AI: how is it impacting the cyber security professions?

From the rise of ChatGPT and the creation of a veritable ecosystem around it, to competitors’ responses, 2023 was, in many ways, the year of artificial intelligence. 2024 is also shaping up to be a momentous year for announcements, with releases of new solutions, takeovers, and all kinds of strategic pivots. Against this backdrop, the impacts of artificial intelligence on the cybersecurity profession has become a hot topic.

“When we consider the impact of artificial intelligence on corporate security, we need to ask how it can be used to improve threat detection and automate responses. The same reasoning applies to the implementation of action plans to prevent attacks and, more generally, to manage vulnerabilities,” says Pierre-Emmanuel Denni, an IT recruitment consultant at Clémentine, a recruitment agency specializing in the digital and IT sectors.

Cyber auditors: from evaluation to recommendation

Cyber auditors are among the professions impacted by the rise of artificial intelligence. Their main task is to evaluate cybersecurity-related processes. This global assessment covers legal, technical and organizational aspects, as well as physical security. In the months and years to come, artificial intelligence could develop the capacity to take over some or all of this process.

“One of the sectors in which I’ve met the most cyber auditors is industry. These professionals are responsible for conducting audits in order to gain precise knowledge of the tools used in the company and the processes in place, while checking on compliance with them. They then propose an action plan and monitor its implementation. Artificial intelligence will certainly enable them to develop precise KPIs and automate the collection of indicators during the audit phase, while helping them to make recommendations,” analyses Pierre-Emmanuel Denni.

Industrial cybersecurity experts: protection first and foremost

Industrial cybersecurity experts also serve the industrial sector. They too are seeing their profession transformed under the influence of AI. In their field, artificial intelligence will play a major protective role. An understanding of the different flows in operation will be key to addressing the complex managerial issues arising in the world of Factory 4.0. According to the consultancy Clémentine, artificial intelligence will support and assist human beings by enabling more accurate vulnerability detection.

“When examined closely, the industrial cyber specialist’s role often involves specific environments such as SCADA systems. Experts in industrial cybersecurity need to understand the worlds of IoT and OT (Operational Technology), and intervene in the field,” explains Pierre-Emmanuel Denni.

As a general rule, industrial cyber specialists should have a degree in computer science, industrial engineering or an equivalent qualification, with a specialization in cybersecurity. A thorough understanding of industrial systems, the relevant communication protocols and artificial intelligence is imperative.

AI threat analyst: a new role requiring a new skill set

The growing importance of artificial intelligence and the intensification of attacks facilitated by AI has led to the emergence of new professions. The AI threat analyst is one such example. “AI threat analysts will be required to use artificial intelligence for defense, but also to anticipate attacks, i.e., by trying to put themselves in the hackers’ shoes in order to understand how AI enables them to operate differently or more effectively,” notes Pierre-Emmanuel Denni.

The AI threat analyst’s role is a demanding one, requiring extensive experience in IT, preferably in cybersecurity or in artificial intelligence. In addition, a thorough understanding of the principles of artificial intelligence, machine learning techniques, encryption processes, operating systems and networks is essential. This understanding will enable these specialists to identify and understand new threats and then develop appropriate countermeasures.

Beyond the AI threat analyst’s specific role, CISOs must also acquire new skills. “We are seeing the emergence of this new requirement in terms of the ability to carry out effective monitoring, particularly for people moving into governance positions. The market is increasingly looking for hybrid profiles with an appetite for both technical and strategic issues and the ability to keep abreast of the techniques proposed by security solution providers.”

Another emerging position is that of the AI developer specializing in cybersecurity. These are data experts specializing in machine-learning algorithms and the processing of cybersecurity-related data. This role requires a background in computer science or engineering with expertise in artificial intelligence and cybersecurity.

The technical skills required for this post include programming (particularly Python and Java), machine learning and thorough knowledge of neural networks. This expertise is key to the design and development of advanced security systems using artificial intelligence.

2023 was therefore a pivotal year for artificial intelligence, with major impacts on the cybersecurity profession. Cybersecurity auditors and experts are seeing their work transformed by AI, which enables better threat detection and response automation, while new roles such as AI threat analysts are emerging, which require an advanced understanding of AI in cybersecurity.