The Cyberman Show

Will AI Replace Cybersecurity Jobs? I Went Through the Data

Prashant Mishra

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 19:25

Send us Fan Mail

Everyone's asking the wrong question about AI and cybersecurity careers. The question isn't whether AI will replace you — it's which new jobs AI is creating that didn't exist two years ago.

In this episode, I break down the actual hiring data, funding signals, and vendor earnings to map exactly where the cybersecurity job market is heading. Entry-level SOC and GRC roles are shrinking — but overall postings are up 12%, with 514,000 active openings. AI created 10 entirely new security domains. Workers with AI skills earn a 56% wage premium. And $6.34 billion flowed into AI security startups last year alone.

If you're a SOC analyst or GRC professional, pay attention to the diagnostic at the 3-minute mark — it tells you exactly where your domain sits on the shrinking-stable-growing spectrum. If you're trying to break into cybersecurity, the segment at 7:30 shows you the five domains with the strongest entry-level demand right now.

I also unpack the Koi Signal — how a one-year-old startup got acquired for $400 million in a category that didn't have a name in 2023 — and what the Big 3 vendors' $33 billion acquisition spree tells you about where your next job is.

Models are to be used, not believed. Same goes for your career. Use AI. Don't fear it. Don't wait

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow 
Twitter handle https://twitter.com/prashant_cyber


PS: The views are my own and dont reflect any views from my employer.

