How AI is redefining a cyber engineer’s day

Mastering data science and understanding AI models are crucial now

Sharda Tickoo has seen more than most in cyber security. The veteran of over twenty years and country manager for India and Saarc at Trend Micro, a Tokyoheadquartered global cybersecurity firm that has a big presence in India, says she remembers when days were defined by dashboards and dogged manual triage. “The biggest shift for cybersecurity engineers is from reactive firefighting to proactive threat management.”

Threat-detection models now, she says, automatically tell an engineer what they should prioritise by giving more context and more risk assessments, while incident-response playbooks that once took time and rare expertise can be dynamically created and triggered rather than written from scratch. The difference, she argues, is that a lot of tasks which required human intervention are now being done intelligently, freeing teams to focus on the bigger questions of architecture, attack-surface reduction and improving the logic that sits inside detection models.

Tickoo breaks the day down simply. The security operations centre (SOC) — the round-the-clock watch room for an organisation — used to hand-sort alerts, write reports and chase down logs. Today, triage for cybersecurity breaches are machine-assisted: similar events are grouped, risk is ranked, and an initial response is drafted for a human to approve.

Forensics is faster too: instead of manually stitching together how an attacker got in and what else they touched, AI traces the likely chain and surfaces the “blast radius” for review. Vulnerability management has moved from endless security patch lists to practical prioritisation, with predictive and virtual patching helping teams decide what to fix first.

None of this removes the human; it redirects them, Tickoo argues. “AI has pretty much taken over what L1 and L2 engineers would do. Which means they can be upskilled to do something more meaningful,” she says, such as assisting L3s with deeper investigations and connecting the dots across systems.

Upskilling is non negotiable
Tickoo’s view on skills is particularly relevant for young cyber engineers. “The future belongs to security engineers who can speak data,” she says. That means basics like data analytics, scripting and APIs, plus an ability to read how models flag anomalies and behaviours so nothing is accepted blindly. Just as important is judgement. “We should know when to override automation,” she says. Security, after all, is there to enable the business; uptime matters hugely, and the human must decide when to pause an automated action because the context is risky.

From the customer end of the market, Sunil Sharma, VP & MD for sales (India and Saarc) at Sophos, sees the same re-balancing of effort. “Alerts that previously took hours to investigate can now be triaged instantly,” he notes; the result is more time for threat hunting and incident-response strategy rather than chasing every bell and whistle. He stresses that engineers must learn to interpret what AI says, not just accept it. Beyond network and malware basics, teams need “a solid understanding of how these systems detect threats, prioritise alerts, and adapt,” plus the judgement to overrule a model when context demands it. Upskilling is needed and has to be structured.

Huzefa Motiwala, senior director of technical solutions for India and Saarc at Palo Alto Networks, is blunt about the balance. “AI hasn’t replaced the cybersecurity engineer — but it has completely redefined what a good one does in a day,” he says. Where analysts once stitched together clues by hand across endpoints, firewalls and cloud logs, AI now “connects patterns across millions of signals in seconds,” with humans supervising, validating and acting.

The craft is evolving: engineers write detection-as-code and automate response scripts; they learn enough data science to question a model’s output and enough about adversarial AI to know where it can fail. Yet some instincts stay timeless. “The best analysts still have that gut instinct… You can teach an AI to flag anomalies, but not to sense unease. And that’s what keeps the human in the loop indispensable,” Motiwala says. To make that instinct scale, his teams pair engineers with data scientists on joint hunts and run red-team drills against AI agents, treating models as assets that require monitoring and protection like any endpoint or API.

If defence is changing, so is recovery. Balaji Rao, area VP for India & Saarc at Commvault,ba company that specialises in data protection and recovery for big enterprises, argues that AI is moving cyber from a narrow operations function into the intersection of intelligence, strategy, and operational resilience in the face of any disruption in our volatile world. In practice, that looks like anomaly-spotting in backups to flag compromise early; recommending the last clean recovery point so teams don’t accidentally restore infected data, and triggering pre-approved recovery workflows via integrations, so containment and restoration start while investigations continue.

To a non-specialist, it means fewer nasty surprises and less downtime. Upskilling, he adds, mirrors that breadth: data analytics and ML fundamentals to read AI-driven insights; cloud and hybrid-security depth as environments sprawl; and a firm grip on privacy and governance because that’s basic when you’re trying to secure the data of large enterprises like Commvault does.

Trend Micro’s Tickoo adds that she has lived through fashions that promised to cut the grind, but admits that AI is the first to deliver relief at scale — and to raise the bar for people. The engineers who thrive will be those who can read data, write a little code, and still explain, in plain language, why a model’s suggestion is right — or why it must be ignored.