Will Machine Learning and AI create Infosec Super Humans?

In-brief:will computers and artificial intelligence “kill the infosec star” (to paraphrase The Buggles) with algorithms taking the place of workers who buy food, houses, cars and clothing? Maybe not, says Dario Forte of DF Labs in this Security Ledger podcast. 

Most of the predictions about the rise of computer-driven automation are bleak – at least for humans. Already, the lion’s share (85%) of manufacturing jobs lost between 2000 and 2010 in the U.S. were lost to automation, not international trade. And that’s just the beginning. In the coming decades, huge swaths of the economy will be transformed by the advent of automation and autonomous machines from Teamsters (autonomous trucking) to super market baggers. The more “routine” a job is, the more likely it is to be automated, studies have found.

Still, the information security industry isn’t exempt. Despite its high-profile and the image of wizard hackers, there is much security work that is routine. And, with an official worker shortage of some 200,000 people in the U.S., investors and companies are plowing money into companies and products that allow a few precious information security workers to do more with less. Automation and machine learning play a big part in that.

At the recent Black Hat Briefings, teams made entirely of computers squared off in the Cyber Grand Challenge to play a game of capture the flag for a $2 million prize.

So will computers and artificial intelligence “kill the infosec star” (to paraphrase The Buggles)? Will those 200,000 positions be “phantom” jobs – destined to be filled by computer programs and algorithms, rather than workers who buy food, houses, cars and clothing?

‘Maybe not,’ says Dario Forte, the CEO of the firm DF Labs, a cyber security firm in Milan, Italy, that specializes in incident response and data breach detection. Forte, who is an incident response specialist, says that more reliance on machine learning and – eventually artificial intelligence might make cyber security workers better, more efficient and happier in their jobs, without obviating the need for them entirely.

Dario Forte is the Founder and CEO at DFLabs.

Finding information security professionals is difficult, Forte acknowledged. But it is not the biggest challenge that companies face. Rather, retaining those workers is. And why is that? Forte said it’s because so much security work is routine and boring.

“You find and employ an information security worker and then you give them routine and repetitive tasks. If you don’t stimulate them, sooner or later they leave.”

Platforms that leverage machine learning promise to solve that problem by allowing humans to work on problems that are stimulating (i.e. investigating a security breach), while passing the boring and tedious work (i.e. reviewing logged events or warning messages, generating reports) to computers. “It allows the CISO and managers to focus on things that are actually important and automate things that are easier and repetitive,” he said.

Rather than having computers replace humans, Forte sees a future in which computers will turn human workers into “super humans” capable of doing their jobs with much greater efficiency and skill with the help of computer-guided insights.

Listen to our full conversation below in the latest Security Ledger Podcast.


  1. This is a lot of BS. There are plenty of technical minds holding down other jobs because they got hosed by State/Federal Technical Vocational Training schools. In too many states, those jobs simply wheren’t there to be filled or the school’s curriculum was deaf, ignorant of, not current with the state’s industry needs. That’s what happens when local politicians play word games and rubber stamp in order to get matching federal dollars.

    If there were a company offering full benefits, willing to train, these people would be in at minimum wage.

    It’s much harder to outsource and automate-away jobs when you’ve invested in training your workers — that’s a commitment.

    • I really don’t understand where is the BS here. I think, instead, that’s a very balanced analysis of the current state of the art. Are you sure you have read the article carefully?

  2. Hmm…I agree that there’s a disconnect between the K-12 education system (including voctech) and the market and the larger point about the importance of training. Not sure that obviates automation and the move towards greater reliance on technology (AI, ML, robotics). There’s still a role for people in many of these professions -but a very different skill set than we’ve traditionally prepared workers to have. I see a greater role for public sector to encourage these investments – but to do so smartly, not blindly.

  3. Pingback: Will Machine Learning and AI create Infosec Super Humans? – Koen's Blog