SecurityNeal Weinberg at CSO Online surveyed how CISOs are preparing their security teams for an agentic AI future, drawing on practitioner perspectives from DXC, Accenture, Virgin Atlantic/Torq, SANS, and Fortra. I was quoted on the cognitive layer of the reskilling problem: what changes for SOC analysts when agents handle Tier 1 and Tier 2 work, and how CISOs should invest in training that builds the right kinds of judgment above the automation.
The core point: agentic AI does not eliminate SOC work, it relocates the analyst from inside the process to above it. When an agent triages 200 alerts and surfaces five for human review, the analyst’s task is no longer processing signals; it is assessing whether the agent’s reasoning was sound. That requires what I called “model intuition” in the piece, the ability to recognize when an output feels right but is structurally wrong. CISOs should treat that as a teachable skill, not a competence analysts will pick up on the job.
The second emphasis is on decision boundaries as first-class artifacts. What agents are permitted to do, and what they are explicitly not permitted to do (block production traffic, send external communication, reach into privileged systems), should be authored, versioned, and reviewed with the same discipline as incident response playbooks. Bounded authority is the operating model that lets agentic AI scale safely.
Quoted in CSO Online Read the full article →