Welcome And The AI Jobs Question

SPEAKER_00

Hey everyone, welcome to the Cyberman Show. Now I'm sure if you've been following AI, one of the most common things that people are discussing is is AI gonna replace my job? And I'm sure people in cybersecurity are wondering: will AI replace cybersecurity jobs? I think that's the wrong question. The right question is which new jobs is AI creating? Now what I did is I went through some data. I went through hiring data, funding data, earnings, workforce, studies, uh and the answer is much more interesting than the headlines. So it's not as simple. There is a 53% drop in tier one jobs in security operations. And I can validate this because I get a lot of CVs on LinkedIn from SOC analyst. There is approximate uh 25% drop in entry-level hiring at top 15 tech funds, uh tech funds globally, and uh 50% of 11 tasks will be automated by 2028 across all industries. But if you look at the full picture, there's a 12% increase in uh overall uh cybersecurity postings here on here. There is an active list of openings uh around over 500,000 globally, and then over six billion dollars have been raised in AI security funding, which is a new domain in 2025. And some of the reports are saying that there is a 56% wage premium for AI scale. So the real story is more interesting and more actionable, and that's why we are here. Okay. Now, what we have to do is we have to find our domain, we have to understand what's happening, and this will decide what happens in the next 18 months. So, as I said, there's a shrinking job role which includes SOC Tier 1, security architecture, admin level GRC, threat intelligence. We have to start pivoting now. We have to learn AI tools or move to a growing domain. Now, where it is bit stable and slowly shifting is vulnerability management, application security, and network security. We have to add AI skills on this side. This is actually growing is cloud security, data privacy, I am, penetration testing, IR, and digital forensics. Okay, now this is the right place. These are the hottest domains from cybersecurity perspective. Okay, now what we'll do is we will double-click on what I've just said. So let's take SOC and GRC where there's maximum impact. A company called Inteaser that claims that they have 98% accuracy in handling security incidents in security operations, and they can do triage in less than two minutes. Gartner says that 50% of L1 tasks will be automated by 2028. IBM says AI organization contain breaches 100 days faster in their recent breach report. And L1L2 roles are merging into a single tier tier. Remember, the role is not going, it's transforming. There's a new role, it's called AI augmented sock analyst, and if you look at the US job data, the salaries that are being offered are 85,000 to 120k. Similarly, what's happening is on the GRC side is that one 50% of enterprises have started using AI for compliance, which is up from 10% in 2021 as per Gartner. Okay, there's 62% efficiency improvement. Why? Because of automation, right? Things like data entry, report generation, control testing, evidence creation, it's getting uh automated. So admins are getting replaced, strategists are not. So there are new roles created called AI compliance specialists, and again the salary ranges in the US market are between 80k and 210k. Now, what is also getting affected in terms of uh domains is security architecture and then threat intelligence. Why? Because a lot of uh these jobs are now automated, they run on autopilot. Now, where is the demand exploding? Cloud security, IAM, data privacy, top three. But cloud security is the single best bet. There's a 77% skill gaps as per uh some of the reports. Now, whatever report I've mentioned, the in every slide that is there on my YouTube channel, you will find a link to this report. So I'm not making this out of thin air. I'm backed by data as I said previously. There's a 77% report skill gap in cloud security, that's your best bet. Uh cloud CNAP is a market, uh, it's growing uh from 5 billion to approximately 10 billion by 2030. And then similarly, I am there are 33,000 plus postings. Now, where the difference is NHIs, as per some of the cyber arc reports, non-human IDs out will outnumber humans by 82 is to one. For every human, there will be 82 non-human identities, and 78% of the organization don't have any AI identity policy. I'm sure you're understanding the pattern here. If you look at APSEC, similarly, 40% of co-pilot code suggestions have vulnerabilities as per reports, one security expert per 100 dev, that's the ratio today. More AI code, as we all know, everybody can be a builder now, means more app sec demand. Similarly, on data privacy, there's a 30% year-on-year demand increase, 68% more staff needed for AI governance, not fewer penetration testing. AI tools will create demand. We will have everyone creating software. Anything that is AI powered, which is pen testing GPTs, will make it easy for juniors or early in uh in the career uh folks to use these tools. Now there are acts coming. So example uh EU AI Act. It will drive new sort of compliance. Okay, and all this is structural in nature. Now remember this one line models are to be used, not to be believed. I'm repeating it again, models are to be used, not believed because AI doesn't know what it's doing in the context, right? So 29% of security teams trust AI to act independently. Okay, uh 80% witness unauthorized AI actions in the reports. Also, AI can triage 10,000 alerts, get 9998 right, but miss the two that matter. We as defenders have to be right every time. We can't trust AI. Now look at the anthropic. I I did this episode almost, I think, uh two weeks back. They came up with a report where they shared uh that Chinese state-sponsored group use cloud code for espionage. They targeted 30 large companies in September 2025. Okay, so AI is a powerful tool, but it doesn't understand intent, ethics, or business context. That's our job, that's what we will have to learn. Okay. Now, what I'm gonna do is I'm gonna show you some more stats about the new domains that are coming because of this. Now, let me tell you a story. Okay, so in 2024, three alumini of unit 8200 found a company called KOI Security. Now, if you don't know about unit 8200, just look it up, it's very interesting. Look at the founders and what they did. They raised 48 million dollars for Koei Security, 10 million seed and 13 million CDZ in Feb, Polo Auto Networks, Feb this year, Polo Auto Networks acquired KOI for 400 million dollars. It's an 8x return in one year. Now, if you look at the product, it works in securing AI agents for endpoint devices. It's a category we have never heard of. It is a new category, it didn't have a name two years back. So when a one-year-old startup gets 400 million for