AI in Cybersecurity: More Jobs, Different Jobs, Fewer Easy Jobs

Cybersecurity is the rare industry where AI is simultaneously the threat, the defence, and the thing reshaping the workforce. It's a strange position to be in. The same technology that's eliminating jobs in other sectors is creating new attack surfaces that need defending, which means new roles. But not necessarily the same roles that exist today.

i get asked about cybersecurity a lot because people assume it's "safe from AI." The logic goes: AI creates more cyber threats, therefore we need more cybersecurity people. Simple supply and demand. And there's truth to that. But the reality is more nuanced, and if you're in the wrong part of cybersecurity, that comfortable narrative might not apply to you.

The threat landscape has fundamentally changed

AI hasn't just made existing cyber attacks more frequent. It's changed their nature. Phishing emails used to be laughably obvious — dodgy grammar, suspicious links, "Dear Valued Customer" from your bank that somehow couldn't spell your name. AI-generated phishing is different. It's personalised, grammatically perfect, contextually relevant, and generated at a scale that was previously impossible.

Deepfake social engineering is real. Voice cloning is real. AI-powered vulnerability discovery is real. The attack surface has expanded and the sophistication floor has risen dramatically. Script kiddies with access to AI tools can now launch attacks that would have required significant expertise two years ago.

This is genuinely good news for cybersecurity employment overall. The industry was already short-staffed and the talent gap is widening. But the jobs that are growing aren't the same ones that existed before.

What's being automated

Security Operations Centre (SOC) Tier-1 monitoring. This is the big one. The junior analysts who sit in a SOC watching dashboards, triaging alerts, and escalating anything that looks suspicious. AI can now do most of this faster and more consistently than a human. It doesn't get fatigued at 3am. It doesn't develop alert blindness. It can process thousands of alerts simultaneously and prioritise them with increasing accuracy.

The traditional SOC model — Tier 1 triages, Tier 2 investigates, Tier 3 does deep analysis — is compressing. AI is absorbing most of Tier 1 and a growing portion of Tier 2. The alerts that reach a human are already pre-analysed, correlated, and enriched. The human's job becomes investigation and response rather than monitoring and triage.

Vulnerability scanning and basic penetration testing. Automated vulnerability scanning has been around for ages, but AI is making it significantly more capable. Basic pen testing — running standard tools against known vulnerability patterns — is increasingly automated. The reports that used to take a junior pen tester days to compile can be generated automatically.

Log analysis and correlation. Manually reviewing logs is being eliminated. AI-powered SIEM (Security Information and Event Management) systems do this continuously, identifying patterns and anomalies that no human could spot across the volume of data involved.

Compliance checking. Assessing systems against compliance frameworks (ISO 27001, SOC 2, GDPR technical requirements) involves checking configurations against standards. AI does this systematically and exhaustively. The compliance audit teams are getting smaller.

Where the jobs are growing

AI security specialists. Securing AI systems themselves is a new discipline. Prompt injection attacks, model poisoning, data poisoning, adversarial inputs, model theft. These are novel threat categories that require people who understand both AI and security. This specialism barely existed three years ago and demand is significant.

Threat intelligence analysts. Understanding the threat landscape, tracking threat actors, analysing AI-powered attack methodologies. This is high-level analytical work that requires human judgement, contextual understanding, and the ability to think like an attacker. AI assists but doesn't replace this.

Incident response and forensics. When something goes wrong, you need humans who can investigate, contain, and remediate. The incidents themselves are more complex because AI is involved on both sides. AI-powered attacks require AI-literate defenders who can understand what happened and why.

Security architects. Designing secure systems in an AI-native world requires understanding how AI components introduce new risks. Cloud-native, AI-integrated architectures need security designed in from the start. This is senior, strategic work and there's a shortage of people who can do it.

Red teaming AI systems. Deliberately trying to break AI systems, find their vulnerabilities, and test their defences. This is a growth area as organisations deploy more AI and need to understand its failure modes. It requires a rare combination of AI knowledge and adversarial thinking.

The skills shift

Here's what matters. The cybersecurity professional of 2024 who was valued for being able to monitor SIEM dashboards, recognise alert patterns, and follow runbooks is being replaced by AI that does those things better. The cybersecurity professional of 2027 needs to be able to work with AI tools, understand AI-specific threats, think strategically about security architecture, and handle the complex investigations that AI escalates.

