How AI transformed DXC's security operations, and what CIOs should know

This week, I’ll be joining thousands of my colleagues, peers and partners at RSAC 2026, one of the premier cybersecurity events I have circled on my calendar every year. And it couldn’t come at a more urgent time.

Our cyber environments are evolving at a pace and complexity that I’ve not seen in my 25 years in the industry, from a continued surge in zero-day vulnerabilities to an escalation in identity-based attacks to the explosion of supply chain and third-party breaches threatening countless organizations downstream. And behind the wheel of it all is AI — supercharging bad actors with the ability to automate reconnaissance, accelerate malware development and create nearly indistinguishable phishing campaigns and social engineering tactics.

To counter these AI-enabled threats, security operations centers (SOCs) are fighting fire with fire, leveraging AI as an indispensable tool to help overwhelmed teams keep pace with unprecedented speed and sophistication. But recent research from AdvisoryX, DXC’s global advisory group, shows that while AI ambition is high, a clear execution gap persists, particularly in cybersecurity.  

Closing this gap at a time when cyber risks are growing more sophisticated requires leaders to map out a clear blueprint, which strategically links AI to their organization’s workforce and processes. We took this approach last fall when we developed and deployed AI agents across our SOC. Roughly eight months in, the integration has reshaped our talent development, rewritten our technology roadmap, and reimagined our broader cyber posture altogether.   

Here are the most impactful lessons so far: 

This is a people journey as much as it is a technology one.  

It became clear early on that technology is only part of this transformation. This isn’t merely a tooling shift, but a cultural one. Without alignment and endorsement of our people, it would’ve been like having an F-35 ready on deck but no pilot in the cockpit.  

This didn’t happen overnight — it took consistent transparency, ongoing communication and, above all, patience as we introduced new technologies, revamped legacy processes and addressed the natural hesitation that comes with change. Eventually, our teams experienced firsthand the disruptive impact of agentic protection, which includes a 68% reduction in time to acknowledge a ticket and a 77% reduction in triage and investigation time.

AI may sit at the cutting edge of cybersecurity, but people remain the foundational layer of our collective defense. As this technology advances, human judgement and oversight remain crucial to manage agent actions and ensure they stay within their guardrails. Ensuring analysts feel supported by these tools rather than sidelined by them has been one of the most important lessons on this journey.   

Our industry faces a talent problem: we simply don’t have enough qualified people to fill our open roles. This shortage has led to strained SOCs, stressed security leaders and burned-out analysts, and left digital assets increasingly vulnerable. But for the first time in my career, this talent gap is shifting into career opportunities, where AI and automation are liberating time, reducing fatigue and creating more capable, well-rounded security professionals.  

By automating highly repetitive, mundane tasks within our SOC— such as ticket triage — we’ve reduced reliance on Tier 1 SOC analysts by 100%. This isn’t a replacement strategy (we need more personnel, not fewer). Rather, AI is becoming a career accelerator, enabling us to redeploy our people to higher-value work, such as threat intelligence analysis or threat hunting in our network.   

No human wants to stare at a screen for 10 or 12 hours a day, especially to parse legitimate threats buried in a sea of false positives. Agents handle tedious triage work 24/7 while our people direct their energy and expertise to the highest-impact areas of the business. This shift has opened the door to more meaningful upskilling opportunities, deeper career-progression conversations and, ultimately, more engaged and satisfied cyber teams.

Transferable skills, not just technical, are redefining the future cyber workforce.

There’s a consistent trait I see in people — whether in our SOC or across the broader business — that separates those who are swimming with the AI current from those being dragged along by it: curiosity. The individuals who embrace the technology, experiment freely and stay open to new ideas and approaches are ultimately the ones finding less friction and more success.  

For generations, our industry has been defined by deep technical knowledge, and in many respects that remains true. But equally important today are transferable skills: curiosity, communication and, most importantly, business acumen. This is something I emphasize constantly with my teams: technical is table stakes. Whether you’re a Tier 1 analyst or a SOC manager, everyone must be able to walk the business, talk the business and understand how cyber risk integrates into the larger business blueprint.

Our journey to implement one of the first agentic SOCs followed a key process for how DXC strategically deploys AI to drive results: start small, scale fast. Sustainable change requires safe, structured experimentation. We launched minimum viable products to validate our approach, gathered feedback, then rapidly scaled. This measured process helped us avoid the pitfalls of costly, unproven enterprise-wide deployments. 

But to start small, you actually have to start. We piloted, we pivoted and we refused to be paralyzed by old problems, processes or best practices. In modern cyber, rigidity is a liability, but adaptability is a lifeline. 

SOC teams want tools that enhance their expertise, where AI handles the repetitive grunt work so they can focus on what they do best: creative problem-solving, strategic threat hunting and complex decision-making that machines can’t replicate.  

Today’s CISOs must become AI’s biggest champions, not merely as an innovative tool, but as a strategic capability to address the growing sophistication of cyberattacks, empower their people, and better protect their companies and customers.  

This year’s RSAC theme is “The Power of the Community,” and it couldn’t be more fitting. Modern cybersecurity truly takes a village, and I’m incredibly excited to spend the next few days collaborating with the brightest minds, the most influential leaders and the most innovative companies in the industry.

If you’ll be on site this year and want to connect on how AI is reshaping the SOC and broader cyber strategies, drop a comment or reach out to me directly. See you in San Francisco!