AI Is Redefining IT, Cybersecurity, and the Role of the CISO
- Pyo Kwon
- 1 day ago
- 7 min read
PAGO Gartner Security & Risk Management Summit On Site Report
Executive Summary
Peter Firstbrook, a Gartner Business and Technology Insights analyst, delivered the Day 2 Keynote, bringing together many of the key themes discussed throughout the summit. Looking ahead to 2030, the session explored AI's impact on IT environments and the human side of cybersecurity, approaches to AI adoption and defense, and the changing role of the CISO.
This report is the tenth and final Gartner SRM Summit on site report. More importantly, the keynote provided a comprehensive perspective that extends beyond individual technology trends and helps security leaders understand how organizations can prepare for the changes ahead.
Cybersecurity at the Crossroads of Innovation and Change
At the beginning of the session, Peter Firstbrook emphasized the unprecedented pace of innovation organizations are facing today. "I've worked in this industry for 30 years, but I have never seen a technology and a rate of change that affects so many aspects of what we do."
Using this perspective as a starting point, the keynote focused on three key questions:
How will AI impact IT by 2030?
What will cybersecurity look like in 2030?
What should CISOs do today to prepare for the future?
These questions served as the foundation for the session and framed the discussion around the opportunities and challenges organizations are likely to face over the next several years.
Four IT Operating Models for an 2030 AI Driven Future
Peter Firstbrook explained that AI will fundamentally change the way IT departments operate by 2030. Organizations expect AI to improve productivity and help smaller teams accomplish more. Business units will take on a larger role in performing technology related work directly, accelerating the concept of IT Democratization. At the same time, organizations are expected to reduce their reliance on third party software and build more capabilities internally. To illustrate how IT organizations may respond, Gartner outlined four operating models.
Archetype | Description |
Lean IT | Uses AI to reduce the amount of human effort required and focuses on meeting business demand with a smaller workforce |
Amplified IT | Maintains current staffing levels while using AI to expand capabilities and support growing business demand |
Democratized IT | Business and technology teams work together to close the gap between IT delivery and business requirements |
Dual Builder IT | Reduces dependence on third party software and encourages organizations to build and operate more technology capabilities internally |
Gartner believes the first two models, Lean IT and Amplified IT, primarily focus on improving efficiency while maintaining a familiar business structure. The latter two models, Democratized IT and Dual Builder IT, position business units as active contributors to business transformation and value creation.
As a result, IT teams are expected to become smaller and more agile while combining business knowledge with technology and security expertise. Firstbrook described a future operating model that resembles BusDevSecOps, where business, development, and security functions become more closely integrated.
Jevons Paradox and the Reshaping of Cybersecurity Talent
Another important observation for security leaders is Gartner's view that AI adoption will not lead to a reduction in cybersecurity professionals. In fact, Gartner expects overall cybersecurity staffing levels to remain stable or even increase. Organizations that adopt AI First or Dual Builder operating models may require up to 25 percent more IT personnel by 2030 than they employ today.
To explain this phenomenon, Firstbrook referenced Jevons Paradox, the idea that when the cost of a resource or activity decreases, its usage often increases. He compared today's email environment with the era when paper documents were physically signed and circulated. Email dramatically reduced the cost of communication. Yet people now spend hours every day reading and responding to messages.
The same principle applies to cybersecurity. Even if AI makes activities such as threat hunting easier, organizations that previously lacked the resources to perform threat hunting may begin doing it regularly. New capabilities create additional work and new expectations. Unless existing responsibilities disappear entirely, the introduction of new capabilities ultimately increases the amount of work that needs to be done.
For this reason, Gartner expects cybersecurity teams to grow despite productivity gains from AI. Organizations will need to redesign roles and invest in reskilling across areas such as governance, identity and access management, and security operations to prepare for these changes.
Four Key Security Challenges CISOs Must Address in the AI Era
Gartner identified four areas that CISOs should actively evaluate and prepare for as AI adoption expands across the enterprise.
Protect employees using AI
As employees begin deploying AI agents on their own desktops to improve productivity, Prompt Injection and Data Poisoning attacks are becoming ongoing risks. To address these threats, new security categories such as Secure Browser and AI Usage Control are emerging. These technologies provide runtime protections designed to prevent malicious activity within AI enabled environments.
Organizations are also entering a period where Data Security Posture Management becomes increasingly important. Understanding where sensitive data resides and who has access to it is essential for managing AI related risk.
Protect business applications your organization builds
As business units use LLMs to develop their own applications, new security requirements emerge across the software development lifecycle. AI code security assistants that provide real time support during development and AI governance platforms that standardize supply chain and risk management practices are becoming important components of the application security process.
