AI Is Automating the Jobs That Train Cybersecurity’s Next Leaders

https://www.govinfosecurity.com/ai-automating-jobs-that-train-securitys-next-leaders-a-31796

Publish Date: 2026-05-27 17:22:00

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

SANS Survey Says Industry Risks Future by Cutting Roles That Train Cyber Expertise

Jennifer Lawinski •
May 27, 2026

Among organizations reporting AI-driven role changes in a new SANS/GIAC Cybersecurity Workforce Research Report, SOC and security analysts are being cut by 32% of companies surveyed. (Image: Shutterstock)

Recent leaps in cybersecurity capabilities made by advanced frontier artificial intelligence models such as Anthropic’s Claude Mythos have revealed gaps in more than just code bases. See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?
The industry has a cybersecurity talent and training problem, and AI is going to make it harder than ever to both recruit and train new talent, as it renders the paths to mastery obsolete and transforms the process of starting a career in cybersecurity.
According to the 2026 SANS/GIAC Cybersecurity Workforce Research Report, only 4% of organizations report that entry-level roles are hard to fill, yet these entry-level roles – SOC analysts, threat intelligence analysts and incident responders – are likely the very positions being automated first, experts warn. Among organizations reporting AI-driven role changes, SOC and security analysts are being cut by 32% of the companies surveyed, followed by threat intelligence analysts at 26% and incident response personnel at 22%.
These are the roles in which cybersecurity professionals are made, honing the skills that the next generation of leaders will need, SANS said. And cutting off the bottom rungs is only going to complicate this already challenging picture. SANS found that organizations are also reporting challenges hiring senior, expert and mid-level talent.
“Every single technology organization seems to be largely abandoning the concept of hiring entry-level personnel, which are the sort of people where you would cultivate that mastery,” said Jeff Pollard, vice president and principal analyst at Forrester. “We are effectively forfeiting or abdicating expertise to the technology, and then that requires us to trust the technology completely. And we know that we can’t do that, especially this technology, because it makes stuff up.”
Cybersecurity work is being transformed by AI. AI tools are reducing manual analysis time for 49% of organizations, and 48% report workflows being automated. But this transformation is threatening the apprenticeship model that the industry has built over decades. Entry-level employees typically increase skills as they climb the ladder, learning to triage, investigate and process threat intelligence and telemetry.
Rob T. Lee, chief AI officer and chief of research at the SANS Institute, said the industry needs to evolve to be more like training for a doctor or lawyer – on-the job training such as a medical residency, legal clerkship or engineering apprenticeship, where practitioners are taught and trained as specialists.
“I definitely think the higher-level skills are going to need the focus, and our current methodology of sending someone through Tier 1, Tier 2 security operations center, getting an A-plus certification and kind of moving up from the mail room. That’s going to switch over to these highly specialized careers,” he said.
Jon France, CISO at ISC2, said he’s seeing a shift in how the work is changing. He outlined three models of human involvement with AI: human in the loop, where a person investigates what a tool surfaces; human on the loop, where the tool acts and a person reviews; and human out of the loop, where automation operates autonomously.
“I think we’re ‘human on the loop’ at the moment,” France said. For an entry-level role, the task would no longer be picking apart a log file but rather answering how a tool set would help show trends using a large language model.”
It won’t be the end of entry-level work, he said, but that work will be transformed. “I don’t think it’ll eliminate entry positions wholesale. It is likely to change what you do,” France said.
ISC2’s data supports France’s hypothesis. ISC2’s 2025 AI Adoption Pulse Survey found that 52% of cybersecurity professionals believe AI will reduce the need for entry-level staff, but 31% see it creating new types of junior roles. “The rapidity of change is probably what’s fueling a lot of these conversations,” France said.
The COBOL Problem, Reborn
AI is simultaneously showing a gap in the workforce that has developed as software and developers are aging. Some of the vulnerabilities being found by models including Claude Mythos predate many of the professionals now responsible for fixing them, and the code is written in languages that teams likely don’t know.
“It’s going to be a lot like the COBOL problem, where the people that built all those systems retired, and so we needed to train another batch of them,” Pollard said. For systems such as BSD, where developers wrote the code more than a decade ago and have moved on, new teams will need to learn to master those systems. “That’s the only way we’re going to create a remediation path,” he said.
Lee said AI is likely to be able to fill in some of those gaps. “AI is the best COBOL programmer today,” he said. But humans still need to oversee the process, using AI but not autonomously. “You’re going to be using that and directing it as a human to go through and fix these things,” he said.
The Case for Philanthropic Hiring
One possible future that Pollard outlined will require that companies think outside of the box. He calls it “philanthropic hiring” – bringing in entry-level staff whose roles could theoretically be done by AI and investing in longer-term training and development.
The goal is building a bench of in-house talent that can be incentivized into staying instead of hiring more expensive, more experienced employees later.
“You are bringing them in to develop the next set of competencies for your organization so that in two years or five years, they might be contributing value,” Pollard said. “The reason you’re hiring those people now is so that you don’t have to try to get them from a competitor two to five years from now, and pay them even more, because there are so few of them available.”
Lee said security and tech leaders should consider leveraging AI transformation budgets to add cybersecurity resources. “I keep telling CISOs, go after that 15% of the budget that’s tied to risk and say, some of that should be ours,” Lee said.
He also pushed back on the assumption that AI will only eliminate roles. “I think it’s going to be a blast of new jobs,” he said, pointing to vulnerability operations as an emerging career path that didn’t exist before AI-driven discovery tools.
The Career Road to Nowhere
Even when organizations make the investment in developing junior talent, they could still lose them to opportunity elsewhere when there’s no clear career path available.
SANS found that 32% of companies said that having unclear career paths was an obstacle to hiring, up from 9% just last year. It was also the third-ranked retention obstacle, cited by 31%. Only 24% of companies said they had well-defined, clearly communicated career paths.
The way companies tend to promote and give raises complicates the issue. Lee said he regularly encounters employees who are hired into lower-level roles for $60,000 who go on to become valuable members of the team, but who leave because HR caps raises at 10%.
“I’m telling people, you got to quit the job and then come back and reapply for the same organization at the higher-paid job,” Lee said. In addition to the cost of turnover, the loss of institutional knowledge also matters. “The replacement cost of that individual and getting to the same point of usefulness is a lot more costly than a lot of people realize,” he said.
CIOs and CISOs who want to preserve the talent pipeline – and ensure that they have a strategy to keep their best people on staff – need to think strategically about how to structure their teams for the long haul.
Entry-level roles need to be redesigned for an AI-driven environment with new roles that combine the efficiencies and capabilities of AI and the practical knowledge that will help them understand how and why systems work. Career paths need to be structured, clear and documented, and structured mentorship needs to replace informal learning through repetition that practitioners used to get in the trenches.
And the work must be ongoing, France said.
“We have to employ entry-level people to keep the pipeline going,” he said. “But there’s a quid pro quo. When we bring them on, we train them, we give them opportunity to learn. It’s not one and done.”