It's a shift from operational to analytical. From monitoring to investigating. From following procedures to making judgement calls.

The practical skills that are becoming essential:

Understanding AI and machine learning at a functional level. Not building models from scratch, necessarily, but understanding how they work, how they fail, and how they can be exploited. If you can't have an intelligent conversation about large language models, neural networks, and their attack surfaces, you're going to struggle.

Cloud security expertise. The infrastructure is in the cloud. The AI systems run in the cloud. The attacks target the cloud. Cloud security is not a nice-to-have specialism, it's core.

Programming and automation. If you can't script, you're limited. The modern security professional needs to be able to write detection rules, automate response playbooks, build custom tools, and work with APIs. Python minimum. Infrastructure-as-code familiarity is increasingly expected.

Communication and business context. As the role becomes more strategic, the ability to explain security risks in business terms becomes more valuable. Boards and executives need to understand AI security risks. Someone has to translate.

The certification question

i'm going to be slightly controversial here. Some traditional cybersecurity certifications are losing relevance faster than the industry wants to admit. A certification that validates your ability to do things AI can now do is decreasingly valuable. CompTIA Security+ teaches fundamentals that are still useful but the operational skills it validates are increasingly automated.

What's more valuable right now is demonstrable experience with AI security tools, cloud security platforms, and incident response. CISSP still carries weight because it validates broad security management knowledge. OSCP still matters because practical penetration testing skills at that level aren't fully automated. But the certification market hasn't caught up with how fast the role is changing.

The new certifications around AI security, cloud security, and zero-trust architectures are more aligned with where the industry is heading. But honestly, practical experience and demonstrable skills matter more than they ever have. A home lab where you're testing AI security tools is worth more than a certification that took you three months to memorise.

What's happening to salaries

This is the good news. Cybersecurity salaries are holding up well and in some specialisms they're increasing. The talent shortage is real. The demand for AI security specialists, cloud security engineers, and senior incident responders is outstripping supply significantly.

But there's a bifurcation happening. Senior and specialist roles are commanding higher salaries. Junior monitoring roles are being eliminated or compressed. The entry path into cybersecurity used to be: get a cert, get a SOC Tier-1 job, work your way up. That pathway is narrowing as SOC Tier-1 becomes automated. Which creates a genuine problem for the industry — where do the next generation of senior security professionals come from if the traditional junior roles disappear?

Some organisations are responding by creating new entry-level roles focused on AI tool management, security automation, and AI-assisted investigation. These are different from the old monitoring roles but they serve the same function of getting people into the industry and building their skills.

What to do if you're in cybersecurity

If you're junior or trying to break in: Focus on AI-adjacent skills. Learn how AI security tools work. Get hands-on with cloud security platforms. Build a home lab and practice. The entry path is changing but it's not closed — it's just different from what it was two years ago.

If you're mid-career in a SOC role: Your monitoring skills are being automated. Start moving towards investigation, threat hunting, and incident response. Get hands-on with AI security tools rather than resisting them. The people who learn to work with AI-powered security platforms effectively are the ones who'll move into the analyst and architect roles.

If you're senior: Your strategic and architectural skills are more valuable than ever. But you need to understand AI deeply enough to assess AI-specific threats and design AI-aware security architectures. If your knowledge of AI is superficial, fix that quickly.

If you're in compliance and audit: The routine compliance checking is being automated. Move towards security strategy, risk management, and regulatory interpretation. The human value is in understanding the intent behind the regulation and making judgement calls about how it applies to novel situations.

Watch for the restructuring patterns even in cybersecurity. Just because the industry overall is growing doesn't mean your specific company or team isn't about to reorganise around AI tools. The pilot programme to restructuring pipeline applies here too.

The bottom line

Cybersecurity is genuinely one of the better-positioned industries in the AI era. Total employment is likely to grow. But the composition of that employment is changing rapidly. Fewer people watching screens. More people investigating complex incidents, designing secure architectures, and defending against AI-powered threats.

If you're in the right part of cybersecurity with the right skills, your career outlook is excellent. If you're in the monitoring and compliance checking part, you need to move. The shift isn't coming — for most organisations, it's already happened or it's happening right now.

The one thing to do today: look at the AI security tools your organisation is deploying or evaluating. Get access. Learn them. The people who master these tools early are the ones who'll define the new roles.