AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise

The quickened pace of AI development and release of tools like ChatGPT mark a fundamental shift in the AI conversation—moving from “what could happen” to “what will happen.”

One topic that gets a significant amount of attention is whetherAI will start replacing humans in so-called “knowledge worker” jobs—those roles that require some specialized knowledge, whether an architect, pharmacist, engineer, or even a cybersecurity practitioner.

Of course, that last role is the one I intend to focus on in this article, but many of these same points on why AI will not entirely replace the need for humans in cybersecurity can be repurposed to reassure your neighborhood pharmacist.

AI will enable cybersecurity professionals to work more efficiently. It will automate time-consuming manual tasks that are often a critical, but mundane chore—something like sifting through user-reported emails. You need to get through them to determine whether real threats are present, but that time spent on manual analysis could be better spent investigating higher fidelity alerts or threat hunting.

Unfortunately, some cybersecurity jobs may not be immune to this AI renaissance. In fact, Rohit Ghai, CEO of RSA, noted just that at the 2023 RSA Conference. But Rohit was hopeful that AI and humans could co-exist. The Jevons Paradox points to this outcome, indicating that coexistence will become a flourishing AI-enabled security practice.

But what is the Jevons Paradox? Help Net Security highlights this economic paradox as a potential indicator for future growth in cybersecurity roles. The paradox occurs when technological advances increase resource efficiency, lowering costs of that resource, and increasing demand. Help Net Security uses the advent of ATMs in the 1970s as an example parallel to the potential effects of AI. When the ATM was introduced, it was assumed that bank branches would close and branch staff would decrease. However, branch opening increased by 40+%, and while the staff per branch decreased slightly, overall bank staff followed the uptrend.

Relating this to cybersecurity, AI may shrink the amount of manual tasks that can be automated which could lead to certain types of security jobs being eliminated or transformed, but by increasing overall efficiency (whether for investigations, initial threat detection, or response), there will be demand for more security professionals as teams now have a greater capacity to combat threats.

This is not simply opinion or based on esoteric economic concepts. The US Bureau of Labor Statistics predicts the cybersecurity field will grow by 32% through 2032, noting that this is “much faster than average.” Demand for skilled cybersecurity professionals shows no signs of slowing, and AI app security provider Mobb’s CEO Eitan Worcel notes AI will not only support this new wave of security workers but ideally shrink the yawning skills gap. “It’s not about replacing humans; it’s about enhancing human capabilities with the power of machines.”

While AI can automate the correlation of data events, and even triage those events by making decisions based on past information to determine whether those events are anomalous, we’ll still need humans to make the cognitive leaps that are required to fully analyze anomalous activity.

Instead of an under-resourced security team drowning in hundreds of alerts, unable to tell a false positive from a legitimate threat, AI will reduce and refine the noise. This allows for security teams to grow without the need for intensive upskilling, better on-the-job training, and less burnout.

Abnormal is an AI-native cloud email security solution, providing automated detection and remediation long before the current AI frenzy. And in the time Abnormal has existed it’s become one of the fastest-growing cybersecurity providers and one of the most popular cybersecurity solutions on review sites like G2.

It’s anecdotal, but often those reviews are penned by security pros who do not have -ISO at the end of their title. So, we can say with some confidence that the introduction of email security automation has not led to a sudden elimination of cybersecurity roles across our customer base. In fact, in a recent conversation, one of our customers shared, “I clearly don't want to replace my staff. I use [AI] to enable them to do a better job.”

If anything, Abnormal allows security practitioners to focus on higher-priority tasks, saving security teams 15+ hours per week on average—time that would otherwise be spent investigating email security threats or configuring rules for a legacy gateway. Even Abnormal’s portal UI is architected to be easy to understand by everyone from the CISO down to the SOC intern. Complexity for the sake of complexity gets in the way of efficient investigation. Yes, we all work in technology and often want to feel like we work in technology through custom rule writing and knobs and dials—but AI and good design will make security more accessible, more strategic, and no, it probably won’t take your job.

Interested in learning what Abnormal Security can do for your organization? Request a demo today.