- Partnerships
AI is changing cybersecurity in two fundamental ways. First, AI has spawned a new era of automated adversarial tactics, techniques, and procedures (TTPs) that can be scaled rapidly and disguised by bad actors—almost impeccably. It’s no surprise that 74% of global cybersecurity professionals have said the threat landscape is the worst they’ve seen in five years, according to our recent ISC2 Cybersecurity Workforce Study. Meanwhile advancements in AI and fine-tuned machine learning models have leveled up threat detection capabilities and training opportunities to counteract this evolving threat landscape.
But are cybersecurity teams ready to adopt AI security tools securely?
I’d argue that they could be, but only if an organization is committed to developing a team of cybersecurity professionals with validated skills aligned with the specific cyber defense capabilities needed in an AI-driven era. Cybersecurity skills intended to tackle AI threats shouldn’t exist as a discrete skill set. Instead, teams must treat AI security as an inextricable layer of their overall cybersecurity strategy—across all related roles and responsibilities.
The state of AI adoption across the cybersecurity workforce
Our recent ISC2 survey on AI adoption for cybersecurity suggests that leaders are proceeding with caution. 30% of respondents said their teams have already integrated AI security tools (e.g., AI-enabled security solutions, generative AI, and/or agentic AI for automated action, etc.) into their operations. Despite this reserved approach, interest is growing; 42% are currently evaluating or testing the adoption of AI security tools, indicating momentum toward future implementation.
Where is AI’s place in the security tech stack?
Our research identified the top five areas where AI security tools will have the most positive impact on operations in the shortest amount of time—with the goal of improving efficiencies and automating time-consuming tasks:
- Network monitoring and intrusion detection: 60%
- Endpoint protection and response: 56%
- Vulnerability management: 50%
- Threat modeling: 45%
- Security testing: 43%
AI-based security tools are showing promise among early adopters. 70% of respondents from organizations actively using AI security tools are seeing positive results from their AI tools, supporting their team’s overall effectiveness. AI-based security tools can enhance cybersecurity capabilities, increase efficiency, and reduce human error, while accelerating a team’s ability to address an ever-changing threat landscape.
But AI security tools must not fall victim to “shiny object” syndrome, where users are hasty to adopt without careful consideration. Cybersecurity teams require the right AI-related human skills before they integrate AI tools; otherwise, they may unknowingly introduce another element of cyber risk. These professionals need to be equipped to understand how AI is transforming the attack surface while knowing how to use AI to mitigate these new dangers. It’s imperative not to leave skills gaps in either lane.
So, during this Cybersecurity Awareness Month, I want to emphasize the importance of investing in cybersecurity training and professional development to ensure your team acquires AI-centered knowledge and skills—validated by trusted, global credentials. As partners, ISC2 and Pearson VUE work together to offer standardized certification exams in secure testing environments to ensure the highest integrity of cybersecurity skills validation.
Opportunities for upskilling cybersecurity professionals
Just as important as validating skills (e.g., by taking AI-specific courses) is embracing the mindshift that AI tools can create opportunities to upskill early-career professionals once they are freed from the tedious, time-consuming tasks that AI can handle for them. In fact, 28% of the cybersecurity professionals surveyed this summer think ]AI will create new opportunities for entry-level talent. These findings suggest that AI is helping early-career cybersecurity professionals by automating repetitive tasks and enabling them to focus on more strategic work.
AI is already transforming entry-level cybersecurity roles by combining core skills with automation, data analysis, and AI system support. Some of the AI-driven roles showing up in job requisitions include:
- AI-Assisted SOC Analyst: Uses AI-boosted SIEM or SOAR tools.
- Security Data Analyst/Junior Threat Intelligence Analyst: Manages large threat datasets for AI model training and validation.
- Automation and Security Orchestration Assistant: Maintains security automation scripts and AI-driven workflows.
- Security Testing Assistant: Evaluates the resilience of AI-based security tools against adversarial threats.
Outskilled by AI or upskilled?
Clearly, upskilling is the way forward. We’re already seeing the transformative benefit of using AI security tools to complement and advance capabilities across the cybersecurity workforce.
But cybersecurity skills training and certification need to keep up with the pace of change with AI. The value of any cybersecurity AI investment will be fully realized only by safely mitigating the risk of costly and security-exposing mistakes. At ISC2, we firmly believe that it’s important not to become overconfident in AI security tools. Building a skillset that cuts through the hype and empowers practitioners to proceed with caution will lead to more agile and resilient cyber teams.
Continuous learning as part of cyber defense
In partnership with Pearson VUE, we’re committed to enabling continuous learning so teams can master new AI tools and transition into higher-value roles that securely and safely integrate AI as part of cyber defense.
Guest blogger Casey Marks serves as the chief operating officer for ISC2, where he oversees the company's certification program.