AI has moved past the hype phase for security teams. The real question is no longer whether to adopt it, but which parts of the security workflow are ready for autonomous AI and which still require human judgment. At the same time, the skills required to enter and grow in cybersecurity are shifting fundamentally — from knowledge accumulation to applied skill demonstration.
Priyanka Chatterjee, CEO of London School of Cybersecurity and a cybersecurity leader with over twenty-two years of global experience advising organizations across twenty-plus countries, joins this episode to break down both sides: how to think about AI as a colleague rather than a mere tool, and what the shift from a knowledge economy to a skills economy means for security practitioners at every level.
You can read the complete transcript of the episode here >
The Three Pillars of AI in Cybersecurity: Adopt, Protect, Protect From
For non-security industries, AI adoption is the singular focus. For cybersecurity professionals, Priyanka frames the challenge across three pillars she calls “APP”:
- Adopting AI: Using AI to augment analysis, reporting, data processing, and decision support within the security function.
- Protecting AI: Securing the AI systems that organizations build or deploy — model integrity, training data, inference pipelines.
- Protecting from AI: Defending legacy systems and infrastructure against AI-enabled threat vectors — more sophisticated phishing, automated exploitation, deepfakes.
Most content online conflates these three. Security teams must operate across all of them simultaneously, which is why AI security posture management is becoming a distinct discipline rather than an extension of traditional cloud security.
Why AI Is a Colleague, Not Just a Tool
The distinction between AI as a tool and AI as a colleague matters for how teams structure their workflows. Machine learning and automation have existed in cybersecurity for over a decade — behavioral analytics, SOAR platforms, next-gen firewalls. Those were tools: deterministic, rule-based, automating predefined logic.
Generative AI is fundamentally different because it augments thinking, not just task execution. It can challenge assumptions, surface alternative approaches, and synthesize context from disparate data sources.
Priyanka illustrates this with a concrete example: early in her career at IBM, she spent an entire night manually analyzing a spreadsheet with 9,000 rows and 11 columns of vulnerability data to prepare a summary for leadership. Today, AI produces that same analysis — with prioritization and context — in under 30 minutes.
The implication: the better you build your working relationship with AI (clearer prompts, better-tuned context, domain-specific knowledge), the better the output. That dynamic mirrors a colleague relationship, not a tool relationship.
Where AI Is Ready for Autonomy vs. Where Humans Must Decide
Not all security operations workflows are ready for full AI autonomy. Priyanka draws a clear line:
- Ready for AI autonomy: Data collection, triage, investigation, false positive detection, reporting, log analysis, management summaries — workflows with well-defined playbooks and low-consequence outputs.
- Still requires human judgment: Response actions — disconnecting machines from the network, disabling accounts, applying firewall rules, triggering incident response escalation. High-impact decisions where false positives carry material consequences.
The practical rule: if you have a well-defined playbook that can be documented end-to-end, AI can automate it. If the decision carries significant blast radius and requires contextual judgment, keep a human in the loop.
This maps directly to the maturity question facing security teams today: organizations with mature, documented decision workflows will adopt AI faster because the playbooks already exist for the AI to execute against. Organizations without clean workflows will struggle — because if you cannot run a process manually, it cannot run automatically.
The Future of the SOC: Shift Handover, Not Shift Work
Priyanka paints a vivid picture of the SOC three to five years from now: AI colleagues handle the overnight triage, running continuously without shifts. When the human analyst arrives for a normal working day, the AI has a shift handover ready — a structured summary of everything that happened, analysis completed, and a list of decisions only the human can make.
The implication for workforce planning:
- No more graveyard shifts for human analysts handling Level 1 triage.
- The SOC analyst role evolves from “go through the data” to “make the decisions.” Effectively, everyone becomes a Level 3 analyst — evaluating pre-processed intelligence and making judgment calls.
- The skills required shift from data processing and pattern recognition to decision-making, contextual judgment, and communication.
This is not a theoretical projection. The SOAR platforms of the last decade attempted this but failed at adoption because the analysis and trigger-point quality was insufficient. GenAI solves that specific bottleneck — it makes the pre-processing reliable enough that the handover to human decision-makers actually works.
From Knowledge Economy to Skills Economy: Why It Matters for Security Careers
The most consequential shift for anyone entering or growing in cybersecurity is what Priyanka identifies as the transition from a knowledge economy to a skills economy.
- Knowledge economy (previous era): The barrier to knowledge was high. Books, certifications, expensive training. People were hired for what they knew, because knowing was expensive to acquire.
- Skills economy (current era): Knowledge is essentially free — YouTube, free certifications, AI assistants answer any question instantly. The barrier to knowledge is near zero. But the barrier to employment is high. Employers now ask: “You know this — where and how do you apply it?”
The distinction: knowledge is knowing about something. Skill is knowing where and how to apply it. A certification proves knowledge. A portfolio proves skill.
How to Break the Chicken-and-Egg Problem in Cybersecurity Hiring
For new entrants facing the classic “need experience to get hired, need a job to get experience” loop, Priyanka recommends two concrete assets:
- A solid, ATS-compliant CV that opens the door to an interview.
- A portfolio that demonstrates applied skills — not knowledge, but evidence that you can do the work.
What a portfolio looks like for a SOC analyst candidate: a home lab with a SIEM configured, documented use of open-source tools like Nmap, evidence of log analysis, threat detection scenarios worked through, and documentation of the reasoning process.
The key insight: AI itself is the enabler for building this portfolio. Ask AI how to build a home lab, how to configure detection rules, how to set up a vulnerability management workflow. Use it to learn application, not just accumulate knowledge.
Certifications vs. Portfolios: What Actually Gets You Hired?
Certifications were designed for the knowledge economy — they prove you have information. They do not prove you know where to apply it in a real organizational context. Most certification curricula teach the “what” (how encryption works, how a pentest runs) without teaching the “where” and “when” (this is where in a company you would encrypt, this is how you plan and scope a pentest for a real engagement).
The strongest position: certifications plus a portfolio. The certification opens the gate; the portfolio controls the interview. When you can walk an employer through a real use case from your portfolio, the conversation shifts from interrogation to collaboration.
Build Human Agency: The Differentiator in an AI World
Beyond skills, Priyanka emphasizes a concept she calls “human agency” — self-motivation, willpower, and the drive to identify your value and pursue opportunities to exchange it. In a world where AI handles execution, the people who thrive are those who:
- Know what questions to ask (prompt quality reflects thinking quality)
- Can communicate clearly — both with AI colleagues and human stakeholders
- Take initiative rather than waiting for instructions
- Build governance skills — defining policies for how AI is used within organizations
Her learning recommendation for every security professional: invest in communication skills. Clear thinking produces clear communication, which produces better AI interactions, better governance, and better leadership. The technical knowledge can be found anywhere; the ability to think clearly and communicate decisively cannot be automated.
Related Resources
- The Science of Hiring Cybersecurity Professionals
- Building Security Culture with Empathy and Influence
- Navigating the Future of Cybersecurity: AI, Risks, and More
- Understanding AI Security Posture Management (AI-SPM)
- What is Cloud Detection and Response (CDR)?
- Building Security with Generative AI
- What is Agentic AI Security?