Enterprise cybersecurity professionals find themselves at an interesting moment, as capabilities in AI that once seemed like science fiction are making their way into security operations. This promises to change how cybersecurity work gets done sooner rather than later.
The dual use of AI allows both defenders and attackers to sharpen their tools. For instance, 70% of security leaders view AI as a "game-changer" in cybersecurity when it comes to improving security operations, according to a recent KPMG survey.
The Automation Imperative: From Reactive to Proactive
Of course, the driver is the operational necessity to automate as much as possible. Traditional security operations teams often find themselves perpetually stretched, as organizations must manage thousands to millions of monthly alerts. And many, if not most, cybersecurity professionals expect AI to enhance attacker capabilities, improving text-, voice-, and video-based social engineering attacks, as well as enhancing software exploits.
When it comes to changing how cybersecurity professionals do their jobs, many expect AI will change enterprise security and the nature of cybersecurity jobs over time, but not overnight. "I think it's going to be more evolutionary than revolutionary," said Dave Marcus, federal senior security technologies and principal engineer. "While it's going to help solve a lot of problems, it's also going to create many new opportunities in having to secure these systems. But AI is here and it's going only to increase because there are so many different and good use cases for properly applied LLMs and AI analysis," Marcus said.
Because AI can process vast amounts of real-time data, enabling predictive analytics that identify potential threats before they materialize, automate threat detection, enhance incident response, and even help create increasingly autonomous security environments, investments in AI are likely to continue increasing. Andrew Storms, VP of Security at Replicated, noted that the current shift to AI is reminiscent of the early years of the cloud computing transition. "The lesson from then is to learn to understand the technology, especially as to how it can be valuable to your job. Because AI isn't likely to take away your job, it's going to allow you to do higher-order functions. That's the same thing as cloud. People really should be embracing it, and spending time learning what it can be used for," Storms said.
Marcus agreed. "If you are a pen tester or an application security person, you should be thinking about how you can pen test AI. Because at the end of the day, the breaking is the breaking. And AI is going to be the next big target," he said.
Where AI May Hit Cyber Jobs the Hardest
The transition won't be the same across all cybersecurity roles. Certain positions will face more change than others, with some traditional functions becoming highly automated or even obsolete, while entirely new, specialized roles emerge.
Tier 1 SOC Analysts may face the most immediate impact. These professionals, traditionally responsible for basic alert triage and incident escalation, find their core functions increasingly automated. AI systems can now automatically analyze network traffic, user behavior, and system logs to identify potential threats, performing tasks that previously required human intervention.
Based on available information, entry-level and routine tasks are at the most significant risk of being heavily disrupted or fully automated by AI; these include entry-level SOC analysts, junior threat detectives, and related positions. Yet, higher-order incident responders, threat hunters, and advanced analysts are at low risk of being displaced. Conversely, AI-centric roles, such as AI Security Engineers, AI Threat Analysts, and AI Governance Specialists, will see job growth. It's the tasks that require deep contextual judgement, creativity, and ethics that will remain people centric.
Still, few jobs are expected to vanish, at least anytime soon. Security Engineers, while the routine aspects of security engineering—such as vulnerability scanning, report generation, and compliance checking—are being systematically automated, experts expect these positions to remain stable in demand. And incident response specialists are seeing their roles evolve rather than disappear. While AI can automate initial response actions, such as isolating affected systems and blocking malicious traffic, strategic decision-making and complex investigation work remain human domains. These professionals are becoming supervisors of AI systems, focusing on validating AI decisions and fine-tuning automated responses.
"This conversation is like the early 2000s all over again when security information and event management systems came out. SIEMs were going to replace every analyst that there ever was, and what happened? Most of those pre-SIEM analysts became SIEM operators. That's exactly what this will turn out to be," said Marcus.
