{"id":14671,"date":"2025-08-25T07:04:02","date_gmt":"2025-08-25T07:04:02","guid":{"rendered":"https:\/\/newestek.com\/?p=14671"},"modified":"2025-08-25T07:04:02","modified_gmt":"2025-08-25T07:04:02","slug":"how-ai-is-reshaping-cybersecurity-operations","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14671","title":{"rendered":"How AI is reshaping cybersecurity operations"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Generative AI has become a pervasive tool in the enterprise.<\/p>\n

According to a recent Boston Consulting Group survey<\/a>, 50% of organizations are using the technology to redesign workflows, and 77% of respondents believe AI agents will be vital to their enterprise functions in the next three to five years.<\/p>\n

No strangers to the power of artificial intelligence, CISOs and their security teams are as impacted by AI\u2019s advancement as any other function in the enterprise.<\/p>\n

While machine learning has been a key component in cyber operations for years, recent AI advancements \u2014 in gen AI in particular \u2014 see the technology spreading deeper into cyber operations. These tools, some of which are homegrown and others provided by vendors, aid in forensics, incident response, log analysis, orchestration, vulnerability management, and report writing.<\/p>\n

This increasing use of AI for security process is transforming CyberOps, boosting the effectiveness and productivity of security professionals, and changing how cybersecurity work gets done.<\/p>\n

\u201cIt\u2019s not the what of CyberOps that AI is changing, but the how. It\u2019s changing the speed at which we can do certain operations, and it\u2019s letting us use humans to concentrate on the higher-end tasks,\u201d says Matt Gorham<\/a>, leader of the Cyber & Risk Innovation Institute at PwC.<\/a><\/p>\n

Augmenting skills, automating tasks<\/h2>\n

Because AI can perform tasks at speeds that supersede human capacity, it exponentially scales the amount of work that a cybersecurity function can do, says Rob T. Lee<\/a>, chief of research for AI and emerging threats and head of faculty at SANS Institute.<\/p>\n

Moreover, AI excels at doing repetitive tasks near perfectly every time, so it delivers a consistency unmatched by human employees, experts say.<\/p>\n

\u201cIf someone isn\u2019t on their A game for whatever reason, the results can vary. But AI has a deterministic approach for doing the same thing over and over again, so the consistency in output is remarkably better and more predictable than what you get from humans,\u201d says Dan Mellen<\/a>, US and global cyber chief technology officer for EY.<\/p>\n

But AI can not only boost the speed and scale of the security team, it can improve skill levels as well, contends Jeffrey Brown<\/a>, faculty at IANS Research, cybersecurity advisor for financial services at Microsoft, and former CISO of the State of Connecticut.<\/p>\n

\u201cIt\u2019s a force multiplier for the defense, and it\u2019s a force multiplier in two ways. It uplifts the knowledge of junior staffers quite a bit and helps them come up to speed faster, and it helps more senior worker be more effective; it helps redefine productivity at the higher end,\u201d he says.<\/p>\n

Take the use of AI in a security operations center (SOC)<\/a>, where AI can handle a significant amount of \u2014 and some cases all \u2014 level 1 support tasks, such as ticket triage and routing, freeing up SOC personnel to handle more level 2 or level 3 issues. Generative AI can also provide human SOC workers automated case studies and guidance on higher-level tasks, improving their efficiency and productivity.<\/p>\n

Despite fears of job loss to AI, Brown to date has observed that CISOs are using AI not to replace workers<\/a> but to enhance their efforts. \u201cThe most effective use of AI is when there is still a human in the loop,\u201d he says.<\/p>\n

As such, AI is expanding the work CISO\u2019s teams can do and empowering more team members to do it. For example, the use of AI for threat modeling has helped organizations with smaller, less specialized teams to proactively identify, analyze, and mitigate potential security threats \u2014 work they could not perform prior to adopting AI.<\/p>\n

\u201cIn general what we\u2019re seeing is that SecOps teams are doing more with what they have and the skill level is moving up; we\u2019re seeing an effective shift up in the work,\u201d says Wolfgang Goerlich<\/a>, IANS Research faculty and a public sector CISO.<\/p>\n

Smaller teams, new skills paradigm<\/h2>\n

All this has an impact on staffing strategies.<\/p>\n

To start, security leaders say traditional entry-level security positions will soon go away and those new to the profession will have to be ready to start higher up the ladder<\/a>.<\/p>\n

That\u2019s particularly true as agentic AI matures, becomes part of more security departments<\/a>, and handles more of the security, Brown says.<\/p>\n

\u201cWe need to consider how many experts and which kinds of experts we need,\u201d he adds.<\/p>\n

For example, when Brown was CISO for the State of Connecticut, he had one security team member focused on phishing. He now questions whether a security department would need such a specialized staffer if agentic AI can automatically handle much or all of the workflow that responds to a phishing attempt or attack.<\/p>\n

With AI, Brown sees cyber teams getting smaller \u2014 and having fewer experts. Rather, \u201cthey\u2019ll be managers of agents who will help get their jobs done,\u201d he says.<\/p>\n

Considering the longstanding gap<\/a> between open security positions and qualified professionals to fill those jobs, Brown doesn\u2019t see that as a negative.<\/p>\n

But he acknowledges that use of AI in CyberOps will require security professionals to acquire new skills \u2014 and CISOs to hire for them, noting that skills around AI governance, prompt engineering, and data science will become must-have skills for security professionals at all levels.<\/p>\n

