AI’s Impact on Cybersecurity: SOC Automation, GRC Limits, and the Rise of Boutique Advisory

Tom welcomes cybersecurity veteran Dave Cronin, founder of Mission Security and vCISO/Head of Cyber Services with CyberTrust Massachusetts, who recounts his path from technical roles and teaching ethical hacking to senior leadership and nuclear compliance work across U.S. power plants.

They discuss AI as a pivot point in cybersecurity, accelerating both defense and attacks, including uncovering long-standing vulnerabilities. Dave argues AI is rapidly replacing repetitive SOC/MDR Level 1 triage tasks, contributing to consolidation, while human judgment remains critical for response actions and for gray-area domains like GRC where politics and control tradeoffs matter.

They cover market pressures from private equity, ROI scrutiny, workforce cuts, and CISO role changes, alongside increased demand for go-to-market, customer success, and relationship-driven services. Dave advises embracing AI, learning prompting, specializing skills, and he describes helping small organizations and municipalities with compliance needs such as CMMC.

00:37 Dave Cronin Background

02:10 Nuclear Compliance Stories

04:51 Ethical Hacking Roots

06:10 AI Finds Old Flaws

06:31 SOC Automation Impact

11:12 Human Relationships Matter

13:23 GRC and AI Limits

14:59 AI ROI and Cost Cuts

17:37 CISO Role Shifts

20:56 Future of MDR Vendors

22:37 Anthropic and Legal Disruption

23:28 AI for Legal Tasks

24:51 Who AI Disrupts Next

25:08 Future Proof Security Roles

26:21 Go To Market Surge

26:49 Human Service Comeback

28:24 Career Advice Embrace AI

29:36 Prompting and Learning Tools

31:27 AI Clones and Trust

33:54 Day Job Mission Security

35:04 CMMC Compliance Reality

38:42 Small Teams with AI

40:15 Layoffs and AI Washing

42:09 CISO Pay Compression Risks

43:02 Closing Thoughts