In this edition of C2 Corner—a blog series where we spotlight sharp minds in security—I’m joined by Nick Goulding, a seasoned leader in Cyber Threat Intelligence (CTI) and Security Operations Center (SOC) operations who recently led the Cyber Fusion Center at Carrier.
Let’s Talk Artificial Intelligence
There’s no denying that Artificial intelligence (AI) is a hot topic within the industry, and it’s rightly so. We’ve only just scratched the surface, but in its infancy, AI has already allowed organizations and casual users to accomplish some amazing things. However, like any new technology, it also introduces new types of risk such as data privacy concerns, intellectual property disputes, and especially for many industries—job disruption.
Do cybersecurity practitioners have to worry about AI taking their jobs away? Nick suggests this isn’t the case. Here’s his compelling argument for why AI won’t replace analysts—but instead raise the bar for them.
AI + SOC = Transformation
By Nick Goulding
There’s no getting around the AI boogeyman these days. The idea that artificial intelligence will replace SOC analysts—especially entry-level L1s—is gaining serious traction in some circles. However, I want to make it known that this is a misguided assessment.
We’ve already seen this form of fear before.
Did mathematicians disappear with the invention of calculators? No. Architects didn’t vanish when Computer-Aided Design (CAD) software entered the scene. Teachers didn’t become obsolete with the rise of online curriculums.
In every profession, technology transforms the work; it doesn’t eliminate it. It instead enhances the capabilities of the workforce, broadens their scope, and elevates their impact. And that’s exactly what AI is going to do for cybersecurity operations.
Frankly, it’s already happening. My daughter is crushing math problems that I couldn’t solve until college—and it’s all thanks to an educational system that is embracing technology, not fearing it.
The SOC of the Future: The New L1 Analyst
We cannot deny that AI will be deeply integrated into cybersecurity operations. But the discussion involving AI and cybersecurity shouldn’t be about it replacing people. It should be focused on how people are using automation to be better, faster, and smarter at their jobs.
Using AI-assisted platforms like Abstract, L1s can run detections powered by AI, interpret threat data in natural language using ASSE, and move beyond triage into active threat validation. Additionally, it can enable new analysts to operationalize threat intelligence and correlate across telemetry with no scripting or tuning needed.
Leveraging this kind of technology, tomorrow’s L1 SOC analyst won’t just reset passwords or escalate every ticket upstream. Instead, they’ll be able to:
- Conduct initial static malware analysis
- Collaborate with AI to draft and implement remediation plans
- Build and iterate automated playbooks to handle repetitive tasks
- Use natural language interfaces to rapidly query security data
In short: L1s leveraging AI will do the work that today’s L2 analysts are often responsible for. And this shift will cascade upwards. L2s will stretch into L3 territory. L3s will evolve into advanced threat analysts, incident responders, and forensics experts. This is a necessary evolution because attackers are evolving too.
Attackers are Already Using AI
According to the Harvard Business Review, attackers have begun leveraging AI to supercharge phishing attacks, with success rates rising to as high as 62%. Not only are they getting harder to spot using AI, but they are also becoming much cheaper, which allows attackers to increase the scale of their attacks.
Research from IBM X-Force and the Oxford Internet Institute reinforces this, showing a 95% reduction in cost for spear phishing attacks when AI is involved. This means more attacks at better quality, at a fraction of the cost. So how do we keep up?
How Abstract Security Helps Security Teams Keep Up
By Chris Camacho, Co-Founder & COO at Abstract Security
Fighting AI with AI is only part of the equation. The real answer is AI guided by professionals and practitioners. That’s where security platforms like Abstract come in.
Here’s how Abstract Security is helping to tip the balance:
- AI-powered data streaming platform: Eliminate noise by focusing on the alerts that matter. Detect threats faster with a streaming-first approach.
- Optimized storage management: Smart tiering of log data (hot, warm, cold) cuts costs and ensures relevant data is always available.
- Natural language queries: Say goodbye to memorizing cryptic syntax. Instead just say things normally like, “Show me inbound IP traffic from Russia” and get an answer instantly.
- Integrated detection rules: Use pre-built and custom rules that combine machine learning and expert logic to surface meaningful correlations automatically.
We Need Cybersecurity Pros More Than Ever
Nick is right, the idea that AI will replace SOC analysts is not just misguided and wrong—it’s dangerous. Eliminating L1s would dismantle our talent pipeline. Instead, we should be reimaging what an L1 analyst can be and then give them the tools and training to grow.
AI isn’t going anywhere. Neither are security experts. The future belongs to those who adapt, integrate, and lead. Even attackers have recognized the power of harnessing AI. Now, it’s our turn. Let’s build a SOC that isn’t afraid of the future.
Many thanks to Nick for sharing his vision on the next-gen SOC. If any of our readers are hiring for a security leadership role, please connect with Nick. If you’re looking to contribute your voice to C2 Corner, drop me a note.
About Nick Goulding
Nick Goulding is a Cyber Security Leader with 18 years of experience specializing in Cyber Threat Intelligence, Threat Hunting, Detection Engineering, SOC/IR, Insider Threat, and Attack Surface Management.