The Disappearing Analyst

As more organizations adopt AI-powered platforms for monitoring alerts, triaging incidents, and generating response playbooks, many are quietly choosing not to backfill junior roles. Entry-level analysts are not being fired; they’re simply not being hired at all.

This is a shift in how cybersecurity teams are structured, how talent is developed, and what risks may emerge as a result. And from an investment standpoint, it’s an early signal of how the security market is fragmenting into a new shape: leaner, smarter, and more reliant on software than ever before.

The Restructuring of the SOC

For years, the basic SOC model relied on a pyramid of labor. Junior analysts (often called Tier-1) handled the high-volume, low-context tasks: scanning dashboards, dismissing false positives, and escalating real threats. More senior analysts would step in when incidents required deeper investigation or coordination.

At Kyndryl, the IT infrastructure giant with 70,000 employees and global operations, the company recently halved its SOC team and deployed a suite of AI-driven tools from Palo Alto Networks to take on the core responsibilities of entry-level security staff. If malware is detected on a company laptop, the software can isolate the device from the network automatically, sometimes resolving the incident before a human ever gets involved. In other cases, if no malicious behavior is confirmed, the system closes the ticket itself.

Scott Owenby, who leads cybersecurity at Kyndryl, put it plainly:

We’re starting to trust [the AI] to handle these tasks like scans and device isolation. And when we do need a human, it cuts down the amount of time a human would need to spend on incidents like that from hours to minutes.”

He noted that the software has been so effective that the number of incidents human security analysts have to respond to has fallen 90% over the past year.

This reflects a broader trend across large enterprises. Security teams are embracing automation as a strategic headcount management tool. The promise is 24/7 coverage, faster resolution times, and lower operating costs. For smaller SOCs, the math may not pencil out. But for global organizations, it’s increasingly a straightforward decision.

However, a longer-term tradeoff is emerging—one that isn’t yet reflected in ROI calculations.

The Risk of a “Missing Middle”

If today’s entry-level roles are being automated, and tomorrow’s senior leaders risk not being trained, it’s fair to ask: are we heading toward a cybersecurity capability cliff?

We don’t think so. In fact, we believe we’re entering one of the most dynamic, high-leverage periods the industry has ever seen.

For years, cybersecurity has suffered from a paradox. Despite the proliferation of security vendors, rising SOC headcount and massive increase in spend from CISOs across the 2010s, the number of enterprise data breaches increased 200% between 2013 and 2022. That is a dynamic that was ripe for disruption by AI, and we are still in the early stages of that disruption.

When we talk to founders in this space, the most exciting ones aren’t trying to rebuild old workflows with AI glued on. They’re rethinking the architecture entirely. They view the SOC not as a staffing challenge, but as a systems design problem — one that AI enables us to rewire.

While much of the current excitement is centered on replacing Tier-1 analysts or triaging tickets faster, the companies that will define the next decade are those focused on real-world outcomes: faster time to containment, reduced dwell time, fewer successful intrusions, and lower operational overhead.

That’s where we’re focused at Alumni Ventures. We’re backing early-stage cybersecurity companies that prioritize impact over interface and utilize AI as a lever for operational transformation.

The industry needs platforms that actually bend the curve, giving security teams leverage and not just alerts.

That’s why we’re optimistic. Because we’re not looking to preserve the old model. We’re investing in what comes next. And in the hands of the right founders, this next chapter doesn’t just replace lost analysts. It delivers better security, with fewer inputs, and finally closes the gap between spend and results.

Join Us

If you’re an investor who wants exposure to this transformation — not just the risks, but the real upside — we invite you to join our Cybersecurity Syndicate at Alumni Ventures.

As part of the syndicate, you’ll get access to early-stage investment opportunities in companies building the future of security. You don’t need to be a security expert. You need to believe that the way companies defend themselves is being rewritten — and that the winners in this space will reshape not just cybersecurity, but enterprise software as a whole.

Join Us (For Free)

Start Investing With the Cybersecurity & Trust Syndicate Today.

This communication is from Alumni Ventures, a for-profit venture capital company that is not affiliated with or endorsed by any school. It is not personalized advice, and AV only provides advice to its client funds. This communication is neither an offer to sell, nor a solicitation of an offer to purchase, any security. Such offers are made only pursuant to the formal offering documents for the fund(s) concerned, and describe significant risks and other material information that should be carefully considered before investing. For additional information, please see here. Example portfolio companies are provided for illustrative purposes only and are not necessarily indicative of any AV fund or the outcomes experienced by any investor. Example portfolio companies shown are not available to future investors, except potentially in the case of follow-on investments. Venture capital investing involves substantial risk, including risk of loss of all capital invested. This communication includes forward-looking statements, generally consisting of any statement pertaining to any issue other than historical fact, including without limitation predictions, financial projections, the anticipated results of the execution of any plan or strategy, the expectation or belief of the speaker, or other events or circumstances to exist in the future. Forward-looking statements are not representations of actual fact, depend on certain assumptions that may not be realized, and are not guaranteed to occur. Any forward-looking statements included in this communication speak only as of the date of the communication. AV and its affiliates disclaim any obligation to update, amend, or alter such forward-looking statements, whether due to subsequent events, new information, or otherwise.