By Members of the RSA Conference Advisory Board

Humans Evolve with Technology

According to Norton, the number of records breached in 2019 was an all time high, reaching more than four billion records. As a result, the cost of defending against malicious actors also continued to skyrocket, leaving the industry in a state of heightened risk and uncertainty. In these unpredictable times, however, one thing remains certain: cybersecurity, at its core, is inherently connected to the Human Element.

In 2020, humans and technology will become even more intertwined, triggering the emergence of trends like diversity, the skills gap, how humans and technology can work together and even the consequence of human emotion. Several of the RSA Conference Advisory Board members share their own thoughts in these 2020 predictions.

Top Level Changes:

It's not surprising that many industry leaders are thinking about the ways in which both humans and technology will evolve and move toward a more secure digital world. According to Joyce Brocaglia, CEO of Alta Associates, Board Suited and the Executive Women's Forum, "2020 will be the year for cybersecurity executives to educate themselves on how boards operate and where they can add value so they are best prepared and positioned to meet this demand. Given the laws and institutional efforts driving board diversity; women in cybersecurity will have an unprecedented opportunity to bring their technology and business acumen to the boardroom."

Not only will executives advance their understanding of how boards operate, but the board members themselves will hone new skills. "Cybersecurity is a board level imperative creating more opportunities for those with cyber expertise to serve on boards, but cybersecurity experience alone, however, is not enough, Brocaglia says. "In 2020, the composition of boardroom directors will become more diverse in skills and gender. Digital Directors; those who provide oversight to a company's digital strategies and help them to mitigate risks will be in high demand in Non-Profit, Advisory and Corporate Boards."

Who's Got Skills?

While the industry definitely recognizes the skills and has taken many endeavors to address the problem, it remains true that hiring managers struggle to write information security-related job descriptions while candidates have trouble discerning which positions they should actually apply for and how they should go about the application process, says Caroline Wong, Chief Strategy Officer at Cobalt.io. "We have this pretty severe matching problem. That being said, I think that 2020 is the year when someone is going to come out with some sort of platform or matching technology that helps us to do this thing better. Maybe it's a platform that helps hiring managers put together job descriptions or get the word out. Maybe there's some sort of application or wizard that helps a candidate describe their skills and experience in a way that's easily accessible and useful for a recruiter or hiring manager. A sort of Tinder for cybersecurity jobs," Wong says.

Scammers Gonna Scam:

Advisory board member Todd Inskeep, Principal, Cyber Security Strategy, Booz Allen Hamilton, anticipates that scam artists aren't going to take a break in 2020. "Con artist-type scams will continue to be successful," says Inskeep. The problem is that our nature as humans is to be trusting. "Con artists have always preyed on this trust. At Internet scale, their methods are almost scientific-playing to fears to incite a quick response. This is core to this year's theme of the "Human Element." As we see exponential growth in computing power, and across technology, I fear we are creating changes so rapidly that people can't adapt to these new threats, or even adapt to the pace of changes that we'll see in the next decade and beyond. The gap between technology and our ability to adapt will leave gaps for con artists to exploit."

More Conversations about Technology:

Recognizing that there is an inherent challenge to AI, Wong believes there will be more conversation about what kinds of cybersecurity problems can be solved by automation and what must be solved by humans. "The data set you have regardless of how large and deep it is, will never actually match a future scenario-it's called ‘concept drift'-pattern matching on old data, and the predictions can never be exactly right," Wong says. As a result, she predicts that in 2020, "We are going to move away from this idea that technology is going to come and save us, and have a more nuanced conversation and maybe even see some models emerging with regards to how does a cybersecurity professional determine what problems are good candidates for technology to solve versus which problems are much better for humans to solve."

Indeed, Wong is not alone in her thinking about the challenges presented with AI. Inskeep says, "We are going to get a lot of new lessons from the usage of AI in cybersecurity this coming year. The recent story about Apple Card offering different credit limits for men and women has pointed out that we don't readily understand how these algorithms work. We are going to find that we have learned some really powerful things next year. We are going to find some hard lessons in situations where an AI appeared to be doing one thing and we eventually figured out the AI was doing something else, or possibly nothing at all."

##