How AI Can Help Fill the Cybersecurity Skills Gap - Seceon
                     How AI Can Help Fill the 
Cybersecurity  Skills Gap
As we approach the end of 2022, the Common vulnerabilities and 
exposure  metrics for this year continue to show an upward trend and this 
is a surprise to no  one.
Just to level-set everyone, Common Vulnerabilities and Exposures, is often 
 abbreviated as CVE and is a list of publicly disclosed computer security 
flaws.  When someone refers to a CVE, they mean a security fl aw that’s 
been assigned a  CVE ID number.
1/10
At the End of September, 2022 a new zero day which enables attackers 
to  discretely gain full access to an email system, is actively being 
exploited on  Microsoft Exchange Server, a very popular email platform 
used by millions of  businesses across the globe. Thankfully in early 
September researchers reported  the vulnerability to Microsoft privately, 
so a fix is in the  works.  The  U.S.  Department of Homeland security as  
usual has  compiled  excellent information  and mitigations for users and 
administrators.
In July, 2022 the National Institute of Standards and Technology (NIST) 
posted  the following facts about today’s Cybersecurity Workforce 
Demand:
Globally, the shortage of Cybersecurity professionals is estimated to 
be 2.72  Million
35% of hiring managers believe it takes 3-5 years for a 
cybersecurity  professional to become proficient
In the U.S. the total employed cybersecurity workforce is 1.1 Million 
and there  are 714,548 total job openings
78% of decision makers indicate it’s hard to find certified people, 
which is why  91% of organizations are willing to pay for the training 
and certification of their  employees
Top tasks identified for entry-level candidates include: Alert and 
Event  Monitoring, Documenting Processes and Procedures, Incident 
Response, Using  Scripting languages and Reporting (Developing and 
Producing Reports)
For the full fact sheet, click here.
The data suggests there’s an upward trend in exposure  to  
vulnerabilities  combined with staff shortages. Subsequently there’s an 
increased workload on  current Cybersecurity technology and 
Cybersecurity professionals responsible for  detecting new threats and 
defending their organizations.
Savvy, Cybersecurity leaders should be reacting to the current industry 
conditions  by turning to Artificial Intelligence platforms with the goal to 
augment existing  cybersecurity staff. But, will implementing AI Based 
technology, really, lead to  greater capabilities of existing staff? Let’s find 
out. Check out this set of  “Interactions?” between V.P. Technology 2/10
Solutions, Randy Blasik and OpenAI
using the free to use, playground tool.
Artifi cial intelligence –  The theory and development of  computer 
systems  able  to perform tasks that normally require human intelligence, 
such as visual  perception, speech recognition, decision-making, and 
translation between  languages.
Using AI to reduce the time it takes a Cyber Security professional to 
become  proficient. Use AI to interpret scripts and Security 
Telemetry:
import hashlib 
print(“**************PASSWORD  CRACKER 
******************”) pass_found = 0  
input_hash = input(“Enter the hashed 
password:”)  pass_doc = input(“\nEnter 
passwords filename  including path(root / 
home/):”) try: pass_file =  open(pass_doc, ‘r’) 
Explain what except: print(“Error:”)  print(pass_doc, “is not 
this  script found.\nPlease give the path  of file correctly.”) 
does? quit() for word in pass_file:  enc_word = 
word.encode(‘utf-8’) hash_word =  
hashlib.md5(enc_word.strip()) digest =  
hash_word.hexdigest() if digest == 
input_hash:  print(“Password found.\nThe 
password is:”, word)  pass_found = 1 break if 
not pass_found:  print(“Password is not found 
in the”, pass_doc, “file”)  print(‘\n’) 
print(“***************** Thank you
**********************”)  #Explanation of 
what the  code does ”’
1. The user enters the password to be cracked.
2.The user enters the name of the text file 
containing the  passwords to be used to crack the 
user’s password.
3.Then the code will search for the password in 
OpenAi’s the text  file.
