The role of AI in cybersecurity operations
Security operation centers (SOCs) need to be better equipped to manage the sheer scale of data to monitor and the increasing sophistication of threats. SOC analysts face a daunting task: sifting through thousands of alerts every day – most of which are false positives – while swiftly identifying and mitigating genuine threats.
Many organizations have turned to AI to alleviate their SOC analysts’ load, but some cybersecurity workers fear that there may come a time when AI will steal their jobs.
AI’s strengths and limitations
AI excels in data analysis, rapidly processing large data sets to detect patterns indicative of malicious behavior. When trained specifically on cybersecurity data, it can streamline cybersecurity operations by automating routine tasks like triaging alerts, analyzing logs, and conducting vulnerability scans, saving valuable time and resources for human analysts.
Despite those impressive strengths, AI also possesses limitations. The biggest is the need for human oversight to ensure the accuracy and relevance of AI-generated insights. While AI can handle many basic findings, it currently struggles to make complex contextual decisions, relying on human judgment to vet its output and interpret nuanced threat landscapes effectively.
AI also cannot replicate human-like strategic thinking necessary for complex process-oriented decision-making and coordinating with human stakeholders. For example, while it may be able to make generic recommendations on where to deploy network sensors, it cannot coordinate with the network team to choose the most effective location for your organization or convince the network team of the ROI of this project.
The promise of AI augmentation in cybersecurity
During my conversations with SOC leaders across various enterprise organizations, I asked them how they would spend their budget and headcount if it were tripled. Without exception, they all talked about how they could make good use of the resources on high-impact projects. These projects ranged from improving overall visibility to re-architecting applications and systems to preemptively address security risks.
This is where AI can help by freeing up your resources from routine tasks to focus on high-value strategic work.
Furthermore, 99.9% of organizations in the US employ fewer than 2000 people. However, very few of these organizations can afford the luxury of a comprehensive security program, such as a 24/7 SOC covering security alerts and events from all their systems.
AI can empower organizations to enhance their defenses while achieving more with existing resources. For example, AI-powered solutions can automate routine activities like alert triaging, log analysis, and vulnerability scanning, enabling human analysts to allocate their time and expertise toward more critical endeavors such as threat hunting, incident response planning, and security architecture design.
AI SOC analysts act as tireless assistants who handle the heavy lifting, allowing human analysts to apply their expertise where it matters most. Thus, a synergistic work environment that leverages the best of AI and human capabilities is created.
Evolving cybersecurity roles
As organizations embrace AI and become more efficient, there is fear that many existing analysts will become redundant. This overlooks the core problem: SOCs are already overloaded, attempting to keep up with existing alerts and effectively triaging them in a timely manner.
Efficiency gains will help organizations keep pace, not eliminate roles. AI automation addresses tier-1 alerts, but humans still need to handle the more complex alerts, which AI gives them the resources to do. Jobs will not disappear, but job roles may change.
The world has seen similar changes before.
When Microsoft introduced Excel in 1987, the number of Americans working as bookkeepers and accounting clerks went down from ~2 million in 1987 to just above 1.5 million by 2000. But at the same time, two new types of roles came into existence:
Excel specialist: As Excel became more widely adopted, a new class of Excel specialists emerged who possessed advanced skills in data analysis and visualization. These skills allowed organizations to make strategic decisions.
Accounting and financial analysts: Excel’s commoditization of bookkeeping led to the demand for and spread of financial modeling and analysis, ultimately creating more intellectually engaging finance jobs. In fact, the number of Americans employed as accountants/auditors and financial analysts/managers significantly increased, from ~0.6 million in 1987 to ~1.5 million in 2000.
Just as Excel revolutionized financial analysis and created specialized roles in data analysis and visualization, AI will reshape the cybersecurity landscape and give rise to roles that leverage AI as a tool, becoming more efficient in the process.
These roles may include Security Automation Specialists, who will play a critical role in ensuring the effective utilization of AI tools by providing expertise in fine-tuning algorithms and optimizing workflows to meet specific security objectives.
AI Security Engineers will be tasked with developing and deploying AI-powered security solutions, leveraging their proficiency in AI technologies and cybersecurity principles to create robust and adaptive defense mechanisms.
Meanwhile, AI Security Researchers will drive innovation in the field by exploring new AI-based approaches to counter evolving cyber threats, conducting in-depth analysis, and developing cutting-edge solutions that stay ahead of adversaries’ tactics.
As organizations embrace AI in their cybersecurity programs, the demand for professionals with expertise in these specialized roles will grow, adding more jobs rather than eliminating them. Even those with tier-3 security roles outside of AI, such as penetration testing and security architects, will see more demand as organizational security improves from AI utilization.
Humanity is here for the long haul
Human expertise and judgment are irreplaceable assets in cybersecurity, ensuring that humanity remains integral to the SOC for the foreseeable future.
As technologies like AI SOC analysts advance, they do not eclipse the need for human oversight; instead, they create opportunities for cybersecurity professionals to engage in more meaningful, analytical, and creative problem-solving tasks. By automating mundane and repetitive tasks, AI empowers humans to leverage their unique abilities in judgment, intuition, and ethical considerations—crucial skills in navigating complex and ambiguous threat landscapes.
This symbiotic relationship ensures that as we leverage the power of AI, the value of human insight only grows, securing its place at the core of cybersecurity strategies.