ChatGPT, AI and the Cyber Security Industry
The world of AI reached a whole new level at the end of 2022 with the launch of Open AI’s ChatGPT (Chat Generative Pre-Trained Transformer). Once the domain of serious techies, we suddenly saw AI in the hands of everyone - the novelty of machine-generated Christmas out of office messages and LinkedIn profile updates became all the rage.
But as tools like this enter the mainstream, people quite rightly begin to question the effect on industries and those who work in them. We decided to put together this initial post looking at how AI / Machine Learning such as ChatGPT could impact cyber security as a whole and further, the way in which we recruit talent in this space.
Cyber Security Meets ChatGPT
Like with most things, the simple answer is that engines such as ChatGPT have both pros and cons in relation to cyber security.
Organisations have already been using Machine Learning (ML) to help identify and analyse cyber security trends. This helps cyber teams become more proactive to threats in as close to real-time as possible. For professionals working in cyber, the tool has the potential benefit to help out with the more mundane, administrative tasks of desk research, pulling together reports, policies etc. In these instances it can be used for increasing efficiency and saving time. Similarly, the industry is seeing application in helping develop scripts and write some code.
It is, however, important to note that the system is unable to run autonomously and still needs a human eye to check for accuracy. The engine relies on reinforced learning, therefore code is still quite ‘buggy’ and without dedicated ‘teaching’ it doesn't take into account the specific requirements or nuances of a team or organisation.
From a risk prevention point of view, there have been concerns that ChatGPT will make a cyber professional’s work more difficult, despite its rules preventing it from undertaking malicious activity. For example:
- Phishing - the ability to write content with correct spelling and grammar, compared to the current error-prone and clumsily written phishing/scam emails, mean that identifying and avoiding malicious activity becomes exponentially harder
- Social engineering - as above the ability to generate content much faster using ChatGPT could increase ability to fool humans and falsely build trust by identifying more personal information and using this as ‘hooks’
- Malware - with the support of AI, even those with less technical skills are able to produce malicious code than previously before.
AI and Recruitment
When it comes to recruitment, there doesn't initially feel like there’s a specific association with machine learning programs like ChatGPT. However taking a broader look at what it can do, there are several applications where it could be of use.
For some job seekers, writing a CV can be a daunting process. Having the assistance of AI could help in such cases, and with cover letters when required. However, this would still require a candidate to spend the time working with ChatGPT to provide the information and check for accuracy (conversely the potential downside is that it does offer more opportunity for CVs and cover letters to be more ‘embellished’ and not entirely reflect the truth about skills and experience).
For those recruiting there are some definite time saving and efficiency upsides to using AI. Collating information about a role or candidates, writing the high level parts of job descriptions and other standard correspondence is something that could leverage the capabilities of ChatGPT.
In addition, based on the highlighted opportunities for more sophisticated cyber threats and attacks using AI, it suggests that the role of cyber security professionals will remain in high demand.
But don’t just take our word for it
This post seemed like an ideal opportunity to have a play with ChatGPT - and here it is straight from the (artificial) horse’s mouth
[Response from ChatGPT when asked about its effect on cyber security professionals and recruiting in the cyber industry: ]
Overall, ChatGPT has had a positive impact on cyber security professionals by improving threat detection and response, facilitating collaboration, and streamlining incident response procedures.
ChatGPT has had a significant impact on the recruitment of cyber security professionals. With its ability to analyse vast amounts of data and provide insights, ChatGPT can assist recruiters in identifying top talent more quickly and effectively. Furthermore, by automating repetitive tasks such as screening resumes and filtering job applications, ChatGPT can free up recruiters' time to focus on more strategic tasks such as engaging with candidates and building relationships. ChatGPT-powered recruitment chatbots can also improve the candidate experience by providing instant responses to queries and offering a more efficient and streamlined application process. As the demand for skilled cyber security professionals continues to rise, the use of ChatGPT in the recruitment process can help organisations stay ahead of the competition and attract top talent.
Perhaps a little biased, but certainly makes some valid points when it comes to the opportunities for AI in this area. There’s a quote currently doing the rounds “AI wont take your jobs, people that use AI will”. A fairly aggressive ‘scare’ type statement - and as we’ve touched on, there will be an ongoing learning curve for AI that doesn’t replace the need for human capability. Plus it’s only as good as the questions it’s asked!
However, there is something to be said for those who make sure they understand the technology and its capabilities, and recognise where it might have advantages in their work in the future - and, particularly for cyber professionals, where they need to develop plans to counteract its misuse.
As specialists in our field, we always aim to undertake an open, rigorous recruitment process with our client/partners, as well as the candidates we work with, to obtain the desired outcome for both parties. If you’d like any more information about recruiting or retaining top cyber security talent, or if you’re looking for your next cyber security role, reach out to the Decipher Bureau team.
With offices across Brisbane, Sydney, Melbourne and Canberra - and an experienced team around the world, we’d love to help you out.
Speaking of recruiting top talent, Decipher Bureau is currently looking for consultants! If you're interested in having a chat about joining the team, and to find out why we’re a great place to work, please get in touch.