ISC2 Insights talked with chief security evangelist and advisory CISO at Segura Joseph Carson, CISSP, about the technical and operational disruption resulting from the rapid adoption of AI tools and technologies within cybersecurity and more broadly in organizations.

Expanding on a talk he delivered at ISC2 Security Congress, Carson discussed areas including the impact of automation on tasks, careers and traditional cybersecurity roles, AI tools and code generation repeating errors and vulnerabilities, as well as how AI is being leveraged at scale for phishing, social engineering and more.

 

Balancing AI Adoption With People and Their Skills

A major theme of the discussion was the effect of AI on jobs and workforce development. Carson noted that many traditional roles will change significantly and some may disappear altogether, while entirely new professions will emerge. Carson said that workers will need to retrain multiple times throughout their careers, with skills such as prompt engineering becoming increasingly important. He emphasized that organizations and society must prepare for continual adaptation rather than expecting lifelong careers in a single role.

The conversation also highlighted the importance of ethical and responsible AI adoption. Carson drew on his experience contributing to discussions around the EU AI Act, noting that AI should be implemented using a risk-based approach, similar to lessons learned from GDPR. He warned against using AI simply to replace employees, particularly junior staff, as this could eliminate future talent pipelines. Instead, organizations should focus on using AI to augment human capabilities, making employees more efficient and effective while retaining human expertise.

Security is another key area of concern. Carson argued that organizations must protect AI systems just as they protect other critical assets. This would include applying principles such as least-privilege access, strong authentication, authorization controls and zero trust security models. As AI systems gain access to sensitive information and business processes, maintaining control over these systems becomes essential.

As AI systems begin making more decisions independently, questions are arising around accountability, transparency, explainability and regulation. Carson believes that humans must remain accountable for decisions delegated to AI and that organisations should introduce AI gradually, maintaining oversight and clear control mechanisms. His advice for organisations is to focus on developing comprehensive AI strategies, governance policies, risk profiles and, ultimately, adopt AI at a pace that allows humans to remain firmly in control.

Related Insights