The Skills Gap in Cybersecurity: Can AI Bridge the Divide?
According to a 2024 report by Fortinet, the lack of qualified IT professionals stands out as one of the top three reasons behind cybersecurity incidents within organizations. This ongoing skills shortage has become a critical concern for businesses worldwide, prompting the industry to seek innovative solutions to mitigate its impact.
Recruiting new cybersecurity talent is increasingly complicated. The pool of qualified candidates is shrinking, and retaining existing skilled staff proves equally challenging. As this issue persists, technological advancements—particularly in the realm of artificial intelligence—offer promising avenues. Generative AI (or GenAI) has demonstrated its potential to significantly enhance cybersecurity operations by automating repetitive tasks, enabling better correlation of threat data, and providing rapid corrective measures. This shift is resulting in improved efficiency and effectiveness within Security Operations Centers (SOCs), leading to a more responsive and resilient security posture.
Certainly, the integration of AI into cybersecurity workflows raises the question: can it truly fill the skills gap faced by organizations?
Human Oversight Remains Essential
Two major trends shed light on the current landscape of cybersecurity staffing and technology adoption. Firstly, the difficulty in recruiting cybersecurity professionals is coupled with the challenge of maintaining their retention. Secondly, the emergence and integration of generative AI into security platforms are already underway, transforming how teams operate.
For example, AI systems can now interpret detailed, handwritten network architecture diagrams and automatically generate instruction sequences that are directly deployable on firewalls located in data centers or remote sites. This capability streamlines the deployment process, reduces manual effort, and minimizes errors.
When configuring network settings, if certain links fail to deliver expected services, generative AI can propose troubleshooting plans. It can autonomously reorganize network connections, maintain an up-to-date view of the network’s state, and suggest optimized solutions. This intelligent assistance reduces downtime and enhances operational continuity.
Given the complexity involved in harmonizing security policies across intricate infrastructures, the time saved and the consistency gained are truly significant. AI-driven automation helps reduce syntactic errors, provides clear documentation, adapts models to specific environments, updates IP addresses as needed, and verifies administrative privileges. These capabilities lead to tangible improvements in the working conditions and overall efficiency of SOC teams.
Will AI-Eliminate the Need for Traditional Recruitment?
While AI excels at executing tactical responses based on pre-existing rules, strategic decisions—such as defining overarching security policies, assessing risk tolerance, and evaluating threat evolution—still require human expertise and intuition. Analyzing new threats, understanding their potential impacts, and designing innovative countermeasures continue to rely heavily on human judgment.
Moreover, activities such as user training, experience sharing, and collaborative problem-solving happen within operational teams and security leadership, often through face-to-face exchanges. Daily, cybersecurity teams focus on what they do best: rethinking infrastructure topology, optimizing processes, and enhancing overall operational performance.
Redefining Roles and Job Descriptions
As AI helps teams delegate repetitive or highly technical tasks—such as manual documentation, configuration adjustments for SD-WAN setups, or scripting—time previously spent on these activities can be invested in higher-value initiatives. For instance, the workforce can focus more on strategic planning, threat hunting, or developing innovative security solutions.
Consequently, future SOC job descriptions are expected to shift away from requiring purely technical skills like advanced command-line scripting or deep programming knowledge. Instead, they will prioritize skills related to strategic thinking, coordination, and communication. This evolution opens the door for candidates with broader backgrounds—perhaps with less traditional cybersecurity experience but strong interpersonal and leadership qualities.
The security leader of tomorrow will be a perceptive influencer who can champion cybersecurity awareness across the entire organization and mobilize resources beyond just technical teams. These leaders will serve as bridges between security and business units, promoting a security-conscious culture that is integrated into daily operations.
Organizations can also leverage internal talent who understand corporate culture and have familiarity with internal systems. Their involvement in decision-making and participation in meetings foster greater trust, making the adoption of new security measures smoother, more comprehensible, and more effective.
Is the Perfect Candidate an Illusion? Not a Problem
This focus on internal development and utilizing existing talent pools simplifies recruitment efforts and broadens the scope of qualified candidates, including generalists who may not have traditionally worked in cybersecurity. The perception that only specialists can excel in security roles becomes less relevant.
In the next five years, artificial intelligence will not replace cybersecurity professionals. Instead, those in leadership roles who learn to harness AI effectively to address their challenges are likely to become more efficient, innovative, and impactful than their counterparts who do not adapt.
*Alain Sanchez, EMEA Field CISO at Fortinet
