The world of cybersecurity is ever-evolving, and now, with the rise of AI, it's undergoing a significant transformation. This new era presents both challenges and opportunities for CISOs and their security teams. The future of security is here, and it's time to adapt or get left behind.
AI is no longer a distant concept; it's becoming an integral part of cybersecurity strategies, and its impact is profound. According to Deloitte's Future of Cyber Survey, a substantial 43% of US cyber decision-makers are already leveraging AI in their cybersecurity programs to a large extent. This trend is reshaping the perception of CISOs within their organizations.
But here's where it gets controversial... While AI is gaining traction, its implementation is a gradual process, as highlighted by Joe Oleksak, a partner at Plante Moran. He believes AI hasn't revolutionized security organizations overnight but is gradually influencing their operations.
The biggest shift Oleksak has observed is the realization that speed is the new defining factor. Security teams can no longer afford to relax; AI accelerates both attacks and defenses, making the fundamentals more crucial than ever. From provisioning to network segmentation, every aspect must be meticulously managed, as AI amplifies even the smallest mistakes.
And this is the part most people miss... It's all about discipline. Organizations that have consistently invested in security are now reaping the benefits by integrating AI-driven tools into their workflows, leading to increased efficiency. However, those who have neglected security are still vulnerable, and AI doesn't provide a quick fix.
In fact, the gap between mature and unprepared organizations is widening. Attackers are using AI to make phishing, scanning, and deepfakes cheaper and faster, as noted by Oleksak. This highlights the urgent need for CISOs to rethink their security strategies and keep up with the pace of AI.
Let's explore how CISOs are navigating this new landscape and adapting their security organizations to harness the power of AI.
Shifting Dynamics in the C-Suite
Deneen DeFiore, Vice President and CISO at United Airlines, emphasizes the transformative impact of AI on her relationship with the C-suite. AI has elevated cybersecurity to a strategic business conversation, prompting closer collaboration with other executives to ensure security is integrated into AI initiatives from the outset.
"It's no longer just about protecting infrastructure; it's about enabling innovation safely, building trust, and empowering the business to move forward with confidence," DeFiore explains.
This shift is driven by United Airlines' commitment to responsible AI, where cybersecurity plays a central role in ensuring accountability, fairness, and resilience. This shared responsibility across the C-suite is reshaping leadership and innovation approaches.
Reshaping Cyber-IT Collaboration
The advent of AI has also changed the dynamic between IT and the security organization. Deneen DeFiore notes that the focus has shifted from reactive security to proactive, strategic collaboration. Cybersecurity is now embedded in AI initiatives from the start, ensuring innovation is both safe and ethical.
"Our commitment to responsible AI means every solution is designed with transparency, fairness, and accountability in mind," DeFiore emphasizes.
Jason Lander, Senior Vice President of Product Management at Aya Healthcare, also observes a change in the dynamics between cybersecurity and IT. AI is reshaping how these departments collaborate, streamline workflows, blend responsibilities, make decisions, and redefine trust dynamics.
"Our IT operations have become more intelligent and proactive, and our security team is gaining better operational support and visibility," Lander says.
While Oleksak from Plante Moran believes AI hasn't significantly altered how most security organizations work with IT, he acknowledges that it has incrementally shifted expectations. IT teams now assume security can move faster due to AI's acceleration of analysis and detection, and boards are viewing the CISO as a more strategic role.
However, Oleksak cautions that the unique perspective of the CISO, focused on protecting the business, is often misunderstood. As AI introduces new risks, from deepfakes to AI-driven phishing, only the CISO is positioned to anticipate and mitigate these threats.
Transforming the Nature of Work
AI is driving various improvements at Aya Healthcare, according to Jason Lander. It enables the streamlining and automation of repetitive tasks, evolving how security work is done.
"AI tools help retrieve data faster, expedite decision-making, and free up team members' time to focus on more strategic challenges," Lander explains.
At United Airlines, Deneen DeFiore echoes this sentiment. AI now handles the noise by triaging alerts, surfacing anomalies, and automating repetitive tasks, allowing her security team to focus on strategic analysis, threat modeling, and resilience planning. "It's made our operations faster, more focused, and more impactful," she says.
