Sat Sep 28 22:07:51 UTC 2024: ## The Future of InfoSec: Automation and the Rise of SOPs
Daniel Miessler, a leading security expert, predicts that the future of InfoSec will be heavily reliant on automation and standardized operating procedures (SOPs). He believes that business management in general is evolving into a combination of four key elements:
**1. Policy:** Defining goals and entity identities.
**2. State:** Tracking assets and configurations.
**3. SOPs:** Approved execution pipelines for all actions.
**4. Action:** Humans and AI working together to implement SOPs and maintain the desired state.
Miessler envisions a future where leaders set the policy, AI gathers and monitors the state of systems, and all actions are performed according to strict SOPs. This approach, he argues, would lead to a more secure and efficient environment where security becomes an inherent part of the development process, rather than a separate afterthought.
He highlights that the role of humans in this future will shift towards the creation of ideas, business strategies, and the definition of SOPs. AI will handle the execution and implementation, becoming increasingly proficient at building, testing, and validating software according to predefined standards.
This vision, while seemingly futuristic, has implications for those currently working in the field of security. Miessler challenges security professionals to consider their future roles in this automated ecosystem:
* **Building Automation:** Develop the tools and processes for automated secure software development.
* **Testing Automation:** Create automated systems to rigorously test software against defined SOPs.
* **Remediation Automation:** Develop tools to automatically address vulnerabilities identified during testing.
* **Human Precursor to Automation:** Contribute to the development of SOPs and the implementation of human-led security measures before full automation is achieved.
* **SOP Definition:** Define and refine the comprehensive SOPs that will guide the automated systems.
* **Idea Creation & Product Design:** Focus on generating innovative ideas and building products that leverage the power of automation.
By recognizing the changing landscape of security and adapting their skills accordingly, security professionals can position themselves to thrive in the future of automated security management.
First Piper 