Robot Automation

Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec

In this Spotlight Podcast, we speak with David Brumley, the Chief Executive Officer at the security firm ForAllSecure* and a professor of Computer Science at Carnegie Mellon University. Brumley is a noted expert on the use of machine learning and automation to cyber security problems. In this podcast, we talk about the growing demand for security automation tools and how the chronic cyber security talent shortage in North America and elsewhere is driving investment in automation.

Every so often, a technology comes along that seems to perfectly capture the zeitgeist: representing all that is both promising and troubling about the future.

In the 1960s, you think of plastic, which was a pillar of a massively expanding consumer culture in the United States that put “convenience” above all else. That’s the joke behind the now-famous “advice” given to Dustin Hoffman’s Benjamin Braddock in the 1967 movie “The Graduate” by the older Mr. McGuire: “I’ve got just one word for you Benjamin…’plastics.'”

McGuire was on to something: the use of plastic did indeed mushroom in the decades that followed. Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. That’s undoubtedly been a benefit to billions of people on the planet. It has also made some smaller number of those people fantastically rich. But there is a downside to plastics and the throw-away culture they engendered, as we now know. Plastic trash now clogs our rivers and streams and micro plastics seep into our water and food and, borne on the winds, make their way to the earth’s most remote places.

That same L.A. pool party in 2019 might have young Benjamin being advised to look into “AI” – artificial intelligence. Like plastics in the 1960s, AI and machine learning are already big and getting bigger. Machine learning algorithms are already being used in transportation to ease road congestion, in healthcare to spot medical errors and improve patient care and in retail to improve the customer shopping experience. The technology is poised to change just about everything else …at least eventually. By 2030 AI could deliver additional global economic output of $13 trillion per year to the global economy according to McKinsey Global Institute research. 

One industry where there is plenty of speculation about the potential applications and benefits of machine learning and artificial intelligence is information security, where high demand and an acute shortage of talent have executives, entrepreneurs and industry analysts argue that the adoption of machine learning and AI is unavoidable, especially if companies hope to stay on top of multiplying and fast-evolving cyber threats without breaking the bank. 

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans?

For our latest Security Ledger Spotlight podcast, we sat down with someone who is uniquely positioned to answer those questions.

David Brumley is the CEO of ForAllSecure.

David Brumley is the Chief Executive Officer at the security firm ForAllSecure and a professor of Computer Science at Carnegie Mellon University. He’s on the cutting edge of and a team of students from CMU were victorious in DARPA’s Cyber Grand Challenge with Mayhem, an assisted-intelligence application security testing solution.

In this interview, David and I talk about the potential and pitfalls of using machine learning and artificial intelligence in cyber security. We also talk about what’s driving the adoption of AI and machine learning technologies in the information security field. Namely: a chronic cyber security talent shortage globally and especially in North America, the EU and other advanced economies.

As both an entrepreneur and a teacher, Brumley has a unique perspective on the problem. He sees the future of AI and machine learning as intimately bound up with the difficulty of fielding cyber security talent.

“Computer security is not a known field to the high school student…even though its highly paid, tons of jobs, great career paths. We need to fix that problem,” Brumley told me. Capture the flag contests and cyber challenges like the one that launched his company are a great way to get young people interested in cyber security as a career. However, filling the talent pipeline is a long term solution, and one we’re not even moving toward very quickly.

In the meantime, the answer is automation, powered by machine learning technology, which Brumley says companies like Google, Facebook and others are leveraging heavily to improve the security of their platforms.

“When it comes to what can you do today? It’s about taking those automated processes and saying ‘how can we incorporate those?'” The hard part for companies is being open to the change that adopting machine learning technology entails. “You can’t say ‘I don’t want to change anything, but I want security at the scale of Google. You’re never going to win that game,” Brumley told me.


(*) Disclosure: This podcast was sponsored by ForAllSecure for more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to to get notified whenever a new podcast is posted. 


  1. Pingback: Episode 162: Have We missed Electric Grid Cyber Attacks for Years? Also: Breaking Bad Security Habits | Raymond Tec

  2. Pingback: Security Ledger Podcast: Security Automation is (and Isn’t) the future of InfoSec – Stanley

We want to hear your thoughts! Leave a reply.

This site uses Akismet to reduce spam. Learn how your comment data is processed.