Lander adds that AI has reshaped his daily work, emphasizing process automation and prompting him to reassess organizational choices and enhance strategic priorities. "It requires a deeper knowledge of governance and risk, aligning AI capabilities with business objectives, and balancing innovation with risk management," he explains.
At BlackLine, CISO Jill Knesek reports to the company's CIO, and she believes AI has taken their close collaboration to the next level. "Now, we have to be aligned on everything we do," Knesek says.
Making Cybersecurity a More Expansive Effort
One of the complexities AI introduces is the need to validate the cybersecurity preparedness and processes of technology and service providers. This has become a more expansive effort due to AI, as highlighted by Joe Oleksak.
"Deepfakes present very real dangers to enterprises, and they will only become more prevalent. We've implemented redundant, often manual protocols to address these risks," Oleksak explains.
For Jason Lander at Aya Healthcare, AI has opened up a host of new opportunities. "We're rethinking and redefining sensitive data, adopting better detection models and practices for distinguishing between human- and bot-generated behavior, and monitoring and planning for increased risk of security leaks," he says.
At United Airlines, teams are being reorganized to bring together threat analysts, engineers, and data scientists in more agile, collaborative pods. "We're hiring selectively for AI and machine learning expertise but also investing in our existing talent by training them to understand AI, validate models, and use these tools responsibly," DeFiore adds.
Feeling the Pressure to Work Fast
Jill Knesek at BlackLine remains concerned about the unknowns of AI but acknowledges that companies are pushing security teams to quickly build out new capabilities to integrate AI into their products.
"Security and IT are kind of the transportation team, laying the roads and guardrails to prevent things from spinning out of control. We're working at breakneck speed in some areas, and the reality is, we don't know exactly what the threats are. So, we're trying to ensure we've got the strongest rules in place," Knesek says.
Questioning the Output
As organizations rethink their security approaches, Joe Oleksak advises CISOs to avoid getting caught up in the hype and remember that AI is a tool, not a strategy. "Treat it like any other technology investment. Start with your risk priorities and then decide where AI can realistically help," he advises.
It's crucial to remember that AI magnifies strengths and weaknesses. "If your asset inventory is incomplete, your IAM controls are loose, or your patching cadence is poor, AI will not fix these problems; it will accelerate the mess," Oleksak warns.
A cautious approach to deployment is essential. Oleksak recommends piloting AI tools in narrow use cases, such as alert triage, log analysis, and phishing detection, and measuring outcomes. "Focus on augmenting human judgment, not replacing it," he emphasizes.
Building trust through transparency is also key. "Train your teams to question AI output and educate your executives and employees on both the benefits and risks. The CISO's role is not just to deploy AI tools but to ensure the organization understands how they fit into the broader security picture," Oleksak adds.
Building Coalitions
AI should be used where it helps reduce risk, improve speed, or strengthen resilience, says Deneen DeFiore. "Build partnerships early, especially with legal, data, and operations teams. Invest in education across the organization and stay grounded in ethics. AI decisions have real-world consequences, so organizations should use AI with care and consider potential accountability implications," she advises.
While AI is a powerful tool, DeFiore emphasizes that it's people who make it meaningful. "At United, safety is our foundation. AI helps us deliver on that promise with more precision and agility, but it's the human judgment behind it that drives trust, impact, and long-term value," she concludes.
AI is not something to be feared, but its impact on security must be respected, says Joe Oleksak. Jason Lander adds that AI is not just a new tool but a new domain that requires careful governance, integration, strategic thinking, and continuous learning.
"By embedding security from day one, engaging cross-functional stakeholders, anticipating unique AI risks, and investing in people and adaptive frameworks, CISOs can guide their organizations to responsibly and confidently harness AI's potential. CISOs should plan and prepare for the AI era by building coalitions and ensuring AI is not managed as a silo but as a shared responsibility," Lander recommends.
The future of cybersecurity is here, and it's time for CISOs to embrace the challenges and opportunities presented by AI. By adapting their security organizations and strategies, they can stay ahead of the curve and ensure their businesses remain secure in this new era.
