David Etue is Chief Strategy Officer of Cyberbit and a Senior Fellow at the National Security Institute’s Cyber and Technology Center.getty​We are still early in AI’s impact on the security operations center (SOC), yet it is already modifying how we work. The forthcoming changes in the technology stack will be profound, and so will the changes to people and roles. To address this future, you need a strategic plan for your team—and a strong partnership with people strategy to implement it.The SOC’s mission is to detect and respond faster than its adversaries, using a combination of automation and human expertise. AI will be a crucial evolution from rules-based automation, but it is not AI for AI’s sake.AI changes the SOC structure from a pyramid to a diamond.For 20 or more years, SOCs have been stratified in a pyramid model with tiers 1, 2 and 3. The AI-enabled SOC will disrupt this model, requiring changes in roles, talent sourcing, career paths, technical skills and training. The predominant discussion today is “AI will replace tier 1s,” which is imprecise and likely incorrect. Yes, junior roles will reduce significantly and shift their focus from tasks to skills, but AI replaces tasks, not people. Every role will evolve accordingly.With this shift, I believe the SOC will move from a pyramid to a diamond: fewer, more capable juniors, a stronger mid-tier and a small group of critical seniors. Security leaders will remain responsible for skills and governance, while every role will change to implement, improve or govern AI.AI changes role descriptions, not just headcount.The size and maturity of your SOC team will have a material impact on your technology approach and, therefore, your people. Small SOC teams will primarily be dependent on AI solutions from cybersecurity and technology providers. Large SOC teams with detection-engineering and threat-hunting teams can implement their own solutions, requiring more AI technical skills and build-versus-buy analysis. While the current hype cycle is focused on generative AI with LLMs, understanding all of AI, and not just LLMs, is critical to success. Generative AI, machine learning, NLP and AI agents will all play a role in the SOC.Apply automation thinking across the SOC.Today, the output of a mature threat-hunting team centers on detections. Finding the attack matters, but ensuring it can be detected repeatedly is what enables scale.Going forward, we need that same mindset for tasks. When a mid-tier or senior analyst completes a task, the next step is to evaluate whether it should be automated and then implement it or partner with someone to make it happen. This is how AI becomes embedded into operations, not just layered on top.Rethink talent development.These changes require rethinking how SOCs create, recruit and retain talent.How do most SOCs get tier 3s and threat hunters today? They grow them from tier 1s! Without a robust industry-wide tier 1 pool, I believe talent may become scarcer, but potentially more durable. With fewer junior roles, attracting, developing and retaining talent will become critical, and mentorship will become essential to building senior talent. Training investments can help you create and sustain skills. Recruiting will then expand into adjacent roles like IT operations, intelligence and DevOps/SRE, while tier 1 will evolve into an apprenticeship model, not just a path to tier 2.This shift affects every role. In high-performing SOCs, technical excellence will be the cost of admission, while hands-on training, mentorship and team-based exercises will grow in importance. Everyone needs to practice and learn how to work in conjunction with AI. Soft skills are critical to success, even more so when it comes to AI transformation. Experiment and adopt now.The best way to learn and make progress is by experimentation. If you wait for the technology stack to transform completely before you start, you’ll be behind the adversary and have a team that is poorly architected to orchestrate it.AI capabilities are available from a variety of sources, including cybersecurity vendors, AI providers and open-source projects. Based on the size and capabilities of your team, it's key to understand your options. Beyond experimenting to learn AI, you also need to enable velocity. Too many teams focus only on technical “speeds and feeds” when defending against AI-enabled adversaries. Adversaries innovate daily, and the SOCs that can experiment, learn and implement quickly may have a significant advantage. Redefine roles and build AI-ready SOCs today.The AI-enabled SOC won't lack humans, but their roles will change significantly. Start by thinking in terms of outcomes versus tasks.Thinking back at my time with Rapid7, when I led the managed services SOCs, we evolved roles from tiers to functions—spotters, defenders and hunters. Looking forward, I can see a similar shift happening where SOCs will include apprentices, validators, automators, governors, integrators, playbook owners and more. The larger your organization, the more opportunities for specialization.To vet their current position, security leaders should answer a few critical questions: • Who owns the playbooks and processes?• Who owns talent and skill development?• Who owns architecture and technology decisions for the AI control plane? • Who defines the boundaries of what an agent can access?• When is a human-in-the-loop needed, and what skill set is required of them?• Who owns identifying and learning from AI failures? No organization will get these answers right the first time. That is expected. What matters is starting. My advice to security leaders seeking to build an AI-enabled SOC is to take these three immediate steps:• Assess your current roles and workflows. Identify where tasks are repetitive, where decisions are critical and where AI can augment (not replace!) human expertise.• Invest in skills, not just tools. Develop both technical and soft skills across your team, with a focus on working effectively alongside AI.• Define ownership and governance early. Clarify who owns automation, AI governance, data access boundaries and continuous improvement.Revisit these decisions regularly—at the very least, annually—as both technologies and threats evolve relentlessly.The AI-enabled SOC is not a future concept. It is already taking shape. The organizations that want to succeed must align people, roles and skills to make it work.​Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?