Can Gen AI and Agentic AI Save Us from the Cyber Talent Crunch?
We’ve been talking about the cybersecurity talent shortage for more than a decade now. Every year, new reports come out, and every year, the numbers seem to get worse. According to (ISC)2’s 2024 Cybersecurity Workforce Study, the global gap has now surpassed 4 million unfilled positions. And honestly, it shows. Whether I’m talking to a CISO at a bank, a security manager at an SME, or a founder of a tech startup — the complaints are the same:
“We just don’t have enough people.”
“Hiring is hard.”
“Our team is overstretched, we’re barely keeping up.”
And here’s the reality — we’re not going to hire our way out of this problem. Not fast enough, at least.
The complexity of our digital environment is growing by the day. Threats are evolving. Regulations are tightening. And at the same time, many organisations — especially in our part of the world — are still running lean cybersecurity teams, often covering multiple roles at once. So if we can’t hire more people, the next logical question is: can we work smarter?
That’s where Generative AI and Agentic AI come in. Not as silver bullets, but as serious, practical tools that could change the way we run cybersecurity — especially when it comes to solving the talent crunch.
The Silent Workhorse: Gen AI Is Already Helping More Than You Think
Let’s start with Gen AI. Because truth is, it’s already playing a big role in cybersecurity today — quietly, efficiently, and often behind the scenes.
Ask any cyber pro, and they’ll tell you they’ve used Gen AI to draft more believable phishing emails or write quick exploit scripts. SOC analysts are using it to summarise long log entries and generate incident response reports in minutes, not hours. CISOs are turning to AI to translate complex threat intel into board-friendly slides and to draft security policies from scratch based on ISO, NIST, or RMiT requirements.
This is already happening.
Almost every major cybersecurity vendor has started to embed Gen AI into their product stack — from Microsoft’s Security Copilot to tools that use AI to explain CVEs in plain English. It’s changing the way we work: speeding up processes, reducing cognitive load, and making security knowledge more accessible across roles.
But let’s be clear — Gen AI is still mostly reactive. You prompt it, it replies. It helps you work faster and smarter, but it still relies on you to take the first step.
Enter Agentic AI: The Next Evolution
Now imagine going beyond a smart assistant that helps you write and summarise — to something that can actually do the work.
This is where Agentic AI steps in.
Agentic AI is the next evolution. It doesn’t just respond to a prompt — it understands a goal, plans the steps, uses tools, executes the task, and learns from the outcome. It’s autonomous. It acts.
Let’s bring that to a cybersecurity context. Suppose your phishing detection system flags a suspicious email. A Gen AI tool might help summarise it, maybe even suggest some next steps. But an Agentic AI system? It would:
Extract the headers
Scan the attachment in a sandbox
Identify similar emails sent to other employees
Quarantine all related messages
Notify the affected users
Update the email filter rules
Log all actions in your IR platform
And then send you a summary of what it did
No human needed — unless something goes wrong, or you choose to step in.
That’s not a fancy demo. That’s the direction the industry is moving. And when you’re running a cybersecurity team that’s already doing the job of three people with one pair of hands, the value of this can’t be overstated.
What Problems Does Agentic AI Actually Solve?
If Gen AI helps you save time, Agentic AI helps you save headcount. And this matters. Because right now, many organisations are stuck in a cycle of firefighting. There’s no time to be strategic when your team is just trying to keep the lights on.
Here’s what Agentic AI can take off your plate:
Tier 1 alert triaging
Repetitive incident investigations
Routine cloud misconfiguration checks
Continuous compliance monitoring
IAM role reviews and revocation workflows
Phishing and spam response
Vulnerability-to-asset mapping
Third-party risk scoring
These are process-heavy, high-volume, low-satisfaction tasks that burn your team out. With Agentic AI, one security analyst could manage triple the volume — not because they’ve become superhuman, but because they’re being supported by a team of digital agents doing the heavy lifting.
Now, let’s layer in a new challenge. With the new Malaysian Personal Data Protection Act (PDPA) amendments coming into force, organisations are now required to appoint a Data Protection Officer (DPO). This is already triggering a new wave of head-scratching in the local industry. Companies are asking:
“Who’s going to take on this role?”
“Do we need to hire someone new?”
“Can our IT or compliance team absorb this?”
For many, it’s just not practical to appoint a full-time DPO with the right level of legal, technical, and operational expertise — especially if you’re an SME or mid-sized company. This is exactly the type of function that an AI assistant — built with strong regulatory logic and workflow capabilities — could augment. It could help draft privacy policies, monitor data flows, flag risky data handling behaviours, and even prepare breach notification drafts — all under the supervision of a lean internal team.
In short, this is yet another case where Agentic AI could step in to absorb some of the pressure and make regulatory compliance manageable — without blowing up the headcount or budget.
So Why Isn’t Everyone Doing This Yet?
Because we’re not fully ready.
As powerful as agentic AI sounds, we’re still in the early days. A lot of what we call “AI agents” today are actually glorified automation scripts wrapped in natural language. Real Agentic AI — the kind that can think, plan, act, and own a task from start to finish — still faces a few roadblocks.
The first is trust. No CISO wants an AI agent that accidentally locks out the CEO’s account or deletes a production database because it “thought it was a threat.” We need strong guardrails, human override mechanisms, audit logs, and explainability before we can let AI roam free in our environments.
The second is context. AI agents need access to deep enterprise knowledge — what systems are critical, who owns which assets, what’s the current risk appetite, what’s been tried before. That’s a tall order for most organisations still struggling with basic asset inventories.
And the third is governance. If an AI agent makes a mistake, who’s accountable? Who audits the agent’s logic? Who approves its decision-making boundaries?
These are not technical questions. They’re leadership, legal, and risk management questions — and we’ll need answers before this gets scaled up.
A Thought Experiment: Every CISO Gets an AI Agent
Let me leave you with this.
Imagine a not-so-distant future where every CISO has a cybersecurity advisor. This agent doesn’t just answer questions — it works behind the scenes, every day, across your environment. It updates you in the morning:
“I’ve reviewed your 15 overnight alerts — 12 were benign, 3 have been escalated. I’ve prepped your risk dashboard for the executive meeting. One of your vendors had a security rating drop — I’ve triggered a review. And here’s your board deck for next week — ready for review.”
It doesn’t replace you. It amplifies you.
You still set the vision. You still lead the team.
But now, you have the capacity to do what you were always supposed to do — think, lead, influence, and stay ahead.
In a world where cyber threats are scaling faster than talent, maybe this is the future we need — not just to survive, but to lead with confidence.
The Final Word: Solving the Talent Crunch, One Digital Teammate at a Time
We’re not going to magically produce four million qualified cybersecurity professionals overnight. And the longer we delay, the more we burn out the people we already have — overworked, understaffed, and stuck doing tasks that AI could already be helping with.
Gen AI is already giving our teams a second brain — helping them write faster, understand faster, and communicate better.
Agentic AI will go one step further. It’ll give us a digital teammate — one that can take on repetitive, time-consuming work, execute playbooks, learn from context, and allow our human teams to focus on what matters most: strategic thinking, leadership, and navigating ambiguity.
That’s how we solve the cybersecurity talent crunch — not by trying to find more people, but by making every person we already have 10x more capable.
This isn’t the future. It’s starting now.
That’s all for this week!
Cheers,
Siva