RSAC 2026: Why Human Expertise Remains the Core of Enterprise Cybersecurity in the AI Era

RSAC 2026 put AI centre stage — but the data tells a different story. Only 28% of cybersecurity professionals are satisfied in their roles, and 68% say the job is harder than ever. Here's what security leaders need to know.

Omar Al-Hakeem
Senior Cyber Threat Analyst | MENA Region6 min read
Illustration representing the balance between human expertise and AI automation in enterprise cybersecurity, themed around RSAC 2026 Conference insights

Illustration representing the balance between human expertise and AI automation in enterprise cybersecurity, themed around RSAC 2026 Conference insights

RSAC 2026: Why Human Expertise Remains the Core of Enterprise Cybersecurity in the AI Era

The RSAC 2026 Conference arrived at a defining moment for the global cybersecurity industry. AI dominated the agenda — but the most important message to emerge from San Francisco this year was not about machines. It was about people.

As enterprise security teams race to adopt AI tools, automate workflows, and keep pace with an accelerating threat landscape, the professionals behind those systems are under more pressure than at any point in the industry's history. The data presented at RSAC 2026 makes this unmistakably clear.

The State of the Cybersecurity Workforce in 2026

Research unveiled at RSAC 2026 by the Information Systems Security Association (ISSA) — the eighth consecutive volume of its study on the life and times of cybersecurity professionals — revealed a workforce under significant strain:

  • Only 28 per cent of cybersecurity professionals report being very satisfied in their current roles
  • 68 per cent say cybersecurity is more difficult today than it was just two years ago
  • 62 per cent find their jobs stressful more than half of the time
  • Top challenges cited include rising complexity, expanding attack surfaces, increasing workloads, and tightening budget pressures

These are not abstract workforce statistics. For enterprise security leaders in the GCC and MENA region — where the cybersecurity talent gap remains acute and demand for qualified professionals consistently outpaces supply — they carry direct operational implications.

The highest skills gap identified in the 2026 study is in AI security strategy — a discipline that barely existed as a defined role three years ago.

How AI Is Reshaping the Cybersecurity Profession

The ISSA research presented at RSAC 2026 also captured how the profession views AI — not as a replacement, but as a double-edged force requiring human governance:

  • 81 per cent of respondents believe AI drastically increases challenges for cybersecurity as attackers leverage it to scale attacks
  • 80 per cent believe cybersecurity teams must leverage AI in their own solutions to stay ahead
  • 72 per cent believe agentic AI will be a game changer in helping security teams keep pace with attacks and improve operational efficiency

These figures align closely with findings from the World Economic Forum's Global Cybersecurity Outlook 2026, which identified AI as the most significant driver of cybersecurity change — cited by 94 per cent of global respondents.

A separate session at RSAC 2026 led by SANS Institute Chief AI Officer Rob T. Lee and CEO James Lyne addressed the structural impact of AI on security teams directly. Their research highlighted that while AI may reduce the scope of certain junior-level Security Operations Centre (SOC) functions, it is simultaneously creating entirely new specialist roles that did not previously exist — particularly in AI model security, prompt injection defence, and autonomous agent governance.

The Human Oversight Question: How Much Is Enough?

One of the most practically significant findings from RSAC 2026 concerns the current state of AI-driven automated remediation — and the degree of human oversight organizations currently apply:

  • 57 per cent of organizations require human approval for all critical automated actions
  • 19 per cent operate with periodic human oversight
  • Only 9 per cent currently operate with minimal human oversight
  • That minimal oversight figure is projected to nearly double to 17 per cent within the next 12 to 18 months

For enterprise security leaders, this trajectory raises important governance questions. As confidence in agentic AI systems grows and automation expands, the risk of unchecked automated decisions — particularly in environments handling sensitive financial, healthcare, or critical infrastructure data — requires deliberate policy design rather than default adoption.

The NIST AI Risk Management Framework provides a structured approach for organizations building governance policies around AI-driven security automation.

Breaking Down Silos: Security, IT, and the Business

A recurring theme across multiple RSAC 2026 sessions was the organisational challenge of aligning security teams with broader business stakeholders during AI adoption.

Research shared at the conference found that 38 per cent of organizations reported that their developers and DevOps teams select and deploy cloud security tools without consulting security teams — a pattern with direct parallels to the early days of cloud adoption, when security friction led some organizations to sideline security teams from infrastructure decisions entirely.

The lesson from that era — and the clear message from RSAC 2026 — is that security leaders must position their teams as enablers of technology adoption, not gatekeepers. This requires:

  • Active participation in AI tool evaluation and procurement decisions
  • Clear communication of risk frameworks in business language
  • Alignment between security objectives and organizational growth priorities
  • Investment in building cross-functional cybersecurity culture

For GCC enterprises pursuing digital transformation under national agendas such as Saudi Vision 2030 and the UAE's National Digital Economy Strategy, this alignment between security teams and business leadership is not optional — it is a strategic necessity.

What Enterprise Security Leaders Should Take Away

RSAC 2026 delivered a clear message for security professionals navigating the AI transition:

1. Invest in AI security skills now — The gap between AI adoption speed and AI security maturity is the defining vulnerability of 2026. Upskilling existing teams in AI governance, prompt security, and agentic system oversight cannot wait.

2. Human oversight of AI systems remains essential — Automation is accelerating, but the majority of organizations still require human approval for critical actions. Build governance frameworks before expanding autonomous operation.

3. Security teams must engage the business — Cybersecurity professionals who position themselves as strategic partners in technology adoption will have far greater influence over risk outcomes than those who operate in isolation.

4. Workforce wellbeing is a security risk — A stressed, understaffed, and under-supported security team is a risk factor in its own right. Organizations that treat their security workforce as a strategic asset — investing in role clarity, tooling, and professional development — will build more resilient security programmes.

The ISC2 Cybersecurity Workforce Study and the SANS Institute's annual research both provide useful benchmarks for organizations evaluating their own workforce maturity against global and regional peers.

Omar Al-Hakeem

Senior Cyber Threat Analyst | MENA Region

Omar Al-Hakeem is a cybersecurity researcher specializing in threat intelligence, ransomware trends, and nation-state activity across the Middle East and North Africa. With over 12 years of experience in SOC operations and incident response, he provides deep technical breakdowns of emerging attacks and regional cyber risks. At MENA Cyber Wire, Omar focuses on real-world threat analysis and actionable defense strategies for enterprises and startups.

Intelligence Focus Areas

AI Security MENAEnterprise Cyber RiskCybersecurity WorkforceGCC Threat IntelligenceSecurity Leadership & Strategy