Security leaders have long looked to automation as the answer to many security problems, such as cutting down repetitive and time-consuming tasks and speeding up response times. However, automation is not so easy to implement because modern environments are complex and often required solutions that are tailored to the organization's unique ecosystem, business needs, and appetite for risk.
The key is to build a proper data foundation and contrinue to focus on risk management basics. You can't automate away the risk management fundamentals, such as controls mapping and security gap analysis.
Consider automation as one of the three types: as an extension of existing security processes (where manual processes can be replaced by automation scripts written in Python, PowerShell, Bash, etc); tasks built into the security process (security controls such as performing checks as part of the CI/CD software delivery pipeline); and using security orchestration, automation, and response (SOAR) tools to bring together tasks across various processe and environments (like using chatbots to respond to security questions from users).
Security domains that are ripe for automation are compliance (GRC in general), security operations and incident response, and identity and access management. Other areas that security teams can explore are vulnerability management, DevSecOps, and cloud security management.
