The Recomposition of Security Work: Roles, Expertise, and the Agentic SOC

A common theme across the majority of conversations I've been having recently is that of what happens to the security practitioners role and whether or not some jobs will survive AI and the autonomous agent revolution.

Product builders, startups and incumbents both, have similar concerns around how to build software that is unique, sustainable, manages to creatively solve a problem and is not easily replicated by one person with a Claude Code Max license. I think about this and about what the future might look like quite a bit. This is another blog post in itself but what I do know is that how we think about building software today is wrong; how it's consumed, deployed, managed, integrated all needs to change.

Back to the topic of discussion.  Major layoffs at Amazon, Oracle, Square and others has added to the anxiety that is so prevalent in these conversations. Recently, I heard the argument that equating the AI Revolution to the Industrial Revolution is flawed and I generally agree. The Industrial Revolution did impact farm and factory workers negatively, labor laws helped there, but new job categories and roles were also created. AI has the potential to replace roles or reduce the number of people required in others and not provide for the creation of new job categories. More than a little concerning to think about. You can't argue the impact of AI on technology roles regardless of vertical but it's not all negative, there is optimism too.

I can't speak to every discipline but in security operations I believe there is an transformational opportunity ahead of us that we need to embrace.

The transformation is not a threat to security expertise. It is the first technology in the industry's history with the potential to make security expertise the primary activity of security professionals, rather than a fraction of their time buried under volume work they were never able to handle at that scale.

When thinking through designs or ideas I like to write down my thoughts, whether it be on how the SOC evolves in the coming years (months?), what the web looks like in an agentic future (today?), as it helps me reason through problems. So I did the same here, got a bit carried away, and produced a small paper, with timelines, on what two possible outcomes might look like.

'The Recomposition of Security Work: Roles, Expertise, and the Agentic SOC' paper approaches the question of how certain roles either become obsolete or evolve, and what happens when that transformation is navigated well or badly, covers concerns about the deskilling of our teams as we automate tasks, something we've been attempting for years (I borrowed some ideas here from Eric Hulse, our Director of Research on the impact of MSSPs and MDRs), and how organizational and policy decisions will have a greater impact than technical ones. Those choices are not technologically complex but the are economically inconvenient and this is something that needs to be acknowledged and accounted for.

I will add that the document could be wrong in that the timelines I propose could be far shorter or longer, the impact of yet to be seen advances in AI are not accounted for, new technology adoption and implementation timelines will vary, legacy technologies will need to be accounted for, etc... all will have an impact to the evolution of the security professionals role and function.

You can find the paper 'here'. I'd love to hear any feedback you might have on it.

Dean