The capabilities of artificial intelligence and machine learning are accelerating, and many cybersecurity tasks currently performed by humans will be automated. There will still be plenty of work to go around so job prospects should remain good, especially for those who keep up with technology, broaden their skill sets, and get a better understanding of their company's business needs.
Cybersecurity jobs won't go the way of telephone operators. Take, for example, Spain-based antivirus company Panda Security. When the company first started, there were a number of people reverse-engineering malicious code and writing signatures.
"If we still were working in the same way, we’d need hundreds of thousands of engineers," said Luis Corrons, technical director at PandaLabs.
Instead, the company's researchers created tools that do most of those jobs.
"That means that nowadays we only have to take a look at a tiny portion of the new malicious code that shows up every day -- more than 200,000 new malware samples per day. I cannot imagine how we could do our main task, protecting our customers, without AI."
Does that mean that hundreds of thousands of engineering jobs have been destroyed? Of course not, he said.
"Being realistic, no company could afford that," he said.
In fact, AI has actually created new jobs, he said, including those of improving internal systems and creating news ones, and jobs for mathematicians applying AI to those systems.
"I get asked a lot by parents and college students about where they should be focusing, and security is where I think there are a lot of opportunities," said Karin Klein, founding partner at Bloomberg Beta, Bloomberg's venture fund that invests in early-stage tech companies.
There's a great shortage of talent in the industry, and a growing need for security professionals, she said.
AI tools will put more power in your hands
AI promises to automate repetitive tasks and those that require the processing of large amounts of information.
But the industry needs that, since there's too much for humans to process on their own.
"It's more about augmentation rather than automation," said Klein.
That's been a common theme for the cybersecurity companies she's been investing in, she said, adding that she is very optimistic about what the AI technology will bring.
"It's going to help that over-stressed IT guy who is trying to manage everything," said Dale Meredith, author and cybersecurity trainer at Pluralsight. "It's going to help him have more time to look at what's important for the company."
AI is just another tool, he said.
"And it's coming along at the right time," he added. "Think of the amount of data we have now compared to just five years ago."
New technologies, like the Internet of Things, promise to generate even more data, said Jason Hong, a professor in Carnegie Mellon's School of Computer Science and an expert in AI and cyber security.
Peter Metzger, vice chairman and cybersecurity and business risk expert at DHR International
"Almost every aspect, every dimension of society now relies on computers, and the need for security keeps on growing," he said.
That will allow individual analysts to do more than they can today, and do it more effectively.
"In the near term there are still plenty of positions and not enough professionals," said Bryan Ware, CEO at Haystax Technology. "But over time, AI will allow analysts to be more productive, automating low level tasks and intelligently alerting the analyst."
For example, better AI will make it easier for security professionals to sort through mountains of noise to find actual indicators of compromise, said David Campbell, CSO at SendGrid, a Denver marketing company that suffered a breach last year.
[ ALSO ON CSO: Supplementing cyber security strategy with Artificial Intelligence ]
"AI will help speed the identification and prediction of security breaches," he said. "This will bolster career prospects for security professionals that are adept at divergent thinking, and limit career prospects for more traditional SOC analysts that respond to alerts without considering the larger picture."
With AI automating out the horrible, routine, cutting-and-pasting jobs, most of the growth in the cybersecurity profession will be in forensic investigations, said Kris Lovejoy, CEO at security firm Acuity Solutions.
That may require additional training, she said -- not necessarily a full university course, but something like a SANS training program.
"The security field currently requires lots and lots of manual labor," she said. "You've got folks doing either very entry-level jobs, almost IT administration, and very sophisticated folks with lots of education spending 80 percent of their time waiting for something to load."
That gets frustrating and burns people out. With automation, the jobs are going to become more interesting -- and there might be less churn in the profession as a result, she said.
There will also be new job opportunities when it comes to properly deploying AI tools.
"AI isn't free," said Haystax's Ware. "Many techniques require significant algorithm training, data mark up, and testing that has to be done by humans."
The care and feeding of AI also involves ensuring that the AIs have highly available, highly secure infrastructure on which to run, said David Molnar, IEEE member and senior researcher at Microsoft.
"Highly available infrastructure because if the AI stops, the business suffers," he said. "Security, because if the AI gets bad data or the AI is hacked, then the business makes bad decisions."
The CSO's job will increasingly be about protecting the AI's role in business, and understanding the processes around the AI.
And the CSO might also need to act as a mediator between the AI and the rest of the company.