The 2020 Crystal Ball: The 2020 Security Industry (part 3 of 4)

In previous installments in this series, we looked at 2019 trends and where the dark side is going. Now we turn our attention to the lighter side and look at the security industry itself. These fall into four broad categories much as the darker side did too:

  • The Talent Gap Worsens
  • Technology Must Support People
  • Security Vendors Must Evolve
  • IoT Will Meet Cloud Security

To start, we are producing more cyber talent than ever before, but the talent gap continues to widen. Unless we consciously seek to redress this, it will only get worse in 2020. To some degree, we have created the talent gap by making it harder and harder to become a qualified cyber professional. We have not made cyber jobs easier to do, creating the need to understand dozens of tools that don’t work together and too many different toolkits. It just takes too long for new analysts and cyber professionals to gain the requisite flight hours. We also have not done a good job of opening our recruitment to look at non-traditional backgrounds for cyber talent. Cyber professionals aren’t born, and while there are certain mindsets that we value, we can make cyber people. We can, for instance, look to increase diversity and our neurodiverse recruiting efforts. Bottom line, the job opportunities are open and will continue into 2020, and they may even get worse if there is a macro economic recession, because crime tends to go up when jobs go away. To be clear and to restate it, without changing current trends, the talent gap will continue to widen in 2020.

The time has also come for us to think about AI. That’s not artificial intelligence but rather assisted intelligence. We need to design for the carbon based units in the center and up-level their game. Our goal with silicon intelligence shouldn’t be to replace humans, but rather to augment them and to assist them in becoming more effective. The technology in defense that will shine in 2020 will be that which helps security professionals become more efficient and punch above their own weight class without suffering from mirror chess problems or dumbing the art down.

The classic, big security players aren’t likely to make tasks easier or to innovate around assisted intelligence because of their existing momentum. It’s hard for them to regear, and they will continue to either be disrupted or to flat out get acquired, merged and potentially even broken up in 2020 as they were in 2019: Symantec by Broadcom, Carbon Black by VMWare, Recorded Future by Insight, Demisto by Palo Alto, BlackBerry finishes acquisition of Cylance, and many, many more... New companies are emerging like water from a fountain, and the rate of new startups isn’t likely to slow down at all.  With major infrastructure providers getting into the explicitly cyber functions and anti-threat technologies now like they did in the last decade with the IT Security functions (e.g. CA, IBM, Sun, Oracle, Juniper, Cisco, etc. all getting into the IAM and IT hygiene submarkets), the incentive is present for startups to dream about growing and getting acquired. This will all continue in 2020, and it’s not a bad outcome; and while no one is throwing out their SIEM or their antivirus, the industry in 2020 is likely to see the brands that have dominated it for 20 years fade and a new crop of midsize companies emerge in a healthy rejuvenation of the industry.

Finally, we will see a host of innovation and new companies reach the big leagues around mobile, OT and IOT security. It’s worth paying attention to these as, when combined with cloud security, the nature of IT is drastically changing; and it’s inevitable that with new players and new technologies, security will have to change too.

Follow me on Twitter.

Sam Curry is CSO at Cybereason. He is a security visionary and thought leader and has been interviewed by dozens of journalists, has published broadly and has talked in ...