Securing AI means fixing the skills gap
AI is moving faster than most organizations are prepared to secure it. Not because the technology is new, but because the workforce isn’t ready. In a recent webinar, Seth Robinson, Vice President of industry research at CompTIA, and Luis Suarez, Chief Technology Officer at H.I.G. Capital discussed what it takes to secure AI at scale. Their message was direct: AI does not arrive as a clean layer on top of existing systems. It exposes gaps across systems, processes, and people.
This changes how you should think about readiness. The question moves from what tools you need to whether your team has the skills to use them safely and consistently. As Robinson notes, “we’re really seeing that it requires a layered strategy. You need the skills to implement and use AI tools, but you also need some skills in basic cybersecurity.” Without that ability, new tools tend to amplify existing weaknesses instead of fixing them.
AI is accelerating cyber risk and threat volume
AI can be a powerful productivity driver, but it also increases the scale, speed, and frequency of cyber risk. Suarez points out that adversaries have access to the same AI capabilities. “The bad actors are doing the same thing,” he says. “They are using the same tools to generate multiple attacks quicker than ever before.”
This means attacks are not only improving. They are easier to produce, cheaper to launch, and harder to contain. Techniques that once required specialized skills are now easier to replicate at scale. For security teams, this changes the daily workload.
Suarez describes how AI-enabled processes allow his teams to offset some of this pressure by correlating information across systems and applying consistent scrutiny to security events that previously had to be triaged. That reduces blind spots and enables earlier detection. But the challenge isn’t limited to tool selection. It also introduces new complexity, including the need to validate outputs, manage false positives, and interpret results at speed. It comes down to whether your teams know how to use those tools and respond at the required pace.
AI security readiness exposes existing governance gaps
One of the more uncomfortable realities of AI adoption is that it tends to surface problems that were already present. Suarez is clear on this point: “AI is going to find where your data is weak, and it is going to find where your process is weak.”
In many cases, the issue is not a new risk; it’s an existing risk becoming more visible and easier to exploit. Organizations still need to defend against external threats, but they also need to make sure internal systems behave in controlled and predictable ways when AI tools interact with them.
It also reinforces a broader shift in how organizations approach security. It is no longer a standalone function. It has to be embedded across operations, systems, and decision-making. As Robinson explains, “all throughout an entire technology team and then out into the non-tech parts of the workforce, everybody has to take cybersecurity seriously.”
This becomes a challenge when organizations feel pressure to move quickly with AI. Suarez acknowledges that urgency but cautions against compressing the groundwork. “You can’t drop an AI tool without having the data discussion, without having the cyber discussion.”
That discussion translates into concrete requirements that span data, security, and operational teams:
- Clear data governance and access models
- Integrated security across the IT lifecycle
- Defined policies for how AI systems interact with data
- Ongoing monitoring of how those systems behave over time
These are not new ideas. Many organizations have known for years where their governance gaps exist. AI simply accelerates the consequences of leaving them unaddressed.
Bridging the AI cybersecurity skills gap
AI is also making talent gaps harder to ignore. Robinson identifies cybersecurity skills shortages as one of the most consistent barriers organizations face when trying to execute on security strategy. Organizations are recognizing that workforce development needs to play a larger role. They need teams that can adapt as responsibilities evolve rather than stay fixed around narrow roles. In practice, this often means roles are changing even if titles stay the same.
Several patterns appear in how organizations are responding.
- Continuous skill development is standard practice
Roles change even when titles stay the same, which means skills need to keep pace with new tools and concepts. “Cybersecurity is not a static skill set,” Suarez says. “We’re introducing new tools, new concepts, new variations of old concepts.” That includes not just learning how to use new tools, but understanding what they are designed to improve or automate across existing processes. - Certifications provide structure in a changing landscape
As roles blur and expand, third-party certifications provide a way to define and validate skills across teams. CompTIA SecAI+ reflects this need by focusing on the overlap between AI and cybersecurity. It helps create a shared understanding of what capability looks like across security, operations, and data functions. Teams build a common language, organizations gain a consistent way to validate skills, and training paths become easier to repeat as roles evolve. - Organizations must build their own talent pipelines
There are not enough experienced professionals to meet demand at current levels. The only scalable solution is to develop internal talent earlier and more deliberately. Internships, cross-training, and structured development programs are becoming more important because they provide a path to scale capability over time.
Ensuring your team is ready for AI implementation
The most important shift is around accountability, not technology. AI doesn’t deliver outcomes on its own. Its effectiveness depends on how people configure, manage, and interpret it. Human oversight remains essential, even as automation increases. Suarez reinforces this with a direct warning, “AI may not replace you… but you will get replaced by someone who is using AI.”
This is where strategy and execution converge. According to Robinson, “the organizations that succeed are not the ones with the most tools, but the ones with teams that know how to apply them responsibly and effectively.” That requires a combination of:
- Strong governance and data management
- Integrated security practices
- Continuous workforce development
- Clear alignment across teams
These are familiar priorities, but AI raises the stakes and shortens the timeline for addressing them. Focus on readiness instead of speed alone. Build workforce capability alongside AI adoption, and treat security as part of how AI operates from the start.
Watch the on-demand webinar to hear more insights from H.I.G. Capital and CompTIA, or connect with your CompTIA team to discuss AI security and workforce readiness, including the SecAI+ certification.