Infrastructure Security

The Safe Workforce Challenge: A Deep Problem That Hiring Cannot Solve

After introducing AI automation, if security teams still adhere to the old organizational structure, it will lead to improved efficiency but reduced resilience, resulting in 'expertise debt'. This article analyzes three different types of security work and provides recommendations for enterprises.

Introduction

Most security leaders have done the logical thing: bring AI into security operations, automate alert queues, inject machine learning into vulnerability management pipelines, and integrate AI into SIEMs. Immediate gains are clear—response times shorten, routine tasks accelerate, and analysts can devote more energy to tasks requiring deep thought. Yet team structures often remain unchanged. This disconnect is creating a security workforce problem that hiring cannot solve: organizations often layer automation on top of existing team structures instead of redesigning around a new division of labor between humans and machines. The result can be efficiency gains without increased resilience, and increased capacity without clear expert development pathways.

Event Overview

In 2025, as AI security tools have matured, Dexian CEO Maruf Ahmed wrote in Cybersecurity Insiders that many security teams' operating models remain stuck in the pre-automation era. Security leaders see improved dashboard metrics and more tasks processed, yet feel that overall team capability has not significantly strengthened. Senior analysts spend considerable time reviewing machine-generated outputs rather than conducting deep investigations that their experience should support; junior analysts move quickly through automated workflows but fail to gain enough practical context to develop pattern recognition skills and independent judgment.

Technology and Risk Analysis

The article distinguishes three types of tasks typically grouped under the label "analyst work":

1. Tasks that can be automation-led: Routine enrichment, repetitive correlation, initial prioritization. Technology can complete these faster and more consistently than humans. 2. Tasks requiring human validation of machine output: Reviewing automated classification decisions, checking if severity scores match broader business context, judging whether recommendations are reasonable based on available facts. 3. Tasks requiring deep human leadership: Complex investigations, threat modeling, adversarial reasoning, incident response decisions, business-impacting judgments. These rely on experience, context, skepticism, and the ability to recognize that familiar signals may imply different meanings.

These three types of work are fundamentally different, requiring different skills, experience levels, and career paths. Yet many teams still have the same people switching among all three, depending on what comes next in the queue. This approach forces senior analysts to spend significant time validating routine outputs that lower-level staff could handle, while junior analysts move rapidly through automated processes without sufficient context, failing to recognize when system recommendations are unreasonable.

Enterprise Impact Analysis

From an enterprise perspective, this mismatch brings multiple risks:

  • Inefficient Talent Utilization: Highly paid senior personnel performing low-value tasks leads to resource waste.
  • Expertise Debt: Organizations seem to handle daily tasks more easily but increasingly neglect building the judgment needed for the future. Over the long term, key positions will experience a gap in experience.
  • Reduced Operational Resilience: When automated systems produce false positives or face novel attacks, teams lacking deep experience struggle to respond correctly.
  • Compliance and Brand Risk: Delays caused by judgment errors in security incident response can increase compliance costs and damage reputation.

Industry Trend Observations

Ahmed's perspective echoes broader industry trends. The security workforce shortage has long existed, but many organizations respond by "hiring more + deploying more automation" rather than rethinking work architecture. As AI continues to penetrate security operations (Gartner predicts that by 2027 nearly 60% of alerts will be handled by automation), simply adding manpower cannot resolve the capability mismatch. The industry is shifting from the "automation overlay" phase to a "human-machine collaboration redesign" phase—this requires CISOs to redefine analyst roles, skill requirements, and career development paths.

Defense and Response Recommendations

Enterprises can take the following measures to address this structural workforce issue:

1. Redesign Team Structure: Separate responsibilities based on three types of work, establishing clear hierarchies and escalation standards. For example, assign routine verification tasks to junior analysts or automation, while senior analysts focus on deep investigations. 2. Establish Expertise Development Mechanisms: Design training programs that allow junior analysts, with the aid of automation, to still encounter real threat scenarios and gradually accumulate judgment. Rotations, simulation exercises, and red team experience can all help. 3. Adjust Performance Metrics: Not only measure throughput (e.g., number of alerts closed), but also focus on long-term indicators such as team capability improvement, judgment accuracy, and innovation contributions. 4. Invest in Explainable AI: Ensure automated systems can explain the basis for their conclusions to humans, facilitating verification and learning. 5. Regularly Audit Human-Machine Division of Labor: Quarterly, assess which tasks can be further automated and which should remain manual, adjusting based on changes in the threat landscape.

SecurityPost InsightThe labor discussion in the security industry has long been trapped in surface-level narratives of "talent gap" and "insufficient certification." An article by Dexian CEO Maruf Ahmed reminds us that the deeper issue lies in organizational design—when AI and automation take on more and more operational tasks, we have not simultaneously restructured the role of "people." This is not only an efficiency issue but also a capability inheritance issue. If enterprises continue to run new tools with old architectures, they will invisibly accumulate expertise debt. In the future, true competitiveness will not come from how many security tools one possesses, but from how organizations redefine work around human-machine collaboration, cultivate judgment, and organically combine human intelligence with machine speed. CISOs should elevate workforce architecture design to a strategic level equal to security architecture.

*Source: Maruf Ahmed, "The Security Workforce Problem That Hiring Won’t Fix," Cybersecurity Insiders. Original link*

Evidence route · securitypost

securitypost frames this note through Security Post publishes defensive cybersecurity intelligence for enterprise security leaders, covering thre.... Threat Briefing / Enterprise Security / AI & Cybersecurity explains the local editorial angle: Source links should be opened before the summary is reused. dates, names and status changes still need checking.

Source URL

  1. https://www.cybersecurity-insiders.com/the-security-workforce-problem-that-hiring-wont-fix/Primary

Related articles

Back to channel