Cloudanix Joins AWS ISV Accelerate Program

AI: Your Next Tool or New Colleague? Next-Gen Security Skills with Priyanka Chatterjee

How security teams should adopt AI in operations, why the industry has shifted from a knowledge economy to a skills economy, and what next-gen practitioners need to get hired.

AI has moved past the hype phase for security teams. The real question is no longer whether to adopt it, but which parts of the security workflow are ready for autonomous AI and which still require human judgment. At the same time, the skills required to enter and grow in cybersecurity are shifting fundamentally — from knowledge accumulation to applied skill demonstration.

Priyanka Chatterjee, CEO of London School of Cybersecurity and a cybersecurity leader with over twenty-two years of global experience advising organizations across twenty-plus countries, joins this episode to break down both sides: how to think about AI as a colleague rather than a mere tool, and what the shift from a knowledge economy to a skills economy means for security practitioners at every level.

You can read the complete transcript of the episode here >

The Three Pillars of AI in Cybersecurity: Adopt, Protect, Protect From

For non-security industries, AI adoption is the singular focus. For cybersecurity professionals, Priyanka frames the challenge across three pillars she calls “APP”:

  • Adopting AI: Using AI to augment analysis, reporting, data processing, and decision support within the security function.
  • Protecting AI: Securing the AI systems that organizations build or deploy — model integrity, training data, inference pipelines.
  • Protecting from AI: Defending legacy systems and infrastructure against AI-enabled threat vectors — more sophisticated phishing, automated exploitation, deepfakes.

Most content online conflates these three. Security teams must operate across all of them simultaneously, which is why AI security posture management is becoming a distinct discipline rather than an extension of traditional cloud security.

Why AI Is a Colleague, Not Just a Tool

The distinction between AI as a tool and AI as a colleague matters for how teams structure their workflows. Machine learning and automation have existed in cybersecurity for over a decade — behavioral analytics, SOAR platforms, next-gen firewalls. Those were tools: deterministic, rule-based, automating predefined logic.

Generative AI is fundamentally different because it augments thinking, not just task execution. It can challenge assumptions, surface alternative approaches, and synthesize context from disparate data sources.

Priyanka illustrates this with a concrete example: early in her career at IBM, she spent an entire night manually analyzing a spreadsheet with 9,000 rows and 11 columns of vulnerability data to prepare a summary for leadership. Today, AI produces that same analysis — with prioritization and context — in under 30 minutes.

The implication: the better you build your working relationship with AI (clearer prompts, better-tuned context, domain-specific knowledge), the better the output. That dynamic mirrors a colleague relationship, not a tool relationship.

Where AI Is Ready for Autonomy vs. Where Humans Must Decide

Not all security operations workflows are ready for full AI autonomy. Priyanka draws a clear line:

  • Ready for AI autonomy: Data collection, triage, investigation, false positive detection, reporting, log analysis, management summaries — workflows with well-defined playbooks and low-consequence outputs.
  • Still requires human judgment: Response actions — disconnecting machines from the network, disabling accounts, applying firewall rules, triggering incident response escalation. High-impact decisions where false positives carry material consequences.

The practical rule: if you have a well-defined playbook that can be documented end-to-end, AI can automate it. If the decision carries significant blast radius and requires contextual judgment, keep a human in the loop.

This maps directly to the maturity question facing security teams today: organizations with mature, documented decision workflows will adopt AI faster because the playbooks already exist for the AI to execute against. Organizations without clean workflows will struggle — because if you cannot run a process manually, it cannot run automatically.

The Future of the SOC: Shift Handover, Not Shift Work

Priyanka paints a vivid picture of the SOC three to five years from now: AI colleagues handle the overnight triage, running continuously without shifts. When the human analyst arrives for a normal working day, the AI has a shift handover ready — a structured summary of everything that happened, analysis completed, and a list of decisions only the human can make.

The implication for workforce planning:

  • No more graveyard shifts for human analysts handling Level 1 triage.
  • The SOC analyst role evolves from “go through the data” to “make the decisions.” Effectively, everyone becomes a Level 3 analyst — evaluating pre-processed intelligence and making judgment calls.
  • The skills required shift from data processing and pattern recognition to decision-making, contextual judgment, and communication.

This is not a theoretical projection. The SOAR platforms of the last decade attempted this but failed at adoption because the analysis and trigger-point quality was insufficient. GenAI solves that specific bottleneck — it makes the pre-processing reliable enough that the handover to human decision-makers actually works.

