Cybersecurity is a vast field; it’s sprawling in its disciplines, with a wide range of technologies, types of work, and needs. Somebody can work in this field for 10 years and not do everything that there is to do in it, the same could be said for entire careers. This is both incredibly exciting and in some ways daunting.
One of the reasons we have this opportunity is because technologies continue to change so rapidly. New technologies come out, technologies begin to integrate and work together, and new use cases for technologies emerge. There are a variety of emerging technologies inside of the cybersecurity field that is very exciting to me, opening up new and creative ways to grow a security program. The areas below are by no means comprehensive but serve as a snapshot of the things that are interesting to me.
True Data Tools
Security is a field dominated by data, attackers need data, defenders need data. For the longest time though our data tools were entirely centered around SIEM platforms, which are mostly for logs. Large investments have been made in these SIEM deployments all over the industry, yet we collectively have not produced insights on the same level as other organization functions like marketing or advertising teams.
Investments made in data tooling specifically geared towards security use cases is exciting. Many vendors have slightly different vernacular for this, data lakes, data mash, data warehouses, the list goes on. The point is not to advocate for a particular approach, rather, to consider a change in the way we aggregate, analyze, and model our security data. There is so much more to our field than log data.
Software Integrity Verification
The emphasis on software bill of materials (SBOM) in industry lately has correlated with solutions focused on integrity verification. In other words, using cryptographically verified build artifacts in production workloads is an exciting development inside the context of zero trust and application development. An SBOM artifact also opens up opportunities to achieve the benefits of software composition analysis to software you otherwise would have zero insights into, such as SaaS/PaaS solutions or COTS products.
This development begins to reduce the risk of compromised CI servers, which has been quickly emerging as a major threat vector, similar to active directory compromises in a corporate network.
Expanded Security Automation Tools
Security automation started to really take off with the introduction of SOAR solutions, this was a game-changer. There has been exciting work happening as of late around more functions, such as:
- Automated penetration testing
- Attack surface discovery
- DevSecOps pipeline orchestration
- Vulnerability aggregation and reporting
With the explosion of work to do in security and the shortage of people, automation is critical. This trend is exciting because it enables teams to quickly build small and large automated processes, all of which have compounding benefits, like Zapier for security teams. This class of tooling also alleviates the need for highly skilled software engineers to exist on or support teams to build and maintain tool integrations and the subsequent logic to drive process automation.
There’s so much change happening in the Cybersecurity Field, the three examples above are a small snapshot of things that I am personally excited about. I suspect that I could write this article in a year and feel quite differently. However, each of these examples creates multiplier effects inside of a security team, something that is desperately needed as we are also battling a workforce shortage across the entire field. In particular, embracing and operationalizing data and process automation is a definitive step along the maturity curve for cybersecurity as a discipline.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: