is the answer to how we deal with the amount of data we are generating – it will create new roles like automation engineers and automation architects, for example. But it will ultimately come down to enabling automation – if your business is still doing everything manually, it’s going to have a knock-on effect. Organisations that do not embrace automation in cybersecurity will get left behind as they will be more susceptible to attacks.
How far do you agree with the 88% of cybersecurity professionals who believe automation will make their jobs easier?
I agree fully with the 88% and I want to speak to the other 12% and ask, ‘why wouldn’t it?’
Automation will make their job easier and will never make their job harder. It’s there to help drive efficiencies and ultimately provide decision support to humans. I don’t know how you can work in a technical discipline and not see how automation will make your job easier.
Do you expect the number of females within the industry to continue rising?
Yes! I think that more organisations are embracing diversity in general and cultivating a more inclusive environment. I also think there is a really good support network for women in security, be that organised or unorganised. We love to see it. And there’s men supporting women as well. My friend, Rik Ferguson, who’s VP of Security Research at Trend Micro, has a pledge pinned on his Twitter account where he won’t agree to appear as a guest on a panel unless there’s also a woman on the panel.
I want to see the vendor community step up. Too often we see white, male spokespeople represent and speak on behalf of vendors and this needs to change. We need to be better as vendors to represent diversity in the industry.
How could the ambiguity surrounding the impact of automation be improved to put employees at ease?
It will be important for leaders to bring employees into the conversation. Automation really is there to help accuracy, efficiency and improve working conditions for employees. But, if you don’t talk to them to understand what the pain points are, you’ll be fighting a losing battle.
If it’s an abrupt decision and not a considered conversation, your teams are going to be worried. I think it’s all about talking to individuals, understanding what it is they’re doing manually and pinpointing where exactly automation can help them and emphasising the value it will bring. IT and development teams have already implemented a lot of automation, so I think spending time with other teams who are seeing the benefits will help to ease employee concerns.
However, we still need humans and decision-makers and investment in people as much as we need investment in software.Click below to share this article