From Knowledge Economy to Skills Economy: Why It Matters for Security Careers

The most consequential shift for anyone entering or growing in cybersecurity is what Priyanka identifies as the transition from a knowledge economy to a skills economy.

  • Knowledge economy (previous era): The barrier to knowledge was high. Books, certifications, expensive training. People were hired for what they knew, because knowing was expensive to acquire.
  • Skills economy (current era): Knowledge is essentially free — YouTube, free certifications, AI assistants answer any question instantly. The barrier to knowledge is near zero. But the barrier to employment is high. Employers now ask: “You know this — where and how do you apply it?”

The distinction: knowledge is knowing about something. Skill is knowing where and how to apply it. A certification proves knowledge. A portfolio proves skill.

How to Break the Chicken-and-Egg Problem in Cybersecurity Hiring

For new entrants facing the classic “need experience to get hired, need a job to get experience” loop, Priyanka recommends two concrete assets:

  • A solid, ATS-compliant CV that opens the door to an interview.
  • A portfolio that demonstrates applied skills — not knowledge, but evidence that you can do the work.

What a portfolio looks like for a SOC analyst candidate: a home lab with a SIEM configured, documented use of open-source tools like Nmap, evidence of log analysis, threat detection scenarios worked through, and documentation of the reasoning process.

The key insight: AI itself is the enabler for building this portfolio. Ask AI how to build a home lab, how to configure detection rules, how to set up a vulnerability management workflow. Use it to learn application, not just accumulate knowledge.

Certifications vs. Portfolios: What Actually Gets You Hired?

Certifications were designed for the knowledge economy — they prove you have information. They do not prove you know where to apply it in a real organizational context. Most certification curricula teach the “what” (how encryption works, how a pentest runs) without teaching the “where” and “when” (this is where in a company you would encrypt, this is how you plan and scope a pentest for a real engagement).

The strongest position: certifications plus a portfolio. The certification opens the gate; the portfolio controls the interview. When you can walk an employer through a real use case from your portfolio, the conversation shifts from interrogation to collaboration.

Build Human Agency: The Differentiator in an AI World

Beyond skills, Priyanka emphasizes a concept she calls “human agency” — self-motivation, willpower, and the drive to identify your value and pursue opportunities to exchange it. In a world where AI handles execution, the people who thrive are those who:

  • Know what questions to ask (prompt quality reflects thinking quality)
  • Can communicate clearly — both with AI colleagues and human stakeholders
  • Take initiative rather than waiting for instructions
  • Build governance skills — defining policies for how AI is used within organizations

Her learning recommendation for every security professional: invest in communication skills. Clear thinking produces clear communication, which produces better AI interactions, better governance, and better leadership. The technical knowledge can be found anywhere; the ability to think clearly and communicate decisively cannot be automated.

Related Resources

What Our Users Are Saying

Customer Reviews

Cloudanix is trusted by security leaders worldwide to deliver proactive, reliable, and cutting-edge cloud security.

One day, I changed the password of a root account, and my CTO called me within less than a minute to confirm if I did so. I was not expecting a reaction this quick. He told me Cloudanix alerted him of this password change and that he wanted to confirm as it was a critical security notification. I couldn't believe it!

Ritesh Agarwal
Ritesh Agarwal
CEO, Airgap Networks

Compliance is one way of staying secure, but what I want is the ability to go deeper and attain 'true security.' Cloudanix provides us the capability to do so.

Vishal Madan
Vishal Madan
Head of Engineering, iMocha

Cloudanix is building for the future of the cloud, which makes the product all the more desirable.

Ritesh Agarwal
Ritesh Agarwal
CEO, Airgap Networks

Cloudanix gave us the visibility we were missing. Being able to move from permanent access to a robust Just-In-Time (JIT) workflow has fundamentally changed our security posture without slowing down our engineering velocity.

Pavan Kumar Lekkala
Pavan Kumar Lekkala
SRE Lead, HugoHub

We are excited to leverage Cloudanix's comprehensive multi-cloud DevSecOps solution to secure our production workloads on AWS. Cloudanix has demonstrated that it can solve many challenges that DevSecOps teams face while continually adding new features such as SOC2 compliance and drift detection.

Satish Mohan
Satish Mohan
Co-founder & CTO, Airgap Networks

Managing third-party partner access was once a major concern for our security posture. With Cloudanix JIT Cloud, we've effectively achieved zero third-party risk. We can now grant access confidently, knowing that it is temporary, audited, and automatically revoked, resulting in a 100% reduction in our privileged access exposure.

