ChatGPT Data Leakage ChatGPT Data Leakage-mask

AI, Burnout & Validation. The SecOps A-B-Vs from Gartner Security & Risk Management Summit.

Major industry conferences often capture industry trends, and the Gartner Security & Risk Management Summit is no different. For a security leader focused on security operations, this year’s event can best be summarized by the A-B-Vs that were prevalent throughout the keynotes and track sessions related to SecOps. 

A is for Artificial Intelligence – what else would it be? B is for Burnout – like the stress we all feel. V is for Validate – as in exposure validation. 

Artificial Intelligence: The Threats, Opportunities & Hype of GenAI 

No technology conference in 2024 can ignore artificial intelligence, and Gartner made it center stage. The opening keynote highlighted the key threats of generative AI (GenAI) applications such as prompt injection, toxic output and hallucination. While almost every session had a reference to AI and the opportunity it presents, sessions that focused on security operations provided some tangible guidance to achieve near-term results with a dose of reality to get beyond the hype. 

In the session “Generative AI and the SOC: The Good, the Bad and the Ugly,” Gartner’s Pete Shoard highlighted offensive exercises as a potential use case for GenAI. The core idea is to use artificial intelligence to overcome individual biases and propose new scenarios that originate from a baseline of discovery. Detection engineering was another potential use case with the opportunity for code assistants to accelerate the development, tuning and testing of threat detection. 

Burnout: The Stress is Real – and Shared Commonly Across the Industry 

Building on this theme from the RSA Conference a month earlier, this Gartner event elevated the personal nature of cybersecurity to new levels and what it means to be a security leader. Citing their research that 62% of security leaders experienced burnout in the last year, the opening keynote highlighted the personal burden when organizations adopt “zero tolerance for failure” and the hero syndrome. 

In the session “The Key Drivers of CISO Effectiveness in 2024,” Gartner’s Chiara Giradi explained the “stress navigator” skills and practices of creating (and enforcing) the boundaries of work and personal life. Applied to SecOps, Gartner’s Eric Ahlm encouraged security leaders to engage in “concession engineering” to negotiate tradeoffs and accept you cannot do it all.  

Validation: Prove that the Threat is Real to Me with Exposure Validation 

As Gartner continues to promote the concept of continuous threat exposure management (CTEM) as a key trend for 2024, the role of validation was highlighted in the sessions dedicated to security operations. Of course, exposure validation is one of the five phases or steps in CTEM and provides one of the key differences between traditional vulnerability management and exposure management. In the session “Outlook for Security Operations,” Gartner’s Steve Santos explained that exposure validation provides the clear proof that 1.) Threat really applies to your organization, and 2.) “Are my controls worth the investment?” 

Santos went on to highlight how security operations should apply validation to: 

  1. “Validate security controls through attack simulation.”  
  2. “Evaluate threat detection capability” 
  3. “Stress test incident response”  

Enter the role of breach and attack simulation (BAS) and automated security control validation with live offensive testing that applies the attacker’s techniques and procedures to assess prevention, detection and log collection. Most BAS users see the value of offensive testing that validates prevention and guides the control tuning. Santos encouraged security operations teams to take it a step further with live attack scenarios that are used in detection engineering and prove that SecOps teams have the visibility to the right data to investigate and respond. 

For stress testing the SOC, managed services and incident response, BAS provides the live attack simulations that allow teams to go beyond basic tabletop exercises and work with real data from life-like attacks.  

Conclusion: The Cymulate ABVs 

Since 2017, Cymulate has focused on the needs and pains of security operations – and these Gartner A-B-Vs speak directly to our strategy and commitment to make offensive security testing simple and easy with tangible results that improve your security resilience. 

For artificial intelligence and GenAI, you can expect innovation and new features from Cymulate in the very near future as we hold ourselves to a higher standard of applying the technology when there’s tangible proof that GenAI enables you to do a job better, faster or more efficiently. Please stay tuned. 

Of course, there’s no magic bullet for burnout, but there can be relief in worrying about one less thing and breaking out of monotonous routines. One CISO at the conference approached the Cymulate booth asking if we could help him sleep better. Just like the old cliché of what keeps you up at night, the CISO said he could sleep better if he could answer the question: “Are we protected from today’s latest threats?” That’s just one Cymulate value from Cymulate BAS Immediate Threats module. Other security leaders have told us that they fight burnout in their SOC by scheduling their SOC analysts to think and act like attackers by running Cymulate attack simulations, validating suspected weaknesses, tuning controls and designing new detections. 

Closing out on security and exposure validation, this, of course, is the heart and DNA of Cymulate. With more than 500 customers, Cymulate automates the advanced offensive testing that validates controls and weaknesses with actionable guidance to harden defenses and strengthen cyber resilience. 

To learn more about security validation, check out the webinar CISO Roundtable: Automated Security Validation & Metrics of Cyber Resilience