Using AI responsibly with accountability is crucial in the security industry: Cisco’s Shailaja Shankar
Enterprises are witnessing a surge in cyberattacks driven by global events and the widespread accessibility of advanced technologies. In an interaction with TechCircle, Shailaja Shankar, SVP Engineering, Security Business Group at American technology company Cisco Systems, delves into many facets of cybersecurity, including Cisco's artificial intelligence (AI) strategy within the sphere of security, the challenges confronted by security leaders, and how the gender gap in cybersecurity can be reduced. Edited excerpts:
How do you see emerging technologies such as AI transforming the future of cybersecurity engineering?
AI and machine learning (ML) are arguably the most exciting technological developments in over a decade, if not longer. This is a significant focus area for us at Cisco Security and the security industry as a whole. It's easy to see why when you consider that security is essentially a "data problem," making it ideal for AI innovation, as AI is primarily focused on processing and extracting insights from large datasets. From an engineering standpoint, it's crucial to recognise that there are opportunities for innovation in both AI for security and security for AI. We must address both aspects. While AI will undoubtedly empower security professionals, it also has the potential to empower hackers and other malicious actors by reducing the cost of launching attacks through AI utilisation. AI and ML have been widely adopted in the security industry to improve visibility, detection, prediction, and automate the response to security breaches. Recent advancements in AI, such as the emergence of generative AI (Gen AI), signal a new era of possibilities in cybersecurity. Gen AI's ability to streamline complex security processes and support junior analysts in security operations centres (SOCs) highlights its potential to democratise security operations. By facilitating more efficient implementation of adaptive security controls and workflow automation, Gen AI aims to enhance the effectiveness and resilience of security measures against evolving threats.
How is Cisco's security team using AI and ML to tackle the changing threat landscape?
We consistently assess resource allocation through the stop-start-grow methodology. Our vision for Security Cloud has been revealed, along with three security suites — User, Cloud, and Breach Protection — all delivered on a unified platform. Our goal is to provide comprehensive solutions for various scenarios, whether it’s zero-trust access, breach protection, or multi-cloud adoption. These suites aid customers in achieving higher security effectiveness and operational efficiency. Looking forward, Cisco Security's strategic emphasis on utilising AI and ML technologies to enhance security measures and streamline operations demonstrates a proactive stance in dealing with evolving threats. By investing in guided experiences and automated workflow processes, Cisco aims to improve real-time threat prevention and strengthen defense against zero-day attacks, ultimately leading to better security outcomes for all involved stakeholders.
Do you believe that women have broken the glass ceiling in cybersecurity? How can we have more women in cybersecurity, which is currently facing a talent crunch?
I do not believe that women have broken the glass ceiling in cybersecurity, as the numbers still show that less than 25% of the cybersecurity workforce is women. It is concerning that women tend to leave the cybersecurity field faster than men, especially in more technical roles. It is clear to me that simply shedding light on this issue will not be the solution. However, I do believe that there are practical steps that women can take to encourage more women to join and stay in the field. First, women who are already in the cybersecurity industry must give back generously. They should share their experiences willingly to help guide women who are joining the field or considering leaving. This is why I devote a lot of time and energy to becoming a mentor to women, especially early-career professionals. I also sponsor organisations like Women in Technology and How Women Lead to give women the opportunity to join a tribe that can provide the power of shared experiences. Second, to women in cybersecurity or any technology field, I say they must treat their careers as if they are building a company. This means investing in growth by acquiring knowledge and skills. They should also cultivate a "board of directors" consisting of mentors and sponsors who can provide honest guidance and oversight.
What role can tech companies like Cisco play in making opportunities available for women to pursue careers in cybersecurity?
First, companies have to truly understand that diversity is good for their business. According to industry data, gender-diverse organisations are 45% more likely to improve market share and achieve 53% higher returns than less diverse companies. Second, companies have to acknowledge the fact that gaps in wages and advancement opportunities still exist, along with discrimination. Companies that address these issues by removing barriers to entry and advancement are making the best investment any company can make. I’m proud that Cisco not only understands these issues but takes real action toward building a truly inclusive future for all. Setting goals and targets for diversity at all levels in the organisation helps, just as we do with business metrics. As an organisation evolves to be more diverse, having programs around belonging, not just inclusion, will ensure that the work force you are attracting can be themselves and contribute to their full potential.
Could you share your perspective on the importance of responsible AI in product development for cybersecurity?
Using AI responsibly with accountability is a crucial need for the entire security industry. The good news is that, by and large, the security industry has practiced good data hygiene by default. We tend to log everything and strive for data accuracy and integrity. To use AI responsibly, data governance must be prioritised in terms of access, definitions, and controls to establish guidelines on who can do what and what they will do with the data. It’s also important to adhere to well-established guidelines built around the principles of transparency, fairness, accountability, privacy, security, and reliability.
What key cybersecurity trends do you foresee in the next few years?
When it comes to future cybersecurity trends related to AI, the possibilities appear to be limitless. One specific area of focus will be utilising AI to streamline policy creation and management. Currently, over 90% of customer escalations revolve around policies, rules, and configurations. Therefore, it makes sense that simplifying policy management across hybrid and multi-cloud environments is an area where AI can have a significant impact on the user experience. For instance, we recently introduced our AI Assistant for Security, which enhances operational efficiency while boosting security posture, starting with firewall and secure access policies. There are even more advancements on the horizon. I am enthusiastic about the opportunity to alleviate a great deal of burden from the customer, instilling more confidence in you as a solution vendor capable of helping them configure their environment for optimised operations with the appropriate levels of visibility.