\u201cThat\u2019s going to be a very big paradigm shift,\u201d he says. \u201cWe will need people who are skilled in working with agents, who know enough to say, \u2018Yeah, that\u2019s the right answer [from the agent],\u2019 and who can recognize when it\u2019s not.<\/p>\n

\u201cThe future of security operations will be tapping into agents, but that human intuition is irreplaceable,\u201d he says. \u201cIt will be more a human-AI symbiosis, creating a partnership, and making sure we\u2019re using AI to be more productive but always with a human in the loop.\u201d<\/p>\n

The need for governance, agility, and speed<\/h2>\n

Accelerating AI use across the enterprise is also reshaping security operations given cybersecurity\u2019s need to keep pace with securing AI and the data it uses<\/a> everywhere it\u2019s being used.<\/p>\n

Security teams are already struggling with that.<\/p>\n

According to the State of Cybersecurity Resilience 2025<\/a> report from Accenture, \u201ca concerning 77% of organizations lag in adopting essential Data & AI security practices. Only 22% have implemented clear policies and training for generative AI use, and a handful maintain a comprehensive inventory of AI systems, crucial for managing supply chain risks. Additionally, data protection remains inadequate \u2014 only 25% of organizations fully leverage encryption methods and access controls to safeguard sensitive information in transit, at rest and during processing.\u201d<\/p>\n

Moreover, the report found that \u201csecurity gaps extend into cloud infrastructure as well. Despite AI\u2019s reliance on cloud-based processing, 83% of organizations have not established a secure cloud foundation with integrated monitoring, detection and response capabilities.\u201d<\/p>\n

Similarly, Gartner writes in its July 2025 A CISO\u2019s Guide to AI Cyber Stewardship<\/a> report that \u201cCISOs are falling behind on securing AI across the enterprise.\u201d<\/p>\n

The report advises CISOs to \u201cadopt and lead an AI cyber stewardship approach based on literacy, life cycle governance, interdisciplinary bridges, human oversight, baseline controls and AI TRiSM [trust, risk, security management] to manage AI-related cyber risk.\u201d<\/p>\n

Security leaders say CyberOps needs to step up its AI governance function<\/a> and its ability to onboard, identify and authorize AI agents deployed by their own organization as well as those from outside organizations that seek access to their systems<\/a>.<\/p>\n

\u201cThere needs to be some checks and balances to make sure they\u2019re not going outside the bounds of what they\u2019re authorized to do, the same way we think about authorization for humans,\u201d Mellen says.<\/p>\n

Security also needs to move faster than they have been in securing AI used in the enterprise.<\/p>\n

\u201cThe speed of business change will speed up, and the CISO will have to keep up with that,\u201d Gorham says. \u201cThe skills needed to do that will shift; cybersecurity teams will need a confluence of AI skills like prompt engineering and data science skills along with traditional cybersecurity skills.\u201d<\/p>\n

Remaking cyber teams<\/h2>\n

Avivah Litan<\/a>, distinguished VP analyst with research firm Gartner, believes AI will create at least as many jobs as it displaces and, like others, believes \u201cit will elevate people to do more things better.\u201d<\/p>\n

Those new CyberOps roles will be needed, she notes, as hackers use AI to launch more and more sophisticated attacks.<\/p>\n

\u201cAI will allow organizations to fight that more effectively,\u201d she adds.<\/p>\n

Still, all this does require CISOs to rethink their operations teams to ensure they use both AI and humans to maximum advantage.<\/p>\n

\u201cThey need to ask, \u2018Where does it make sense to have a human and what do I offload to AI? And what is the cognizant cost of that because I no longer have that muscle on my team?\u2019\u201d CISO Goerlich says. \u201cWe\u2019ve been short-staffed in security for a long time, so there\u2019s a great story to be had there. But on the other hand, you don\u2019t want to end up with a SOC team just clicking buttons.\u201d<\/p>\n

Goerlich says CISOs need to update their talent strategies, creating a roadmap for developing existing staffers as well as hiring new workers to fill the positions of the future, where they\u2019ll be working side by side with AI and AI agents. But they\u2019ll need to do so without losing the human intelligence needed within security operations.<\/p>\n

That\u2019s especially key because, as CISOs know, the bad actors are harnessing AI, too, and they\u2019re doing so at greater pace because they\u2019re not bound by the ethics and regulations governing enterprise use of the technology.<\/p>\n

The fact that adversaries are using AI<\/a> to generate malware that can change on the fly, diminishing the effectiveness of traditional pattern-matching tools and other conventional cybersecurity capabilities, means the stakes for CISOs to harness AI effectively on the defensive side are only getting higher.<\/p>\n

As Goerlich observes, \u201cThe future of security operations is going to be AI versus AI. It\u2019s going to be machine on machine, with people in the cockpit making sure the right things are happening \u2014 or on the adversity side, making sure their attacks will be carried out. That\u2019s really going to make us rethinking how we\u2019re doing our security operations.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Generative AI has become a pervasive tool in the enterprise. According to a recent Boston Consulting Group survey, 50% of organizations are using the technology to redesign workflows, and 77% of respondents believe AI agents will be vital to their enterprise functions in the next three to five years. No strangers to the power of artificial intelligence, CISOs and their security teams are as impacted… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14671","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14671"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14671\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}