The Future of Security Operations Centers: Embracing AI While Retaining Human Expertise
In the rapidly evolving landscape of cybersecurity, the emergence of fully autonomous security operations centers (SOCs) has sparked considerable discussion and anxiety regarding the future roles within these environments. As organizations increasingly integrate advanced artificial intelligence (AI) technologies, there are concerns that these advancements might lead to a workforce dominated by empty desks. However, key players in the cybersecurity arena, especially those exhibiting at Infosecurity Europe 2026, share a unified perspective that contradicts these fears: AI is here to transform roles, not replace them.
Leading industry professionals, such as Brett Candon, Vice President of International at Dropzone AI, emphasize that AI is reshaping the traditional, multi-tiered SOC model by introducing a more streamlined operation. This new structure is bolstered by what Candon refers to as “tier-1.5” analysts—hybrid professionals who effectively straddle the line between entry-level and advanced positions. This shift means that rather than merely performing repetitive tasks like ticket-taking or data entry, junior cybersecurity professionals will move towards more strategic, impactful roles.
Transparency is Key: The “Glass Box” Concept
At the core of this transformation lies the notion of transparency. According to Candon, for AI to function effectively within SOCs, it must be embraced as a “glass box” rather than a black box, which is often shrouded in mystery. This perspective emphasizes that while AI can significantly expedite labor-intensive processes, it is crucial to maintain an audit trail of its decision-making processes. This allows human analysts to understand and verify AI-generated outcomes.
Patricia Titus, Field CISO at Abnormal AI, reinforced this viewpoint by arguing that a human-in-the-loop validation system is essential for ensuring that AI maintains accuracy and performs its intended functions effectively. “You actually need someone who understands that to be able to go back and analyze the data periodically to ensure the AI tool is catching what you want it to catch,” Titus noted.
Moreover, the efficacy of AI is closely linked to the quality of the underlying security data infrastructure. Yonni Shelmerdine, Chief Product Officer at Vega Security, cautioned that gaps in data architecture can hinder AI’s effectiveness. If essential security logs are compromised or inadequately filtered, human engineering intervention becomes necessary to rectify these critical issues. “If the data is gone, no super-duper AI bot will be able to help,” he warned.
Redefining Roles: From Entry-Level to Strategic Analysts
The advent of AI in SOCs does not equate to the phasing out of entry-level positions; instead, it signifies a redefinition of responsibilities. According to the insights shared by the three vendors interviewed by Infosecurity, the technological shift is transforming the daily tasks of junior analysts, who can now assume the role of tier-1.5 analysts, proactively supervising and auditing AI-driven investigations from day one.
Candon pointed out that this technological advancement allows organizations to improve job satisfaction among their security personnel, as employees find themselves engaging in more meaningful work. As a result, firms can promote junior analysts into specialized roles at a significantly accelerated pace. Titus added that while tier-1 positions have been traditionally viewed as the starting point for analysts to familiarize themselves with foundational security concepts, AI has expedited this onboarding process.
To illustrate this operational shift, Titus provided a practical example from her own team. Following the deployment of Abnormal AI’s behavioral models, her organization no longer required five full-time tier-1 ticket-takers. Instead, existing staff were able to focus on high-risk tier-3 investigations, elevating their roles significantly. Furthermore, Titus initiated a university intern program, engaging students to learn security fundamentals alongside AI, thus creating a seamless transition for future hires.
The Rise of the Cyber Defense Engineer
As analysts evolve within this new framework, Shelmerdine anticipates the emergence of a novel profession: the cyber defense engineer. Rather than merely reacting to alerts, these engineers will take on proactive roles, engineering better detection mechanisms and optimizing AI tools. Shelmerdine articulately stated, “AI isn’t going to replace the SOC; it’s a cyber defense engineer who will.”
Ultimately, the consensus among security vendors suggests that the autonomous SOC will not be an empty space but a more intelligent, engaged environment. By eliminating time-consuming manual triage work, AI can liberate analysts, enabling them to transition from mundane tasks to strategic initiatives aimed at strengthening organizational security.
Despite the optimism surrounding this transition, it’s important to consider the broader context of ongoing layoffs across the tech and cybersecurity sectors. The real challenge for enterprises will be to strike a balance between leveraging AI for operational efficiency and ensuring that human expertise remains an integral component of their security strategies.
In the ever-evolving world of cybersecurity, the role of AI in SOCs presents both challenges and opportunities, urging stakeholders to adapt while keeping their human resources front and center. The future may not be void of desks but rather filled with skilled professionals ready to embrace a more advanced role in protecting vital organizational assets.