I hope my predictions for what’s in vs. out are a far cry from the actual phenomenon I expect to occur. In my role as an Identity and Security tour guide, I have to embrace some level of pragmatism or I’d be curled up in a ball in the corner. With that in mind, I aimed to be far more practical with my crystal ball. Not my wishes for what could or should happen, but what will inevitably fall into our laps.

What’s in?

Making the most out of a shoe string. Cyber funding will continue to be tight and the need for creative (but limited) investment will persist. That means cross training your resources as open positions will not be approved or approved salaries won’t match the market leaving seats unfilled. It means limited external assistance driving the need to leverage internal skills. A tactical strategy with achievable goals and monitoring incremental progress is critical. With limited ability to make sweeping changes, tracking your biggest compliance or operational hurdles facilitates chipping away at those landmark objectives.

Catalog your risks and highlight them routinely. Unfortunately, additional funding comes when one of these risks occurs or the threat is internalized at the leadership level. Use your experience and influence to create clear communication that could be the catalyst for future investments.

What’s out?

CISOs. Limited support and funds coupled with a lopsided amount of responsibility and ownership, means CISOs continue to exit en masse.

Security Officers will attempt to deploy a vision and abandon ship when interview promises meet consistent day to day defeat. Leadership in tech is desperately needed but the high demands and whopping consequences don’t mirror the rewards and glory of the gig. Reflecting on the prestige this position held over the years, it’s allure has certainly dropped like a stone. Executives are outflanked by the opposition and overrun with the threat of security failures. They also are profoundly underfunded to acquire the very resources needed to combat them. 

Intermediate and higher education systems need to highlight the technical, business, and communication skills our industry desperately needs to prepare students for the environments they will face.

Advanced education should seek to equip professionals for a way to bridge the gap between tech and operations. This means ensuring technical problems or risks supporting business critical functions are communicated with business language.

What stays the same?

AI. Our love of AI persists, but the realization of its value is much lower than we expect. The practical application of Intelligence requires a significant evolution from the current state. The present status of process and data management makes AI’s value beyond the reach of most organizations without conscious time, effort, and investment. Many will deploy initial funding for AI, without the foundational needs to make it successful.

That means further underutilized products with lackluster performance and a reduction in future spending. We expect peak performance from advanced tools without taking the necessary steps for them to perform.

On the contrary, Cybercriminals will utilize AI extensively. The ability to leverage automated and artificial intelligence to exploit and leverage weaknesses with social engineering, human behavior, and basic curiosity will hit explosive levels. Personalized phishing campaigns will reach even higher success rates costing organizations trillions globally.

Following trendy tech tools is fun, but rarely yields the best results. As we invent new ways to automate, customers are more confused than ever on what “silver bullet” to purchase from savvy sales crews. But the failure to manage business basics will still sink a ship.