How AI could elevate or eliminate the CISO role

Y · Why this matters. At altitude, the first question is Y: why are we here, and what happens if we do nothing? Bobbert’s answer is blunt. If CISOs keep spending most of their time on repeatable assurance, operations, and reporting, AI will not just support the role. It will redraw it.

What the article finds. Bobbert estimates that within five years AI could automate or materially accelerate 80% of audit and assurance work, 80% of operational security, and 90% of risk management. His point is not that the human CISO disappears overnight. It is that much of today’s workload is structured, repetitive, and data-heavy enough for AI to become the main execution engine.

That creates two futures. In the first, the CISO survives as a smaller, more strategic role centred on interpretation, judgement, influence, and board decision support. In the second, the standalone role dissolves as security becomes part of normal enterprise management. Bobbert draws the boundary clearly: AI can prepare, analyse, score, and report, but it cannot own consequences, build trust in crisis, or navigate politics and ambiguity.

Three takeaways.

Strip out structured work now, and redesign the brief around judgement, translation, and executive decision support.
Decide which future you are building toward: a strategic CISO, a part-time CISO, or security absorbed into wider leadership.
Protect the human core of the role: accountability, crisis trust, political judgement, and cultural influence.

The route. The route is an executive argument grounded in task analysis. Bobbert starts from published AI labour maps, tests them against core CISO domains, then sketches two organisational end states. That method is useful because it shifts the discussion from titles to task design.

Read the original https://www.linkedin.com/pulse/ai-elevate-ciso-eliminate-role-yuri-bobbert-6ogte/