Eight Principles for Reskilling SOC Teams in the Age of Agentic AI

As organizations increasingly incorporate agentic AI into their cybersecurity operations, the implications for security leadership and workforce capabilities are profound. With threat landscapes evolving faster than human analysts can react, a growing cohort of Chief Information Security Officers (CISOs) is recognizing that traditional security practices must adapt swiftly to avoid falling behind their adversaries. The trend indicates a paradigm shift, where AI is not merely a tool but a fundamental component reshaping the security function itself.

Strategic Imperatives for CISOs in Adopting Agentic AI

Security leaders cannot afford to postpone integration of agentic AI; doing so introduces unnecessary risk, as adversaries leverage similar technologies at machine speed. Mike Baker, global CISO at DXC Technology, underscores the urgency for CISOs to embrace an agentic future, warning that the pace of human-based processes will no longer suffice. The reality is stark: inaction today could mean losing the advantage in tomorrow's cyber battles.

Damon McDougald, global cybersecurity services lead at Accenture, echoes this sentiment but emphasizes a proactive approach to retraining teams for this new landscape. His immersive journey, which included attending Anthropic boot camps and enrolling his team in similar training, highlights a key tactic: hands-on learning is vital for grounding security professionals in the capabilities of agentic AI.

Leadership Culture: Setting a New Tone

Central to the transformation is leadership that fosters a culture of innovation and experimentation. Baker advocates for a "fail fast and move forward" mindset, which means encouraging teams to engage with new technologies with an eye toward rapid iteration. This cultural shift is not merely about technology adoption; it signals a broader understanding of how security integrates with overall business objectives.

John White, formerly CISO at Virgin Atlantic and currently field CISO at Torq, illustrates this change through practical application. By allowing junior staff to explore agentic AI tools independently, he observed rapid skill development, effectively demonstrating that when given freedom and trust, even less experienced personnel can thrive and innovate.

Addressing Resistance: The Human Element in AI Adoption

Cultural pushback against AI technology is a notable barrier. Many security professionals harbor skepticism about AI's capabilities and fear job displacement, especially at roles traditionally occupied by Level 1 and Level 2 SOC analysts. Chris Cochran from SANS Institute articulates this resistance and emphasizes that organizations must address concerns while reinforcing the new opportunities AI presents. AI won’t eliminate roles; instead, it will evolve them, creating specializations like AI safety and AI governance.

For those hesitant about adopting AI, White's experiences at Virgin Atlantic serve as a case study. He observed initial resistance, but as team members directly engaged with the technology, their apprehensions transformed into excitement and a desire for new roles, particularly in automation workflow specialization. This points to a critical insight: when leaders provide the right learning environment, the outlook can shift dramatically.

Practical Approaches to Training and Hands-On Experience

One practical aspect of integrating agentic AI is creating environments for experimentation. Baker’s introduction of LabX at DXC offers security teams a secure platform to engage with and learn how to leverage agentic AI safely. Such initiatives are critical not just for technical skill-building but also for easing the transition to a tech-enhanced security landscape.

Equivalent training opportunities are emerging elsewhere, such as those provided by Accenture, which feature sandbox environments where professionals can interact with AI outputs, refine prompts, and learn through trial and error. McDougald’s approach emphasizes the necessity for structured training plans that prioritize hands-on time with true agentic capabilities, making it essential for CISOs to allocate resources for this purpose.

The Importance of Human Oversight in AI-Enriched Security

While agentic AI promises efficiency and speed, the human element remains indispensable. Cochran warns that AI systems are inherently non-deterministic, capable of error and deviation. Developing a governance framework that incorporates human oversight is critical. This includes defining escalation paths, establishing oversight capabilities, and creating audit trails to evaluate AI performance genuinely.

Baker stresses that while AI can assume roles in basic alert triage, human analysis is key at advanced investigation stages. This layered approach—where humans evaluate the AI outputs—ensures that security operations maintain a critical balance between automation and human judgment, preventing the risks that can arise from excessive reliance on AI.

Reimagining Workforce Structures in the Age of AI

Beyond individual roles, the structural dynamics of cybersecurity teams will inevitably change. With agentic systems taking over fundamental functions, a reevaluation of traditional hierarchies and role definitions is required. White notes that current security roles must evolve to reflect holistic capabilities rather than isolated disciplines. New hires should be prepared to navigate this transformed landscape where agentic AI influences their career trajectories from day one.

The transitional phase also provides an opportunity for existing staff to redefine their career paths. As previously clear hierarchies dissolve, unprecedented opportunities arise for professionals willing to adapt and embrace new methodologies and skillsets.

Conclusion: Preparing for an AI-Infused Future

The integration of agentic AI into cybersecurity is as much about mindset as it is about technology. Forward-thinking CISOs must equip their teams to engage with these tools while simultaneously addressing the cultural and organizational changes that accompany them. While the transition can be daunting, it drives resilience, efficiency, and innovative capacity within security functions. As the sector adapts to this new technological reality, the organizations that succeed will be those willing to take calculated risks today. It’s not merely about surviving; it’s about thriving in an era where AI redefines the boundaries of cybersecurity operations.