In the future of cybersecurity, there is a new role that will be critical to the security of an organization: the Security Data Scientist. The security data scientist will bring new skills to the job, but that doesn’t mean they will be brought in from outside the InfoSec domain.
The new age of security has arrived. Populating the security operations centers (SOC) with skilled firefighters is no longer enough. An organization now needs smoke detection, experts sitting in the same room, looking for the beginnings of a security incident. In an ideal world, these people could even spot the areas with newspapers and gasoline stored together, heading off the danger. This can be accomplished, but only with a new mindset and new tools.
I have spent the past years trying to produce such a change: creating the tools for the job, training and developing the people for the job, evangelizing the need, even doing the job itself. I have learned many things from pursuing the Data Scientist Role. I came to the same understanding everyone agrees on: big data platforms and machine learning have a large role to play in the new age. What I have seen in the wild surprised me, and it just might surprise you too:
It is easier to teach data science to a security person than it is to teach security to a data scientist.
While this has been my experience so far, the reason behind the concept has taken a while to grasp. It comes down to expectations of the job and the type of people hired based on this criteria. For the most part, today’s data scientist is expected to have a broad knowledge of what tools are available, without too much depth into the computational details of each. This makes sense, as they are expected to spend a short time on each problem and then move on to the next. Security personnel are tasked with comprehending a complex dynamical network that includes machines and their human counterparts; in the science world, they have more in common with biologists who spend years studying one species. The passion and the interest in security data may lie more with the security person trying to do better at their job, but the data scientist can certainly contribute to the new SOC.
In general, data scientists most need knowledge about what tool to use next and less details of the domain, while security personnel need only the most relevant tools and they need to be able to use them well. The best security products will find a way to accommodate both needs.
At JASK, as an experienced scientist and tool maker, my goal is to create products that are wholly relevant to protecting your network and elevating the security skill of your SOC, while providing a place for data scientists to contribute their expertise and models.