The role of the cyber professional is evolving.
As cyber threats in the government become more complex and increase in number, it’s critical that our defenses advance too. Some of those advances, such as automation, artificial intelligence and machine learning, may also mean a change in the skill sets required of cyber personnel.
Although automation may strike fear in the hearts of some cyber professionals, the trend isn’t just about replacing federal employees with computers. It’s about leveraging software to do certain tasks for humans so they can focus on the tasks that computers can’t perform, such as advanced analysis or other more technical cyber tasks. In some cases, automation could necessitate an increase in cyber personnel. One thing is for certain: The role of the cyber professional is evolving. Here’s a look at seven cyber skills that will be in high demand in federal agencies:
Dashboard Analysis and Data Presentation: Automation can bring improved visibility, but also results in a significant increase in data. Chief information officers and chief information security officers will need an enterprise visualization of risks to effectively navigate the cyber environment. A good cyber professional will have a background in identifying and resolving cyber threats, not just running automated tools, and will be able to report the risks and implications to agency leadership.
Communication: Closely tied to the increased need for dashboard analysis and presentation skills is the increased need to communicate the risks uncovered through automation, AI and machine learning. Cyber professionals must translate the technology and risks into terms and actions decision-makers can take—helping federal CIOs and CISOs weigh the risks and understand the implications of various actions.
Hunting: Advances in criminal cyber tactics now require a more active cyber defense approach through cyber hunting. While automated monitoring tools and processes can be leveraged to scan and defend networks, cyber hunters can actively pursue unknown threats, enabling organizations to detect threats quickly, accurately, and in many cases before any damage occurs.
Data Auditing and Validation: Organizations seeking to leverage AI and deep learning should also plan to invest in cyber professionals with a strong background in data auditing and validation. It’s not just a matter of auditing the output; it’s equally as important to validate the sources of input the technology uses. Whether maliciously or innocuously consumed—bad data in, bad data out.
Policy Analysis: With increases in legislation, mandates and policies, such as the executive order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, not only will there be an increased demand for policy experts to interpret the new requirements but there will also be an amplified demand for experts who can develop a strategic plan of action to achieve compliance with those requirements. Federal organizations will need policy experts to assess emerging technologies (such as automation, AI and machine learning) to identify both potential risks and benefits of using the new tech. Organizations will also need policy experts to review exception requests from individual users or smaller components within the agency.
Traffic Analysis and Data Management: According to Cisco's Visual Networking Index, global IP traffic was 1.2 ZB (1 billion GB) per year in 2016, and is expected to reach 3.3 ZB per year by 2021. Such a massive amount of traffic is impossible to analyze apart from management and categorization best practices. There’s already a demand for traffic analysis experts, and the need for cyber experts who can separate traffic, classify, and whitelist will continue to grow. Effective traffic analysis is necessary to minimize false positives, maintain network situational awareness, and detect malicious activity.
Cyber Tools Selection and Customization: The Nmap Project has been cataloging the network security community’s favorite tools for more than a decade, and while there isn’t a shortage of network security tools, there is a shortage of cyber professionals with the skills to select, use and customize those tools for federal agencies. Some agencies may have selected a tool years ago, and they’ve simply upgraded the same tool year after year. While those tools may meet the needs of that particular agency, there are also many other vendors who may offer a tool that provides the same (or better) benefits for a lower price. Because of the increased number of cyber threats as well as the increase in network defense tools, there will also be an increased demand for analysts who can assess current tools against new ones, and recommend the best option, based on the needs and budget of the organization.
Ultimately, software will evolve to the point that it runs on its own. Sensors can automate and correlate findings, alerts can be prioritized through real-time analytics, intel feeds and asset data, and responses to common issues can be standardized and automated. For many organizations, the goal will be to remove the human element wherever possible. At that point, federal cyber personnel will be responsible for improvements through innovation. Software and machines may be able to process data and execute tasks, but they may not be aware of factors that aren’t on the network. Just as there are people—cyber criminals—behind cyberattacks, despite the automated techniques they may use, so too there must be people behind our cyber defenses, technically savvy and situationally aware.
Kalai Kandasamy is a senior network engineer for NetCentrics. Colby Proffitt is a senior analyst at NetCentrics.