According to Gartner, several organizations have already established policies based on the following principles:
Freely allow the use of LLM based AI tools for individual productivity
Require support from specialized teams involving business, security, and development stakeholders when integrating enterprise applications such as Salesforce
Restrict access to and development of core transaction systems to the IT department
Gartner also emphasized the importance of the Owner Accountability Principle.
Business owners who choose to adopt new technologies and AI capabilities must also accept responsibility for the cybersecurity risks associated with those decisions. In simple terms, if an AI capability introduced by a business owner creates a security issue, accountability remains with the people responsible for adopting it.
Harness AI innovations in cybersecurity
Organizations should also look for opportunities to apply AI within their own cybersecurity programs. For example, on premises LLMs can be trained on security policies, mobile device usage guidelines, and internal procedures, allowing employees to locate security documentation through conversational interfaces. Organizations may also deploy AI powered cybersecurity assistants that automate the initial analysis of security alerts before they reach human analysts.
Gartner expects that AI SOC Agents capable of analyzing data across multiple tools, conducting investigations, and providing recommendations will emerge over time. However, Gartner was direct on one point: A fully autonomous SOC will never exist.
The organization emphasized that the most important question is not how much AI can be deployed, but how effectively AI can improve outcome driven metrics and strengthen the overall performance of the security program.
Protect your organization against emerging AI threats
According to Gartner, attackers are using AI primarily to accelerate existing attack techniques rather than develop entirely new ones. Organizations have traditionally focused their efforts on Incident Response after an attack occurs. Gartner argued that attention should move earlier in the attack lifecycle through a Shift Left approach.
By adopting automation capabilities that can identify and address weaknesses before attackers exploit them, organizations can strengthen their defensive posture. Throughout multiple sessions at Gartner SRM Summit 2026, CTEM was repeatedly highlighted as a framework that supports this objective and is likely to become a central component of defending against AI enabled attacks.
The session also stressed the importance of strong data governance and greater investment in Identity Threat Detection and Response (ITDR), which Gartner believes will become one of the most important areas of cybersecurity by 2030. Particular attention was given to Machine and Agent identities. Gartner referenced findings discussed during an IAM session on Day 1 showing that more than 58 percent of organizations have experienced a security incident involving compromised Machine IDs.
The CISO as a Business Orchestrator in 203
Looking toward 2030, Gartner believes cybersecurity programs must move away from rigid long term planning and adopt more continuous and agile planning processes. Policies should also become more flexible so they support business innovation rather than create unnecessary barriers.
Within this environment, the role of the CISO is fundamentally redefined.
Category | 2026 | 2030 |
Department Role | Cost Center | Value Enabler |
Primary Focus | Cybersecurity Manager | Organizational Resilience |
Security Philosophy | Prevention | Anti Fragility |
Governance | Centralized Governance and Responsibility | Distributed Governance and Shared Responsibility |
Core Identity | Manager | Orchestrator |
Gartner argued that future CISOs should avoid building a fragile structure where every cybersecurity risk rests on a single organization with limited resources. Instead, CISOs should operate much like Chief Financial Officers. Just as CFOs establish financial goals, define constraints, and oversee accountability across business units, CISOs should establish security expectations, assign ownership, and provide guidance to business stakeholders and technology teams.
Rather than carrying every risk themselves, CISOs should become coordinators and distributors of cybersecurity responsibility across the organization. In Gartner's view, the future CISO is ultimately an orchestrator.
Conclusion
As Peter Firstbrook brought the keynote to a close, he returned to one final question for CISOs to consider:
"Will you continue trying to absorb every cybersecurity risk within your organization, or will you share ownership and accountability with the business?"
This question reflects the broader direction Gartner presented throughout the session. As AI adoption accelerates, security teams will face new opportunities and new challenges. Attempting to manage every risk through a centralized security organization alone will become increasingly difficult. Instead, CISOs will need to focus on cybersecurity risk itself while helping business leaders, technology teams, and other stakeholders take ownership of the risks associated with their decisions.
The role of the CISO extends beyond managing security technologies and operations. It is about guiding the organization through change, establishing accountability, and helping the business operate securely while continuing to innovate.
This final Gartner SRM Summit keynote was not simply a discussion about AI. It was a discussion about leadership, responsibility, and how organizations should prepare for the future. The technologies may continue to change, but the ability to coordinate people, processes, and decisions around a shared understanding of risk will remain one of the most important responsibilities of cybersecurity leadership.
Written by: Pyo Kwon CPTO | DeepACT MDR Center
