Everyone reading this works in a profession that didn’t exist in 1998.
“AI security” is roughly where computer security was in 1997, except the adoption curve is compressed and the threat surface is already active.
There was no “cybersecurity” career path when the internet became broadly commercial. There were system administrators who occasionally got told their network got hacked.
SANS – which stands for SysAdmin, Audit, Network, and Security – was founded in 1989 because those things were separate disciplines. The comma between “Network” and “Security” in that acronym is doing a lot of work.
Alan Paller didn’t create a security training organization. He created a cooperative for people who ran systems and networks and, oh by the way, also needed to protect them. Security was an afterthought with a comma.
The CISO title didn’t widely exist until the mid-2000s – roughly a decade after the commercial internet. US Cyber Command stood up in 2009. SOCs as a recognized function grew alongside it. We’re talking about a 15-to-20-year lag between a technology becoming real and a workforce structure forming around it. (I know, I know – we’re supposed to be faster now. Hold that thought.)
“Computer security” as a distinct field was born in the late 1990s. “AI security” is roughly where computer security was in 1997 – except the adoption curve is compressed and the threat surface is already active. Nation-state actors were using AI autonomously for cyber operations before most organizations had an AI security policy. That’s the gap we’re managing. (Cybersecurity took 15 years to build a workforce structure. We don’t get 15 years this time.)
The harder question isn’t about job titles or skill updates. It’s whether AI security is a new field – genuinely new – or just an extension of what we already do. My honest answer: I don’t know, and neither does anyone else. (That’s not a cop-out. That’s the actual epistemic situation we’re in.)
What I do know is that in 1998, you could not have mapped the CISO role, the SOC analyst career path, or Cyber Command’s organizational structure – because the field hadn’t defined what it needed yet. The problems weren’t clear enough to generate the roles.
AI security might end up as different from traditional cybersecurity as the FBI is from local police. Related institutions, shared history, completely different missions, different authorities, different skill profiles.
The FBI doesn’t do what a city detective does, even though both investigate crime. Five years from now, an AI security practitioner and a traditional cybersecurity practitioner may have as much overlap as a cardiologist and a radiologist – they work in the same hospital, they speak the same language, but you wouldn’t ask one to do the other’s job.
The field will define the roles. Not the other way around. We should stay open to that – including the possibility that the most important job in AI security in 2030 doesn’t have a name yet. (That’s not hand-wavy. That’s just how fields are born. We lived it once already.)
Hope you’re going to be in the room for the SANS AI Cybersecurity Summit, April 20-21. Expecting to sell out in a week. Get tickets booked and see the agenda here.
The photo above is from [un]prompted. You should read Gadi Evron‘s X recap post. And check out the NotebookLM from the con.
Rob T. Lee is Chief AI Officer, SANS Institute
Rob, the cardiologist/radiologist analogy holds, but it undersells the urgency. Two diverging talent pipelines that can't switch functions is manageable in medicine, where threats don't adapt. In security, adversaries already operate across both the traditional and AI surfaces simultaneously, and the detection logic debt compounds in both directions at once. If the field defines the roles rather than the other way around, what is the forcing function that tells us we have already waited too long to start defining them?