I am not an AI expert; I’m not even going to say I’m knowledgable about AI. I’ll describe my level of expertise, to sort of preface this post, as: I’ve been reading a few things. And of course I’ve been thinking a lot on how generative AI is impacting and will impact cybersecurity. Will it steal my job? Will it lead to large scale job losses in cybersecurity? Or will it make me, and other cybersecurity professionals, better at our jobs? Will it take on the tedious work and leave us to do the more interesting work?
It would be almost impossible not to be thinking about these sort of questions, given that the recent and ongoing exponential growth in generative AI is The Big Thing grabbing attention and headlines in the first half of 2023. A subject that is in the news every day and all day. It feels like AI is now an overnight sensation even though it’s been around and continually improving for decades. It’s easy to find thoughts on it that say it will change our world for the better in numerous impactful ways - from healthcare to climate change and saving the planet. And also easy to find thoughts along opposite lines - with themes that suggest generative AI, and even more so if Artificial General Intelligence (AGI) if and when it arrives, will be the death knell for the human race.
I’m going to talk about my current approach to all of this, which is working for me and may or may not make any sense at all to other cybersecurity professionals or those of you who are looking to get into a career in cyber:
Accept it, learn about it, roll with it
Accepting it is very easy, because it’s here and it’s happening and I can’t bury my head in the sand.
Learning about it pretty easy to do as well, at least in terms of my level of learning ambition. I’m realistic. I’m not going to become an expert on AI, or large language models, or any of the broader issues around it. Having said that, there is still a lot that I can learn and hopefully put to some good use in my work in cybersecurity and maybe even in life in general. I’ve started learning about it by doing some simple things:
Reading
There are a number of great Substack publications that cover AI and generative AI that I subscribe to. Yaro on AI, Web3, and its Global Impact offers broad coverage of trending AI news, as well as my favorite daily sections on Prompt of the Day and cool new AI tools. The Era of Generative AI brings me the thoughts and wisdom of Nina Schick, who strikes me as one of the early and impressive thought leaders in this space, as well as her in-depth interviews and chats with some of the biggest founders and players in generative AI. AI Supremacy provides a high volume of news and insight around AI from both a business and technology standpoint. Exponential View serves up wisdom on AI and other generative technologies.
I also do my best to read as much as I can on AI and cyber via cybersecurity focused sources. The National Institute of Standards and Technology (NIST) has published an AI Risk Management Framework document this year and I’ve been looking that over. A more recent example that I enjoyed reading is a position paper from the Cloud Security Alliance titled “Security Implications of ChatGPT”.
Trying Out AI Tools
I’ve been using some of the freely available and inexpensive generative AI tools for several months now. On the non-cyber focused side of this I enjoy the free and built-in features offered in my to-do app, the Pixel 7 Pro and its incredibly fast and accurate voice-to-text, and the Brave browser with its Summarizer feature. I also use some add-in AI capabilities in the Notion and Obsidian note taking apps that I use.
Back on the cyber focused side of this, I have tried out quite a few of the best known AI chatbots, and settled on using ChatGPT and Google’s Bard the most often. The image at the top of this post is of the beginning of a chat I had with ChatGPT a few days ago - inspired by that position paper from the Cloud Security Alliance. My prompt - as you can see - asked about techniques used by adversaries to establish persistence. I didn’t need to give ChatGPT any further context and did not include the word “cybersecurity” in my prompt, and it returned quite a good answer. I then asked if it could provide some example persistence techniques from MITRE ATT&CK specifically, and again it did quite a good job.
Sticking with the ATT&CK focus, I used this prompt: What are some of the best mitigation techniques for attacks using PowerShell, per MITRE ATT&CK? This got another solid answer, Here’s a portion of it:
Rolling with it feels good and (mostly) easy to do as well. I’m fully aware that ‘bad guys’ are already finding a myriad of ways to take advantage of generative AI and make their tools, techniques, and attacks more effective. But I also see reasons to be optimistic about how cybersecurity defenders can use it to speed up, enhance, and automate our capabilities in areas like detection, analysis, response, and more. Even the simple chats with ChatGPT I’ve mentioned here are promising. They are often going to be a faster alternative to web searches or combing through my own notes on a cyber topic, to grab some ideas that I can then build on in many scenarios.
I also feel pretty good on the AI is not going to take my job away from me today/next week/next month side of things.
For any of you who currently work in cyber, or are looking to be working in cyber, I would love to hear your current thoughts about all of this.