Okesh Badhiye
Okesh Badhiye
Head of Technical Engineering, Finfinity

The snooze feature and responsible alerts have helped us save time and prioritize what to tackle first.

Satish Mohan
Satish Mohan
Co-founder & CTO, Airgap Networks

Implementing Cloudanix JIT internally allowed us to practice what we preach. By eliminating permanent access to our own clouds and databases, we've neutralized the risk of standing privileges, ensuring our own 'keys to the kingdom' are never left exposed.

Girish Manghnani
Girish Manghnani
Managing Partner, Tech Inspira

The problem with permissions is a lot of times, the gaps are left open due to oversights from inside the organization itself. With Cloudanix's CIEM, we get a complete view of user permissions and access. This enables us to update the permissions, reducing the attack surface.

Nilesh Pethani
Nilesh Pethani
Application Architect, iMocha

In the world of Fintech, trust is our currency. Cloudanix provided the frictionless visibility we needed to secure our EKS workloads across AWS, ensuring we stay audit-ready for SOC2 and GDPR without slowing down our engineering velocity.

Amol Naik
Amol Naik
Head of Security & Infrastructure, HugoHub

Cloudanix delivered value within 5 minutes of onboarding. Continuous monitoring, timely detection, and excellent documentation helped us attain a great cloud security posture.

Divyanshu Shukla
Senior DevSecOps, Meesho

Technology strategies and business strategies are in a state of constant change which includes centralization and decentralization of responsibilities. Regardless of strategic shift, we still have intellectual property to protect. Cloudanix are critical partners for us in our public cloud security posture across our three cloud providers.

Jerry Locke
Jerry Locke
Senior Director Global Solutions Engineering, Eversana

Cloudanix has been amazing. They opened up a common Slack channel with us — and it feels like we are talking to our own team and getting things done with Cloud security. The support team is always available, friendly, helpful, and ready to go out of their way.

Satish Mohan
Satish Mohan
CTO, Airgap Networks

Beyond just access management, Cloudanix CSPM has given us a unified view of our AWS environment. The real-time alerting and anomaly detection allow us to prevent any untoward activity before it happens, which is critical for a marketplace connecting 50+ financial institutions.

Okesh Badhiye
Okesh Badhiye
Head of Technical Engineering, Finfinity

For a Fintech company, data is our most valuable — and most sensitive — asset. Cloudanix DAM hasn't just improved our visibility; it has given us control. The ability to mask data and prevent unauthorized queries in real-time is a game-changer for our compliance and customer trust.

Jiten Gala
Jiten Gala
President Engineering and Product, Kapittx

Our clients, especially in the Middle East financial sector, demand absolute accountability. Cloudanix JIT Cloud has been a competitive differentiator for us, allowing us to provide secure, governed access to customer accounts that meet their strictest audit and compliance requirements.

Girish Manghnani
Girish Manghnani
Managing Partner, Tech Inspira

Cloudanix is always on my team's lips because of its exceptional support. Be it a small or big query, Cloudanix has gone above and beyond to resolve them. This one's a keeper for us.

Sujit Karpe
Sujit Karpe
CTO, iMocha

For a long-lasting partnership, great support goes a long way. Cloudanix has delivered exceptional support whenever required. Their edge is their team is always ready to go beyond to solve any issues that we have. This speaks volumes about the culture at Cloudanix.

Akash Maheshwari
Akash Maheshwari
Co-founder, MoveInSync

Beyond the technology, Cloudanix feels like an extension of our own team. Their willingness to stand up a dedicated Middle East tenant for us and provide exceptional support at a sensible price makes them a long-term partner for Hugosave.

Surya Tamada
Surya Tamada
CTO, HugoHub

The real-time notifications that Cloudanix provides are a real lifesaver. Their adaptive notifications ensure that my team stays productive and doesn't get interrupted all the time.

Digvijay Singh
Staff Security Engineer, Meesho

The whole point in technological evolution is to help improve the world we live in. We must protect that and to do so requires an effective and efficient security strategy. The Cloudanix team helped make our public cloud security posture management strategy a reality. The symbiotic relationship we have allows for a continuous feedback loop which is how business should operate.

Larry Wheat
Larry Wheat
Staff Solutions Engineer, Eversana

Ready to see your graph?

Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.

Book a Demo