4. If found, it wil l print the 
response:
password.
5. If not found, it will  print a message saying 
it is not  found in the text file. ”’
3/10
Explain what this 
alert  means:
The code is a series of key-value pairs that 
describe an  event. The event is a suspicious TCP 
SYN fl ow that was  initiated by the host with IP 
 xxx.60.129.xxx to the host  with IP 
xxx.131.96.xxx. The event is classified as a DDoS  
attack, and the source and destination networks 
4/10
are
listed as “Uncategorized” and “Public”, 
respectively.  Additional information about the 
OpenAi’s event is also provided,  including the duration, 
response: number of packets, and number of  bytes involved 
in the attack.
AI acting as a guide to Cybersecurity 
analysts.
“Can you start an incident response to an angry 
customer  who’s business is down after a 
ransomware attack?”
Help me with a process
Yes, an incident response can be initiated to an angry 
customer  whose business is down after a ransomware 
attack. The  response may include  working with the  
customer to  understand the issue, identifying  the  root 
cause  of the  problem, and taking steps to resolve the 
OpenAi’s 
issue.
response:
5/10
“How do I identify the root cause of the 
problem?
Help me with a process
The root cause of the problem can be 
identified by  conducting an investigation and 
OpenAi’s response:
reviewing evidence  to determine what 
caused the problem. This may  include 
reviewing system logs, reviewing network  
traffic, and interviewing customers and 
employees.
Using AI to simplify Threat 
Intelligence:
Summarize this for a high school-grade student:  
Microsoft is investigating two reported zero-day  
vulnerabilities affecting Microsoft Exchange 
Server  2013, Exchange Server 2016, and 
Exchange Server  2019. The first one, identified 
as CVE-2022-41040, is  a Server-Side  Request 
Help me with Forgery (SSRF) vulnerability,  and the second one, 
this  report identified as CVE-2022-41082,  allows Remote 
Code Execution (RCE) when PowerShell  is 
accessible to the attacker.
 How can I help you?
6/10
Two different hackers have found ways to 
break into  Microsoft Exchange Server 2013, 
2016, and 2019.
One way lets the hacker run any code they 
want on  the server. The other way lets the 
hacker pretend to  be someone else to access 
information they shouldn’t  be able to see. 
Microsoft is trying to fix these  problems.
OpenAi’s response:
Having some fun wi th  
AI:
if 78% of decision makers indicate it’s hard to find 
certified  cybersecurity analysts, which is why 91% 
I need help deciding of organizations  are willing to pay for the training 
and certification of their  employees should I still 
consider using artificial  intelligence to augment my 
existing staff?
Yes, you should still consider using artificial 
intelligence  to augment your existing staff, even 
if it is difficult to  find certified cybersecurity 
analysts. Artificial  intelligence can help to 
automate some of the tasks  that certified 
uanpa tlhyestirs  twimoeu ltdo  nfocrmusa lolyn pmeorrfeo rcmo,m frpelexin tgasks.  
Additionally, artificial intelligence can help to 
OpenAi’s improve  the accuracy of some tasks, such as 
response: identifying  potential threats.
 How can I help you?
7/10
Conclusion:
Do you think Implementing AI Based technology will lead to greater 
capabilities  within your organization? Perhaps consider this. The really 
bad cybercriminals out  there are leveraging AI to ingeniously penetrate 
your organization’s defenses and  steal, encrypt, modify or render your 
data unavailable.   Shouldn’t you be on at  least equal footing with 
them?
By deploying technology with an effective and encompassing AI engine 
any  enterprise will enable your existing team and new hires to get to 
the root of any  attack more quickly, effectively, and accurately to prevent 
costly data or monetary  losses.
Contact Us
Address - 238 Littleton Road Suite #206 Westford, 
MA 01886
Phone no - +1 (978)-923-0040 
Email Id - [email protected],[email protected]
Website - https://www.seceon.com/
8/10