Will AI Steal My Job? · Role analysis
Cybersecurity analysts protect organisations' computer systems, networks, and data from threats, attacks, and breaches. They monitor security systems, investigate incidents, conduct vulnerability assessments, implement security controls, and respond to active threats — working at the intersection of technical expertise and adversarial thinking to keep organisations secure.
Section 01
| Task | AI impact | Why |
|---|---|---|
| Monitor security alerts and triage incidents | 🟡 Changing | SIEM platforms and AI-powered security tools auto-correlate and prioritise alerts, dramatically reducing noise. But deciding which alerts represent genuine threats requires human judgment about context and attacker intent. |
| Conduct vulnerability assessments and penetration testing | 🟡 Changing | Automated scanning tools find known vulnerabilities quickly, but understanding their exploitability in a specific environment and chaining vulnerabilities creatively to demonstrate real risk requires skilled human attackers. |
| Investigate security incidents and analyse forensic evidence | 🟡 Changing | AI assists with log analysis and pattern recognition, but reconstructing an attacker's path through a network, understanding their objectives, and preserving forensic integrity requires experienced analyst judgment. |
| Write security reports and document findings | 🟡 Changing | AI tools draft technical report sections well, but the judgment about what findings matter most, how to present risk to different audiences, and what remediation to recommend requires professional experience. |
| Manage and configure security tools and platforms | 🟡 Changing | Security orchestration platforms automate many configuration tasks, but tuning detection rules, managing exceptions, and integrating new data sources into complex environments requires deep technical expertise. |
| Develop and maintain security policies and frameworks | 🟡 Changing | AI can draft policy text and map controls to frameworks, but designing security governance that fits the organisation's risk appetite, culture, and regulatory obligations requires business and legal understanding. |
| Respond to live security incidents and coordinate containment | 🟢 Safe | Incident response under pressure — containing an active breach, communicating with leadership, coordinating remediation across teams, and making real-time risk decisions — is irreducibly human crisis management work. |
| Conduct security awareness training and advise stakeholders | 🟢 Safe | Building a security culture — persuading colleagues, training non-technical staff, and advising executives on security risk — requires human communication, trust, and the ability to translate technical threat into business consequence. |
Section 02
Section 03