Security Outsourcing: A.I. and Geographic
2023-4-3 19:11:5 Author: krypt3ia.wordpress.com(查看原文) 阅读量:8 收藏

This article is part of an ongoing experiment with the use of ChatGPT for developing primers on cyber security topics.

Recent events have gotten me thinking about outsourcing in the knowledge economy and in particular, the information security economy specifically, as it is my particular speciality. With the advent of A.I. in the form of the LLM’s out there now and others being created and implemented, the landscape is already changing quickly in the security space. However, that is only one force at work today, the other is of course the economic pressures and direction at play with the current economy.

I have been seeing a trend, as I was unemployed for three months, job seeking was a part of my daily grind. In the process of job seeking, I was seeing trends in not only the req’s that were out there, but also, through the process of interviews and rejections, it became clear that the trend is “Do more with less” By proxy, this also means do more with less skilled people, force people into multi role single positions, and to generally pay much less for experience if possible, and if not, hire less skilled individuals and hope for the best outcome.

The tech layoffs that have been taking place this year and part of last are not over, and in doing this, there is a purge of salaries and a bent by corporations to drive down the salaries for security operations. It’s been talked about in articles already in the news and all you really have to do is look at Mastodon or Twitter of late to see how many people you might know in the community getting laid off and seeking work. Add to this the idea that augmentation, if not replacement, of knowledge economy workers with the advent of A.I. you have a potent mixture of incentives by corporations to not only cut head count, but, also to outsource potential work to less skilled and cheaper sources of labor.

What this means for the moment, is that the cries before of there not being enough “skilled” security workers have died down to murmers if not silenced altogether for a cheaper and more amenable fiscal alternative that CFO’s like better, e.g. hire all those unskilled or underskilled workers and save the Benjamins. This of course doesn’t make the security of the corporation any better, but hey, we have cyber insurance!

We are good.

All of you should have no illusions that your company really cares about security. The security of the data they hold for their clients and their own IP even, isn’t a commodity that they consider to be paramount. Security has always been a cost center, and even today in the midst of all the hacking and leaking as well as geopolitical attacks happening, corporations are much more about the bottom line than they are about the ethics of security. So, what does it all mean?

Buckle up kids… It’s gonna be a rough ride.

Additionally to this bent towards cheaper labor, comes the thorny issue of outsourcing tech jobs to other nations that are certainly cheaper, and I have seen this happening as well. In one case, I was trying to hook up a mentee with a job only to be told that because they had an OSCP and they were in the USA, they could not hire them because they were cost prohibitive.

You read that right, OSCP and too expensive for an org that is making money hand over fist. Trust me, the company is flush, but, also known to be cheap with the owner raking in the money like a Russian oligarch sucking the collective’s carotid artery. This will be the wave of the near future I suspect. Perhaps this will change as a generality once companies are hacked or governments make companies more responsible about their security, but, I won’t hold my breath.

Meanwhile, the A.I. movement is already building capabilities with the likes of Microsoft with their announcement of it’s implementation into CoPilot.

The above image is a screenshot from an article released last week about the implementation of A.I. into CoPilot. Yeah, seems to be adding fuel to the fire right? Well, Microsoft is only reading the auguries really, they aren’t stupid. So, what does this mean? Well, soon enough, the A.I. will be at a point where skilled labor will be a niceity instead of a need and corporations will gobble that shit up.

More on CoPilot: Microsoft brings GPT-4-powered Security Copilot to incident response and Microsoft Puts ChatGPT to Work on Automating Cybersecurity

See, the problem isn’t the A.I. or that it exists, it is the greed and the inability for comprehension of the issues that could arise from its use that will adversly affect society that is the problem. We may have created A.I. but we are still simple tool users who want a path of least resistance to doing work. Societally as well, we are in no way capable of having a true utopian ideal because we are still too unenlightened to seek the benefit of all over the one.

Anyway, I asked ChatGPT-4 about the problems around its use in something like CoPilot and this is what it puked out…

It’s not wrong…

K.

The integration of ChatGPT-4 capabilities into security products like CoPilot in Microsoft can have a transformative effect on the information security landscape. As corporations increasingly adopt AI-powered tools, it’s crucial to consider how these technologies might lead to the replacement of high-paid information security workers and enable less skilled workers to take over certain functions in the field.

  1. Cost reduction: Corporations are always seeking ways to reduce operational costs, and by leveraging AI-powered tools like ChatGPT-4, they may be able to replace some high-paid information security professionals with lower-cost alternatives. This could lead to cost savings for the organization.
  2. Upskilling and reskilling: With AI-powered tools like ChatGPT-4, less skilled workers can be trained to perform tasks previously handled by highly skilled professionals. This upskilling and reskilling can provide opportunities for employees to move into information security roles while using AI as a support system.
  3. Streamlined processes: AI-powered tools can automate and simplify complex processes, enabling less skilled workers to perform tasks that previously required expert knowledge. This streamlining of tasks can lead to increased efficiency and effectiveness in information security operations.
  4. Enhanced decision-making: ChatGPT-4 can help less skilled workers make better decisions by providing real-time insights, recommendations, and contextual information. This can empower these workers to take on responsibilities that may have been reserved for highly skilled professionals in the past.

However, there are potential challenges and risks that corporations must consider:

  1. Loss of expert knowledge: The replacement of highly skilled professionals with less skilled workers may lead to a loss of expert knowledge and experience, which could negatively impact the quality of information security operations.
  2. Over-reliance on AI: Relying too heavily on AI tools like ChatGPT-4 could lead to complacency among less skilled workers, who may not have the experience or knowledge to recognize when AI-generated recommendations are inaccurate or incomplete.
  3. Ethical considerations: The displacement of high-paid information security professionals raises ethical concerns regarding the impact on job security, employee well-being, and long-term career prospects.
  4. AI limitations: While AI technologies have made significant advancements, they are not infallible and still require human oversight, particularly in complex and evolving fields like information security.

In conclusion, while ChatGPT-4 and similar AI-powered tools have the potential to enable less skilled workers to take on functions in information security, it’s essential for corporations to weigh the benefits and risks carefully. Organizations must maintain a balance between leveraging AI technologies and preserving the human expertise that is crucial for effective information security operations.

Krypt3ia generated this text with ChatGPT, OpenAI’s large-scale language-generation model. This author reviewed, edited, and revised the language to my own liking and takes ultimate responsibility for the content of this publication.


文章来源: https://krypt3ia.wordpress.com/2023/04/03/security-outsourcing-a-i-and-geographic/
如有侵权请联系:admin#unsafe.sh