something nobody was thinking about in 2023, that's AI creating careers. Remember, AI is creating new careers, and it's not alone. A company called 7AI, look it up, uh raised largest cyber A round ever, 130 million dollars in CDZ. NOMA security raised 100 million dollars. This is 1300 ARR from stealth, right? And they are not outliers. This is a pattern, it's a pattern, remember that. Okay. Now there are new domains getting introduced. So there are domains like AIR teaming, quantum safe crypto, AI agent security didn't exist. Now, quantum safe crypto is directly not related to AI, but it is still cybersecurity, it is still a new domain. So let's look at AI red teaming. A EU AI Act wants you to be compliant by August 2026. There are penalties in millions of dollars or 7% of the revenue. And by the way, if you are using 1.5 million uh plus models, one of them on hugges, you need to test them. That's why this domain comes, right? So there are companies uh that are providing uh this kind of products. Now, every AI model that will be deployed will need security testing, and of course, there is a demand from compliance to get that done on time. Look at uh AI agent security. So 83% plan agent take AI, only 29% are ready to use it as per Cisco. I've already mentioned agent non-human IDs will outnumber humans. 82 is to one, as mentioned by CyberAc. And most of the or 92% of the uh legacy uh IM solutions don't handle AI. There is a risk. So any company that's deploying AI will need approach, strategy, people to secure these models, and nobody has that person. Looking at quantum safe crypto. So NIST finalized three PQC standards in 2024. Uh there's an attack called HarvestNow decrypt later, so that's very active. There's a migration happening, uh, so it's a crypto migration project from legacy, something that can be broken by uh the quantum computers have to be migrated, and there's a lot of uh jobs with multiple companies who are using cryptography, and everybody uses cryptography. Okay, now other domains that are created by AI AI sock platforms. Uh there are platforms like Torque that perform 95% auto uh resolution. A company called Drop Zone reported that their growth was 11x because of this technology. Another domain called agentic defense is there. There is another domain called agentic identity. This is for agents 82s to one data. Remember LLM security. This is a market that's gonna go by 1.98 billion dollar to or almost 6 billion dollar by 2029. You will need more roles three times as per reports, AI governance, AI penetration testing. Look at Pintera, it's valued at a billion dollars, and the demand is outpacing supply as per reports, AI software supply chain security or entire AI supply chain security. It's your number one risk now. In each of these new domains, you have new jobs that will come, new skills will be needed for that. If you look at where the money is going, look at three big ones. Um Google invested in a cloud security company called Webs, paid all over 32 billion dollars. Paulo Alto acquired CyberR for identity security, largest uh uh deal uh ever on identity 25 billion dollars. Cisco spent Splunk money on Splunk few years back for observability and convergence. The AI security funding that I've tracked is over six billion dollars in 2025 alone. 85 billion dollars have been invested in MA by the big three companies east killer, Palo Alto, CrowdStrike. Pentagon, which is a cybersecurity, uh which is the uh US body, US federal body, they have increased their budget to 15 billion dollars. I'm sure all other countries will follow. So ASPA reports that the the AI cyber market growth will uh go from 29 billion dollars to 224 billion dollars by 2020, uh 2032. Why so many so much money going into this sector, right? I like to follow money, I'm sure you have heard that in movies. We have to take these as these patterns and understand more. Let's do a double click on what Palo Alto CrowdStrike and this killer are doing. Palo Alto had a$2.3 billion quarter good business. They spent over$30 billion in MA. Their acquisitions include identity security, Chrome Sphere for observability, uh, SOC, so QRADAR, then AI security, protect AI, co-i security for agentic endpoint. This will create new jobs like platform architects, going after the theme of platform, AI SOC operators, identity engineers, CrowdStrike,$1 billion quarter, spent around$1.8 billion in MA. Acquired companies called Signal for Identity Security, Seraphic for browser security, adaptive shield for SaaS security, ONU for telemetry, and flow security for data security. Okay, Z Scalar, Red Canry for security operations, MDR, Square X for browser security, SPLX for AI security, Avalr for Mesh. Okay. Now this all these companies, all these acquisitions will create new sort of jobs. Every time there is an acquisition, there is a new job category that gets impacted, or existing job category gets transformed in time. Okay. Also, if you look at the uh job data, what I found is that skill set is a global problem. Okay, there are 4.8 uh million unfilled cybersecurity positions globally. 84% of the or 88% of the organizations had security even due to skill shortages, and now 64% of the postings require AIML skills in cyber. Okay, look at India. 1.5 million uh people needed by 2027, South Korea. Uh there is a gap of 77%, so they need around 31,000 people. UK uh there is a 49% skill gap, 11k uh additional professionals needed. Okay, Middle East uh there are 150k plus uh jobs across Middle East that are posted. So software engineering jobs are down, cyber security are up by 12%. Remember, every AI deployment in any shape or form will need security engineers, people who understand AI and the cybersecurity uh convergence. So it's a structural demand mode. Okay. Now, what what do you have to do now? So, one review yourself, get into diagnostic mode. If you're in a shrinking domain, as I mentioned in the past, start moving today. Okay, pick one AI scale, learn it in 30 days. Uh most postings require it. 60 per 64% of the postings require it. If you are at entry level, focus on cloud security, I am data privacy, penetration testing, I depending on what you're uh understanding it. It's skip the traditional 11 sock role uh knowledge for now. Okay, go ahead and learn it, but don't rely on it. Keep following the money, understand where the money is going, uh, new categories. And if you are a C SO by the web skill, your current team on AI tools before posting another junior analyst uh role that AI can do in two minutes. AI does not replace you. Someone who uses AI better is gonna replace you. That's the key thing. So the bottom line is stop asking will AI replace security jobs. Start asking what skills do I need for domains that AI is creating. Keep learning, keep going. I'll see you in the next one.