Scrub through 48 years of this role's history — from when it first emerged, through every wave of technology that reshaped it, to the cited projections for where it's heading next.
Physical access controls + mainframe password systems
Drag the dot, click anywhere on the track, or use ← → arrow keys (Shift for 10-year jumps, PgUp/PgDn for 25).
2026
Known today as Information Security Analyst (BLS SOC 15-1212)
US Employment
180K
BLS OEWS May 2024 establishment-survey figure for 15-1212 Information Security Analysts. O*NET reports 180,100 employed. ISC2 2025 Cybersecurity Workforce Study estimates the global cybersecurity workforce at approximately 5.5 million workers across all countries, of which the US represents roughly 1.1 million — the 180,000 BLS figure covers narrowly-defined information-security analyst roles, while the broader ISC2 estimate includes security engineers, architects, managers, and related practitioners. The two figures are measuring different populations; both are cited in context.
Median Annual Wage
$120,360
Source: BLS-OEWS
Tool of the era · AI-augmented SOC (CrowdStrike Charlotte AI, Microsoft Security Copilot 2024)
CrowdStrike announced Charlotte AI at the RSA Conference in April 2023; Microsoft Security Copilot reached general availability in April 2024, integrated into Defender and Sentinel. Both products changed the analyst's daily workflow in the same direction: AI handles Tier-1 alert triage (enrichment, correlation, false-positive filtering) and the analyst reviews AI-generated findings rather than raw log data. CrowdStrike claimed Charlotte AI saved analysts more than 40 hours per week on average and reduced investigation effort by 70%. Palo Alto's XSIAM platform reported 75% reduction in manual SOC work. At the same time, AI-enabled attackers grew faster: Mandiant's M-Trends 2026 report found attacker initial-access-to-lateral-movement time had collapsed to 22 seconds in documented 2025 incidents. The arms race accelerated on both sides simultaneously.
ISC2 2025 Cybersecurity Workforce Study: 73% of practitioners believe AI creates MORE demand for specialized cyber skills; global workforce gap estimated at 4.8 million unfilled positions. BLS +33% projection (2023-33) is the highest growth rate of any IT occupation. The productivity gains from AI are being absorbed by a larger attack surface, not a smaller workforce.
Projection cone · present → 2033
What credible sources project
Scrub the slider past now to anchor each scenario on the scrubber. The spread you see below is the range of futures credible sources project for this role.
ISC2 2025 Cybersecurity Workforce Study
→ 2030
+40%
ISC2 estimates a global cybersecurity workforce gap of 4.8 million unfilled positions as of 2025 — the largest gap ever recorded in their annual study. The gap is growing despite record hiring because AI expands the attack surface faster than the workforce grows. The 40% figure is curator-estimated from the demand-growth trajectory implied by ISC2's hiring-need data; ISC2 does not publish a single US-only employment count for the 15-1212 category. 73% of practitioners surveyed say AI will increase demand for specialized cyber skills, not reduce it.
BLS Occupational Outlook Handbook 2023-33
→ 2033
+33%
BLS Employment Projections — industry-occupation matrix + labor productivity assumptions. The 2023-33 OOH edition projects 33% employment growth for 15-1212, the highest rate of any IT occupation and among the top projected growth rates in the entire BLS dataset. The projection cites expanding attack surfaces, healthcare and government digitization, and increasing regulatory requirements as the primary drivers. Approximately 16,800 annual openings projected over the decade.
Goldman Sachs (March 2023)
→ 2030
-22%
Goldman maps O*NET work-activity importance scores to LLM capability ratings. Computer & Mathematical occupations show approximately 29% of tasks automatable by current LLM capabilities; Information Security Analysts are at the lower end of this range due to the adversarial and judgment-heavy nature of the role. The -22% figure is a curator estimate within the Goldman Computer & Mathematical range. As with Eloundou, "automatable tasks" is not "jobs lost" — for security specifically, automation of Tier-1 triage frees analyst capacity for more complex work rather than reducing headcount.
Eloundou et al. — "GPTs are GPTs" (2023)
→ 2030
-28%
GPT-4 task-by-task LLM-exposure labeling against O*NET task statements. Information Security Analysts fall in the medium-high exposure range in the Eloundou dataset — the documentation, reporting, and routine investigation tasks carry high LLM exposure, but the threat hunting, incident command, and adversarial-simulation tasks carry low exposure. The -28% figure represents the β exposure measure (fraction of tasks where LLMs could assist meaningfully). Note: Eloundou "exposure" is capability, not substitution — high-exposure tasks could equally be AI-augmented as AI-replaced, and in this role the augmentation interpretation is the better fit given strong employment-demand growth.
Today, in this role
What's shifting in the work right now
The historical view above shows how this role has moved. This is the present-day detail: which AI tools are picking up which tasks, where the edge still is, and the natural directions this work can grow.
What's changing in your day
Three parts of your work where AI is already doing real lifting — and what stays yours.
AI is sitting alongside you here
Review AI-prioritized SIEM alert queues in Microsoft Sentinel or Splunk Enterprise Security — validating triage decisions made by the AI agent, escalating confirmed incidents, and closing false positives with documented rationale.[9],[10],[8]
Build fluency in prompt-driven investigation: learn to ask the right natural-language questions inside Security Copilot and Charlotte AI to surface context the AI surface didn't show, and develop a disciplined false-positive taxonomy so you can tune alert logic over time.
AI is sitting alongside you here
Monitor cloud security posture using CSPM tools (Wiz, Orca, Prisma Cloud) — reviewing AI-generated risk scores for misconfigured resources, enforcing compliance guardrails, and coordinating with DevOps to fix issues before they reach production.[11],[2]
Earn cloud-platform depth beyond the CSPM dashboard: understand the IAM, networking, and data-plane fundamentals behind the findings so you can distinguish critical-path misconfigurations from lower-priority hygiene issues that AI over-weights.
AI is sitting alongside you here
Manage vulnerability backlogs using AI-assisted risk scoring — reviewing Tenable or Wiz findings ranked by real-world exploitability, coordinating patch prioritization with engineering teams, and tracking remediation SLAs.[12],[11]
Go beyond raw CVSS scores: learn to interrogate AI-generated exploitability ratings using threat intelligence context (active exploitation in the wild, asset criticality, blast radius) so you own the remediation priority decision rather than rubber-stamp the scanner output.
Where this role is heading
Natural next steps for someone with your foundation — not exits, evolutions.
A direction you could grow
Computer and Information Systems Managers
Senior security analysts who build credibility with executive stakeholders during incident response and risk briefings often move into security management or CISO-track roles. The 2026 market shows rising demand for security managers who can set AI-tool adoption strategy, manage vendor relationships for agentic SOC platforms, and translate technical risk into board-level language.
What you'd add
· Security program governance: CISO-track skills, board reporting, security metrics and KPIs