Loading...
Webinar
Hiring or Firing — The Next Step for AI-Augmented SOC Teams
Webinar
Hiring or Firing — The Next Step for AI-Augmented SOC Teams
Hiring or Firing — The Next Step for AI-Augmented SOC Teams
Hiring or Firing — The Next Step for AI-Augmented SOC Teams
Loading...
Steve shares why "human in the loop" still matters in AI powered security operations and offers his recommendation on how to prepare yourself. AI is becoming a force multiplier for human effectiveness rather than a replacement for human insights.
It is becoming a common conversation within CISO communities that CISOs now expect AI to replace core SOC functions like analysts, threat detection, and access reviews. A large share explicitly understands the focus on the metric of headcount reduction as a goal of AI adoption. At the same time, boards are pushing for aggressive, enterprise-wide AI usage, putting CISOs in the position of enabling rapid change in a poorly understood technology domain. This creates a fear that AI might be used as a blunt cost-cutting tool, undermining human expertise and creating new blind spots as the business functions in the company adopt AI to address the same pressure on staffing.
Adversaries are successfully leveraging AI Agents and agentic workflows to automate attacks, craft sophisticated phishing, and identify system weaknesses faster than humans can react. Traditional human centric defense methods simply can't keep pace with self-evolving, guardrail less AI-driven threat actors. The future of cybersecurity isn't human versus machine; it's machine versus machine, with human oversight guiding strategy and ethics behind the algorithms. This observation is not made to invoke fear that the machines are taking over, rather that we understand how AI Agents and Agentic workflows have altered the game for the defender to reestablish our defense perimeter to account for the change in strategy by the adversaries.
Many of the headlines about artificial intelligence trigger job anxiety. But look closely at how AI is being deployed in high-stakes environments like cybersecurity, and a different story emerges. AI isn't taking jobs; it's transforming them. The emergence of the AI Security Operations Center (AI SOC) shows how human expertise remains crucial, even as AI agents demonstrate much greater capabilities.
Modern security teams face thousands of alerts daily. Sifting through them to find real threats is exhausting, repetitive, and error prone. AI SOCs use machine learning, natural language processing, and deep analytics to take on the heavy lifting—correlating data, ranking risk levels, and flagging potential incidents.
But here's the key: those systems don't operate in isolation. They don't decide policy responses, investigate subtle anomalies, or negotiate real-world outcomes. Detection Engineering has emerged as a new field where Human analysts must participate as a meaningful step in the response chain. AI simply provides them with sharper tools and faster insights.
In other words, AI SOCs transition cybersecurity from a constant firefight into a focused, strategic operation. Instead of replacing the analyst, they reduce burnout, improve accuracy, and expand human capacity to handle complex investigations. Put bluntly, we are now able to operate not as a static function that tells us what happened but as a proactive defense that can understand and react to what is currently happening in our defensive perimeter. Nowhere is this clearer than in the evolution of the AI-enhanced Security Operations Center (SOC), where machine intelligence and human judgment combine to defend organizations in real time.
Cybersecurity embodies a mix of technical skills, but more importantly the application of human intuition, qualities that can't be automated. Understanding context, corporate risk appetite, and attacker psychology requires deep human judgment. AI may spot an anomaly, but analysts decide why it matters and how to act.
If you want to consider the cynical argument, cybersecurity isn't just technical; it must incorporate ethics, regulatory interpretation, and human emotions. Deciding when to escalate, disclose, or isolate systems involves tradeoffs that depend on trust, communication, and leadership. AI assists in decision making, but final accountability always resides with people.
AI is becoming a force multiplier for human effectiveness, not simply a replacement for human inefficiency. It automates what's dull and routine so people can focus on what's creative, relational, and high impact. The value of the human in the loop now shifts upward—from executing repetitive detection tasks to orchestrating and optimizing AI-driven defense strategies.
Keeping a human in the security loop now has an indispensable role with AI—guiding, verifying, and improving its output. The real threat isn't AI itself, but resisting adaptation while adversaries embrace it.
Retool your skills to be the human in the loop for AI SOC
Step 1: Learn "AI for security" as a literacy, not as a data scientist.
Step 2: Build prompt and workflow skills to orchestrate the AI SOC.
Step 3: Double down on human strengths: judgment, context, and communication.
56% of CEOs say they have seen no significant cost and revenue benefits from AI to date. PWC 2026 Global CEO Survey, January 19, 2026
Read the full ebook → Security for Winners: The Art of Using AI to Secure Your Company and Get Yourself Promoted
