AI is rapidly transforming how enterprises operate, fuelled by executive mandates and the drive for breakthrough productivity and innovation. Yet, as organizations race to embed AI across their business, cybersecurity teams are struggling to keep pace.
According to a Gartner survey, only 17 percent of cybersecurity professionals believe their teams have the talent needed to support AI initiatives. This gap is widening just as cybersecurity leaders face mounting pressure—not only to leverage AI for operational efficiency but also to secure the AI-driven products and platforms being adopted across their organizations. This accelerating shift demands a fundamental recalibration of cybersecurity skills and roles.
The most forward-thinking CISOs recognize that their teams must simultaneously enable enterprise AI ambitions and upskill to harness AI’s potential for defending the organization.
The cornerstone of this transformation is building foundational AI literacy across every level of the security function. When cybersecurity professionals understand what AI is, how it works and its limitations, organizations are better equipped to make risk-aware decisions and respond quickly as new threats emerge. Developing this literacy sets the stage for deeper proficiency—empowering security teams not just to keep up with change but lead it.
CISOs can take strategic steps to develop an AI-ready cybersecurity team. This will empower their teams to support enterprise AI initiatives while proactively managing new risks and seizing emerging opportunities.
Step 1: Boost AI Proficiency with Structured Learning
To ensure your cybersecurity team can apply AI concepts in real-world scenarios, CISOs must adopt a structured, hands-on approach to building AI proficiency and closing any gaps. The first step is to distinguish between AI literacy—a basic understanding of concepts relevant to all cybersecurity roles—and true proficiency, which means being able to use, evaluate and even improve AI tools as part of daily work.
A well-rounded approach combines multiple training methods that blend theory with practice. Vendor-led training can help teams maximize the value of existing AI-enabled security tools. Likewise, hands-on labs and controlled simulations provide opportunities for staff to experiment with new technologies in a safe environment—building both confidence and practical problem-solving skills along the way.
Additionally, leveraging open-source resources gives security teams access to cutting-edge tools and techniques at little or no cost. Encouraging cross-functional training with data stewards or IT colleagues broadens perspectives across disciplines while fostering stronger collaboration within the organization. Regular assessment of team progress is also essential so that training can be adapted as technologies evolve—ensuring skills remain current in an ever-changing threat landscape.
By taking this structured approach, combining foundational literacy with practical experience, CISOs can empower cybersecurity teams not only to support enterprise-wide adoption of AI but also proactively manage new risks as they emerge.
Step 2: Tailor AI Skills Development to Different Cybersecurity Roles and Use Cases
AI proficiency is not a one-size-fits-all goal. The skills required by security teams will vary by role, maturity level and the specific challenges an organization faces. If AI training is treated as generic or applied uniformly, organizations risk wasting resources and failing to address the most urgent gaps.
Leading organizations recognize that a cloud security architect, SOC manager, GRC manager and security engineer each require a different mix of AI knowledge and hands-on ability. For example, a SOC manager may need to master anomaly detection and machine learning for threat response, while a GRC manager will benefit more from prompt engineering and understanding AI’s impact on compliance and policy.
When enterprises tailor skills development to each role, they empower their teams to use AI tools more effectively, improve job satisfaction and reduce the risk of critical oversights. This approach also enables enterprisesto create a more dynamic, adaptable workforce that can keep pace with rapid changes in technology and threat landscapes.
Step 3: Establish Continuous Education and Experiential Learning
As new threats and technologies emerge, the skills of cybersecurity teams can quickly become outdated. To maintain a strong security posture, organizations must foster a culture of continuous education and experiential learning. This approach ensures that cybersecurity professionals remain adaptable, engaged and prepared to drive both protection and innovation in an AI-enabled environment.
Continuous development begins with regular assessment of team skill sets to identify gaps and determine if new capabilities are needed at beginner, intermediate or advanced levels. Leveraging open-source platforms allows organizations to align proficiency levels with evolving needs while utilizing established frameworks such as the NICE Workforce Framework for Cybersecurity (NICE Framework) or the Skills Framework for the Information Age (SFIA).
Applying proficiency in practice is essential. Incorporating open-source cyber range tools enables teams to participate in realistic threat simulations and challenges, building practical skills that translate directly into stronger defense.
In addition, peer learning through collaborative exercises strengthens team cohesion while spreading expertise across roles. Seeking mentorship from AI leaders both within cybersecurity functions and across other disciplines provides valuable practical experience with applied AI concepts. By embedding continuous education into daily operations, organizations can build resilient security teams ready for tomorrow’s challenges.
By Victoria Cason, Sr Principal Analyst at Gartner
