News, news analysis, and commentary on the latest trends in cybersecurity technology.
AI Hype Drives Demand For ML SecOps Skills
Companies are putting "AI" in just about all of their products, which opens up new security holes. LLM SecOps and ML SecOps are becoming must-have skills.
In a sign of the growing importance of assessing the risks of artificial language to corporate assets, organizations are increasingly looking for job candidates with skills in machine learning (ML) and large language models (LLMs) to fill cybersecurity jobs. In ISACA's "2024 State of Cybersecurity" report, just less than a quarter of respondents (24%) named LLM SecOps and ML SecOps as the biggest skill gaps they see in cybersecurity. Soft skills — communication, flexibility, and leadership — continue to be the biggest category of skills that cybersecurity professionals are missing, according to 51% of respondents.
Wanted: LLM, ML Skills
LLM SecOps and ML SecOps are fairly new skill sets, but, like the technologies they secure, they now seem to be everywhere.
MLSecOps is the discipline of integrating security into the development and deployment of ML systems. It covers ML-specific processes, like securing the data used to train a model and preventing bias through transparency, as well as applying standard security operations tasks, such as secure coding, threat modeling, security audits, and incident response, to ML systems.
LLM SecOps refers to securing the entire life cycle of LLMs, from data preparation to incident response. LLM SecOps covers concerns as varied as ethics reviews in the design phase, data sanitization of training data, analyzing why the system made the decisions it did during training, blocking the generation of harmful content, and monitoring the model once it is deployed.
There is a growing list of resources for security professionals to build up their skills. For ML SecOps, Benjamin Kereopa-Yorke, a senior information security specialist and AI security researcher at telecommunications provider Telstra, maintains a GitHub repository of resources and trainings, with courses categorized by prior ML knowledge required and classified as vendor-agnostic or vendor-centric. Open Worldwide Application Security Project (OWASP) has a draft Machine Learning Security Top Ten list describing how ML attacks, such as data poisoning or member inference, work and how to counter them. OWASP also maintains the OWASP Top Ten for LLMs, which covers topics relevant to LLM SecOps, such as prompt injection, sensitive information disclosure, and model theft.
Organizations are looking for specific skills to fill open cybersecurity positions. After soft skills, cloud computing was the second biggest skill gap (42%), followed by security controls implementation (35%) and software development (28%).
With so much of the organization's workload now residing in the cloud, it makes sense that organizations need cybersecurity professionals with cloud computing skills. Securing cloud assets requires a different mindset and technical skill set than traditional networking, and cloud providers handle certain tasks differently, requiring specialized knowledge.
Security controls implementation refers to protecting endpoints, networks, and applications. The skills gap in software development was not coding related, but rather things such as testing and deployment. Again, this highlights the challenges organizations are having in securing their software development pipelines and integrations.
About the Author
You May Also Like