Rohit Ghai was named president of RSA Inc. in January 2017. His keynote address as part of the firm’s annual cybersecurity conference this month was his fifth, but it may well have been the first time that the words “chaos monkey” were part of his remarks.

Chaos Monkey, originally designed by Netflix Inc. over a decade ago, is an automated enterprise tool that tests the resiliency of computer systems by deliberately forcing failures. Ghai’s reference in his keynote was designed to make the point that the security industry needed to embrace new tools at the risk of getting left in the dust by its well-equipped adversaries.

“The thing that baffles me as a security guy is that cybercriminals have been automated for years,” said Mark Nunnikhoven (pictured), distinguished cloud strategist at Lacework Inc. “That’s how they scale; that’s how they make their money. Yet we still primarily defend manually. We don’t tend to win well when we’re fighting automation.”

Nunnikhoven spoke with John Furrier, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed the importance of adopting automation and other advanced tools to combat threats and the need to find and train the next generation of cybersecurity professionals. (* Disclosure below.)

Behind the times

Ghai’s point and Nunnikhoven’s concern highlight a conundrum in the security community. The threats are getting even more serious, yet cybersecurity researchers have been slow to embrace tools of the modern enterprise in their work.

It’s one reason why Nunnikhoven cringes when he hears reference to DevSecOps.

“The reason I cringe is because security should be built into everything, but the challenge we have is security teams are still stuck in in the past,” Nunnikhoven said. “We’re a little behind the times compared to the rest of the businesses who are taking advantage of cloud services, taking advantage of data being everywhere. Security professionals should recognize there are tools that can make us better at our jobs and keeping pace with the business is absolutely critical.”

One of the issues facing the cybersecurity community is a lack of trained talent to fill an explosion of open positions. Cybersecurity Ventures projects 3.5 million cybersecurity jobs will go unfilled in 2021.

“How do we train the next generation of security professionals?” Nunnikhoven asked. “We really need to adjust and look for people with automation capability, with development, better business skills and better communication skills. As we leave our little protected cave of security, we need to be better business people and better team players.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Lacework Inc. sponsored this segment of theCUBE. Neither Lacework nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE