VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

After a year of cyber war, geopolitical conflict and unrelenting social engineering campaigns, CISOs and security leaders have been left scrambling trying to prepare their defenses to mitigate the next generation of online (and offline threats). 

While the threat landscape remains uncertain, SANS Institute recently shared with VentureBeat. some of their top cybersecurity predictions for 2023  

Analyst’s predictions included ChatGPT simplifying vulnerability management, vulnerabilities caused by poorly maintained network monitoring tools and the worsening of the cyber skills gap

Below is an edited transcript of their responses: 


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

1. ChatGPT will reduce code vulnerabilities and improve productivity 

“ChatGPT (Generative Pretrained Transformer) from OpenAI will likely be a game-changer in the world of cybersecurity and beyond. 

Since its debut in November 2022, ChatGPT, has already demonstrated the capability to identify software vulnerabilities in code with incredible accuracy, as well as the ability to write complex code that would otherwise take significant time to be produced by humans. 

The technology will only improve and likely result in fewer vulnerabilities, as well as a tool for developers to use to write more efficient code, and to speed up productivity. Incidentally, this may require those pursuing a career in certain areas within the field of cybersecurity to be much more adept at their area of focus.” 

Steve Sims, instructor, SANS Institute

2. Network tools will open organizations to more risk

“Attackers will increasingly take advantage of network management and monitoring solutions deployed by defenders. There has been an increasing focus on finding and exploiting vulnerabilities in products like anti malware and host monitoring solutions (for example, sysmon). 

M&A activity has often resulted in products that are no longer adequately maintained, and customers implement them without considering that these solutions will also be great tools for attackers to compromise a network after gaining initial access.” 

Johannes Ullrich, dean of research, SANS Technology Institute

3. The Cybersecurity skills gap will widen 

“The skill gap may be shifting from a quantity issue to more of a quality issue. Recent layoffs in large tech companies will result in more applications for information security roles than we had in the past. Many of them will have some relevant qualifications based on their prior careers. 

But many of these qualifications may not be applicable to information security or overstated. Identifying qualified candidates will be more difficult using the traditional domain expertise deficient HR departments and recruiters. 

Investing in internal training programs to elevate the skills of individuals with appropriate aptitude will be even more important.”

Johannes Ullrich, dean of research, SANS Technology Institute

4. Workforce security education will become key to reduce risk 

“Managing risk is no longer just a technological challenge, it is also a people challenge. Security leaders will start integrating human risk management into their overall security strategy. 

As such, we expect to see leaders elevating their security awareness teams to be far more integrated and playing a more strategic role within cybersecurity, focusing not on compliance but truly enabling and securing their workforce.”

— Lance Spitzner, senior instructor, SANS Institute,

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.