Can You Please Train the AI on Your Way Out the Door?

#1737135: Can You Please Train the AI on Your Way Out the Door?

Description:	There's no doubt that AI will displace some portion of current knowledge workers, including in cybersecurity. But if it can displace all of them, how do businesses differentiate? Will cybersecurity become commoditized by everyone using the same LLMs? Scanning the map isn't securing the territory The scariest application security problems aren't in the code, they're in the assumptions between components. The identity providers, the service-to-service auth, and the legacy endpoint that sidesteps your permission model, as discussed on the r/cybersecurity on Reddit. Scanners don't see any of that. What AI is doing right now isn't solving those harder problems. It's clearing the false-positive backlog that was eating up human hours, freeing people up to do the work machines can't yet handle. That's progress worth taking seriously. CFOs don't fund faith Building a quantified risk model has helped some CISOs walk out of a board meeting with a budget increase. Adrian S., CISO, ShiftKey shared his own success with that. But security isn't the only department that has to justify itself. When was the last time someone calculated the ROI on the receptionist? The harder question is whether quantification moves the needle or just changes the aesthetics of the ask. Risk quantification is the gold standard... in theory. In practice, someone can always find the seam in your numbers. A clear story about trade-offs, told to someone who understands what else is competing for that budget, may land just as well. The CFO, comparing your security request to a $17 million piece of equipment that keeps the factory running, needs context, not a formula. What your AI inherits When a CEO announces that AI can replace their workforce, they're admitting their business never had much of a core to begin with. When every competitor runs the same models, you've got a commodity business with a margin problem, said Dave Edwards of Artificiality. Humans have been displaced by new technology before, and the workforce adapted each time. But security is a harder case. AI can triage alerts, cut through noise, and document what analysts need to act on. What it can't do is pick up the phone, read a situation sideways, or know which anomaly feels wrong when the logs say everything's fine. If the people carrying that institutional knowledge walk out, your AI inherits the playbooks, but not their judgment. Nobody owns the gap A cooling tower fails to drain before a freeze. A chiller plant shuts down. Ninety percent of global derivatives trading goes offline. This scenario can happen without an attack, because nobody owns the space between cyber and physical infrastructure, argued Ed Walters of Alpha Origin. Cyber says operational technology or OT isn't their domain. Facilities says it's a security problem. The CISO reports risk. The vp of operations reports uptime. The exposure lives exactly where those two conversations never meet. Legacy hardware runs for decades because replacement means downtime no one will authorize. The systems most critical to protect are the ones least tolerant of the controls designed to protect them. Someone has to own resilience. The practical test is simple: when something breaks, who does the CEO call? That person owns it, whether the org chart says so or not.
More info:	https://www.linkedin.com/pulse/can-you-please-train-ai-your-way-out-door-cisoseries-wwtxc/

Description:

There's no doubt that AI will displace some portion of current knowledge workers, including in cybersecurity. But if it can displace all of them, how do businesses differentiate? Will cybersecurity become commoditized by everyone using the same LLMs?

Scanning the map isn't securing the territory
The scariest application security problems aren't in the code, they're in the assumptions between components. The identity providers, the service-to-service auth, and the legacy endpoint that sidesteps your permission model, as discussed on the r/cybersecurity on Reddit. Scanners don't see any of that. What AI is doing right now isn't solving those harder problems. It's clearing the false-positive backlog that was eating up human hours, freeing people up to do the work machines can't yet handle. That's progress worth taking seriously.

CFOs don't fund faith
Building a quantified risk model has helped some CISOs walk out of a board meeting with a budget increase. Adrian S., CISO, ShiftKey shared his own success with that. But security isn't the only department that has to justify itself. When was the last time someone calculated the ROI on the receptionist? The harder question is whether quantification moves the needle or just changes the aesthetics of the ask. Risk quantification is the gold standard... in theory. In practice, someone can always find the seam in your numbers. A clear story about trade-offs, told to someone who understands what else is competing for that budget, may land just as well. The CFO, comparing your security request to a $17 million piece of equipment that keeps the factory running, needs context, not a formula.

What your AI inherits
When a CEO announces that AI can replace their workforce, they're admitting their business never had much of a core to begin with. When every competitor runs the same models, you've got a commodity business with a margin problem, said Dave Edwards of Artificiality. Humans have been displaced by new technology before, and the workforce adapted each time. But security is a harder case. AI can triage alerts, cut through noise, and document what analysts need to act on. What it can't do is pick up the phone, read a situation sideways, or know which anomaly feels wrong when the logs say everything's fine. If the people carrying that institutional knowledge walk out, your AI inherits the playbooks, but not their judgment.

Nobody owns the gap
A cooling tower fails to drain before a freeze. A chiller plant shuts down. Ninety percent of global derivatives trading goes offline. This scenario can happen without an attack, because nobody owns the space between cyber and physical infrastructure, argued Ed Walters of Alpha Origin. Cyber says operational technology or OT isn't their domain. Facilities says it's a security problem. The CISO reports risk. The vp of operations reports uptime. The exposure lives exactly where those two conversations never meet. Legacy hardware runs for decades because replacement means downtime no one will authorize. The systems most critical to protect are the ones least tolerant of the controls designed to protect them. Someone has to own resilience. The practical test is simple: when something breaks, who does the CEO call? That person owns it, whether the org chart says so or not.

More info:

https://www.linkedin.com/pulse/can-you-please-train-ai-your-way-out-door-cisoseries-wwtxc/

Date added	May 12, 2026, 11:01 p.m.
Source	Linkedin
Subjects	AI/ML - Artificial Intelligence / Machine Learning / GenAI / Artificial General Intelligence - AGI - Various PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Security Management/Strategic Security/ROI/ROSI - CISO and Higher Level