Ever since artificial intelligence entered mainstream conversations with the release of ChatGPT-4 in 2023, experts have debated whether these technologies and virtual chatbots would replace skilled IT and cybersecurity workers or augment their tasks through added layers of automation.
The results so far appear mixed.
AI has displaced some entry-level cybersecurity work in and around security operations centers (SOCs) and other areas, affecting younger professionals by blocking off essential learning and career opportunities. At the same time, organizations implementing AI are in great need of skilled security employees who understand these platforms, can secure the technologies, and understand the risks associated with chatbots.
All of these changes are affecting how organizations recruit and hire cybersecurity talent, the skill sets that pros need to compete in the marketplace, and what it takes to secure networks, infrastructure, and data from cybercriminals and attacks.
A newly released survey from security firm Fortinet now offers additional details about the effects AI is having on cybersecurity careers and skill development. The study, based on responses from 2,750 IT and cybersecurity decision-makers across 32 countries, found that 60 percent of respondents identified finding candidates with cybersecurity AI experience as a growing recruitment challenge.
The Fortinet study also found:
- Sixty-three percent of respondents expect a greater need for AI oversight and governance roles over the next three years.
- Forty-nine percent believe they may need to create new AI-driven roles.
- Fifty-seven percent expect to require reskilling or upskilling of existing staff to work with AI tools.
These numbers show the challenges cybersecurity, as well as other professions, face as organizations look to increase AI deployments and the effect that has on talent recruitment and hiring.
“This isn’t unique to cybersecurity – it’s part of a broader trend as enterprises leverage AI to automate the routine work that once served as entry-level training,” Matthew Hartman, chief strategy officer at Merlin Group, recently told Dice. “In cyber, tasks like alert triage and log analysis are increasingly handled by automation, while increasing threat complexity is pushing demand toward experienced talent. The long-term risk is a pipeline problem.”
AI Cybersecurity Skills Continue to be in Demand
The Fortinet report makes clear what other experts and data have pointed to over the last year – those cybersecurity professionals who understand AI technologies are in increasing demand. Specifically, organizations now require security staff with new skill sets, and the most popular include:
- AI model development (55 percent)
- AI tool oversight (54 percent)
- Security automation (52 percent)
As organizations add AI tools, they require a new breed of security workers who understand these technologies as well as the risks they pose to the business, noted David Brumley, chief AI and science officer at Bugcrowd.
“The real shift is in how the work gets done. Security professionals are knowledge workers, and like every knowledge profession, our workflows are being reshaped by AI,” Brumley told Dice. “Those who ignore it will fall behind. Those who adopt it will become dramatically more effective. While security professionals are used to learning new skills, what makes this scarier is the speed and scale at which the change is coming.”
While AI has affected some entry-level hiring positions, the data also show organizations are struggling to find cyber pros with senior-level skills. The survey finds that 51 percent of respondents report they need senior-level cybersecurity skills most of all, compared to 32 percent for mid-level and 13 percent for entry-level roles.
Organizations are under pressure to deliver security outcomes. This means they prioritize candidates who can contribute immediately in areas like cloud security, AI, and risk management. At the same time, much of the work that traditionally served as an entry point, like Tier 1 triage and basic analysis, is being automated or absorbed into platforms, said Diana Kelley, CISO at Noma Security.
This can cause unique hiring and recruiting problems, as well as affect how cyber pros develop their skills to fit these needs.
“The long-term risk is a pipeline that runs dry. Cybersecurity has traditionally built senior talent through hands-on experience. Cut off the early-career pathways and you lose the next generation of defenders,” Kelley told Dice. “If we don't rebuild deliberate on-ramps, including apprenticeship models, AI-amplified junior roles, and academic pipelines that connect to real work, senior talent will age out faster than we can replenish it. The organizations that thrive will be the ones that figure out how to use AI to make junior practitioners more capable, not replace them.”
The increased use of AI also means that many processes within networks and infrastructure are now automated through the use of chatbots and other technologies.
This can create efficiencies, but many of these changes are happening faster than organizations can keep up with and secure these vulnerable endpoints. This requires a skilled workforce that many businesses have not been able to invest in, said Randolph Barr, CISO at Cequence Security.
“Cybersecurity staffing isn’t keeping up. Recent surveys show that organizations expect little growth in headcount, even as they rely more on automation to bridge capability gaps,” Barr told Dice. “This creates a structural imbalance: AI and development teams are scaling faster than the security workforce that’s meant to govern them.”
Calculating AI Risks
The flip side of AI adoption is that cybercriminals and threat actors have begun using these technologies as well, which creates an additional need for skilled cybersecurity professionals who understand the risks posed by attacks and vulnerabilities within their networks.
The Fortinet survey finds that 45 percent of respondents are concerned about data and confidential information leaking through AI platforms, while another 44 percent are concerned about attacks involving AI technologies.
Tasks that once took hours are now easily automated. This also means threats against organizations are increasing, which should drive demand for skilled cyber pros, said Shane Barney, CISO at Keeper Security.
“As attackers automate their own decision-making, defenders need the same ability to understand actions and intent immediately, not just record activity for later review,” Barney told Dice. “AI-powered threat detection and response can flag and shut down malicious behavior in real time – moving at the speed of AI-powered threats. In a cloud environment where attackers can reason and act in minutes, any standing privilege is an open invitation.”
With AI accelerating the shift in cybersecurity by automating routine triage and alert handling, it also reduces demand for junior labor, even as it creates new needs in AI security, governance, and automation skills. If companies stop hiring beginners, they may save money now, but face a shortage of experienced cyber workers later, noted Ram Varadarajan, CEO of security firm Acalvio.
“Of course, the long-term risk is a weakened talent pipeline, precisely when we'll need it most, with AI-driven threats starting to proliferate,” Varadarajan said. “The needs of AI safety and security will morph exponentially with the new cyber threat of emergent misalignment. We'll need more smart people to address that challenge, not less.”
