Cyborgs Need Not Apply
The future of work and its impact on the workforce – particularly cybersecurity teams – likely will strengthen employee, business, and board engagement, not erode them, as many fear.
Using advanced technologies to automate repetitive cybersecurity tasks can be an effective response to rapidly evolving threats. Equally important is that individuals and teams affected by new projects are made aware that automation will likely create higher value work that only humans can perform.
Tales of robots and artificial intelligence (AI) replacing humanity make for a compelling science fiction plotline but are hardly helpful in explaining how advanced technologies will augment work. To be sure, robotic process automation (RPA), cognitive technologies, and machine learning, among other advances, will disrupt and challenge the way organizations think about work, particularly cybersecurity. Yet the technologies that currently raise concerns in the workplace about job security may be the same ones that create new opportunities within the same functions.
Still, automation projects have left some cyber professionals feeling uneasy because they assume the work being turned over to machines is not viewed as valued. There’s a mischaracterisation that can occur when automation is introduced into the business and management does not have a proper communications strategy to address questions and perceptions about the transformation.
Using advanced technologies to automate repetitive cybersecurity tasks can be an effective response to rapidly evolving threats. Equally important is that individuals and teams affected by new projects are made aware that automation will likely create higher value work that only humans can perform. In the cybersecurity function, that work might include assessing advanced analytics for threat intelligence, developing insights to improve compliance while encouraging innovation, driving process enhancements focused on customer-centric design, and ultimately defining the value offered the business with appropriate scale and quality.
Many cybersecurity executives and professionals many individuals have welcomed these enhancements and are asking supervisors for additional training to improve existing skills and learn new ones. A commitment to retraining helps communicate the belief that automation is a strategic tool that can free up team members to produce insightful analysis to enhance executive decision-making.
In some organisations, individuals and teams suspect data quality might suffer if automation is used too liberally. These perceptions about data quality should dissipate with time, however there is human error occurring on a regular basis that often goes unnoticed. If systems are configured properly with supporting mitigating controls, the quality of data may improve as the focus of the time spent analysing the information will be based on anomalies or risk-based decisions, which often require more immediate attention.
While organisations may need to assess data in a different way, comfort levels with automation usually increase as tasks that were once measured in hours or days are completed in minutes and the validity of the data improves without affecting, or perhaps improving, quality.
The Rise of the Gig Worker
Gig talent, the “off balance sheet” contract workers hired by organisations to supplement the traditional workforce is another future of work consideration. Hiring gig talent is one way to expand an organisation’s knowledge base and introduce a variety of ideas from different perspectives that may originate inside or outside the organisation.
Assembling this complement to the workforce entails identifying the skills needed to satisfy internal or marketplace demands, assessing which skills are not currently on staff—and possibly providing up-skill or cross-skill training— and then having functional and technical leaders work with the talent organisation to tap into an external candidate pool. With the introduction of a broader workforce that includes third-party suppliers and contractors, the suggestion would be about putting in place appropriate controls and reviews associated with the full lifecycle of managing talent to understand the potential risks associated with insider-threat situations.
As an organisation’s ecosystem expands, technology can help monitor third-party contractors and the broader supply chain, providing some reassurance to executives that additional protections are being deployed to address potential security weaknesses and areas vulnerable to exploitation.
The Future of Work in the Boardroom
Board members may be inclined to challenge the risk/reward equation associated with deploying advanced technologies in the workplace of the future. That could be especially true given the traditional view that “our employees are our greatest asset” and concerns about potential workforce disruption, among other issues. However, as advanced technologies enable cybersecurity teams to focus on higher-value tasks, boards may increasingly view the function as a business enabler, rather than a cost centre.
These and other positive impacts of advanced technologies also may give board members different perspectives about overseeing the risks associated with the future of work. For example, boards may want to know how new technologies can support or accelerate an agile transformation strategy aimed at delivering products or services at speeds greater than the pace of disruption.
These technologies likely will enable cybersecurity to be more agile and incorporated into the product and service development lifecycle, and not be treated as an afterthought. Security by design is one way to develop secure products and services and reduce organisational and customer risk - a top board agenda item.
***
Expectations about the future of work and its effect on employees, management, and the board are not science fiction. Deploying advanced technologies and automation in the workplace won’t diminish the need for talent because many of the skills employees—particularly cybersecurity teams—use today are foundational, such as risk analysis, threat assessment, project management, and process improvement. These are skills that are valued by organisations regardless of which tasks are automated, but it’s still likely organisations will need to find mechanisms to continue to incentivise this workforce through training and education, as well as job advancement.