From my seat leading a global security business, I have the benefit—and the humility—of hearing from practitioners, technology makers and service leaders across a variety of industries. The conversations, however, are remarkably consistent: organizations want security that is practical to run, resilient amid uncertainty and clearly effective.
What I hear most often is not disagreement about direction, but frustration with how hard it is to make progress when priorities compete and time is limited.
The last 12 months have clarified where progress is being made and where pressure remains. And, in many ways, what I’ve seen is a steady shift in how security actually operates.
I see this shift less in major product announcements and more in how teams talk about their day-to-day work.
One moment stands out. In a single week, I met with three organizations in different regions, industries and stages of maturity. Yet all three described the same challenge: too many tools, not enough time and too much uncertainty when something goes wrong. That consistency matters. In my experience, when conversations sound this similar across markets it usually points to a broad, structural change.
What’s Becoming Clear in Security
AI’s dual use acceleration.
Attackers and defenders are both moving faster. Generative and assistive AI lowers the effort needed to create convincing lures, write code and refine attack methods. At the same time, security teams are using AI to summarize incidents, connect signals and reduce manual effort.
The key takeaway is that AI is now part of everyday workflows on both sides—something that happened faster than many teams expected.
In my conversations with customers, security leaders describe a clear pattern. Early AI use focuses on productivity: alert reduction, case summarization and guided investigation. Teams report meaningful drops in triage time—often between 20% and 40%—without missing critical issues. From what I’ve seen, the value shows up most clearly when AI is applied to specific, time-consuming tasks.
Platform consolidation with intent.
Organizations are reducing overlapping tools not just to save money, but to simplify operations and improve visibility. Fewer consoles and better-connected data makes it easier to maintain basis security practices, enforce policies and track results.
I often hear teams describe this less as cost cutting and more as a way to regain control.
Managed services as an operating model.
More buyers are treating managed and co-managed services as a standard approach for parts of detection, response, identity and data protection. The motivation is practical: move limited talent to higher-value work, maintain coverage across time zones and improve consistency.
In practice, the strongest engagements are clear about who owns what, how handoffs work and how success is measured.
Software trust is front and center.
Questions about software origin, components and build integrity have become common well beyond regulated industries to ensure trust across the supply chain.
Increasingly, I hear these questions asked early—before an incident forces the issue.
The skills gap persists.
Teams remain stretched. Automation, playbooks and service catalogs help reduce burnout, but hiring and keeping people with both technical depth and business context remains difficult.
Almost every leader I speak with raises this challenge before they talk about tools.
Taken together, these shifts reflect a broader change in how security is judged and delivered.
Outcomes, not tool counts, define what comes next.
What Comes Next
If the past year clarified direction, the next phase will text execution.
Security is entering a phase of operational accountability. Leaders will be judged on consistency, speed and resilience instead of intent or slide decks. Execution will define credibility.
AI governance with measurable impact.
Boards will increasingly ask for proof that AI improves speed and accuracy without creating new risks around data or model safety. The conversation is moving quickly—from pilots to clear rules around data use, retention, model evaluation and safeguards.
Strong programs will start small, focus on a few measurable use cases—such as alert reduction, case summarization, guided response and configuration drift detection—and track results from day one.
Planning for change as a constant.
At this point, variability is part of normal operations. That means preparing for shifts in sourcing, validating firmware, checking devices and software and strengthening controls across build and deployment processes. Logistics, maintenance and secure disposal now belong in the security conversation alongside plans for regional disruption.
Where consolidation is heading.
The destination is not a single, one-size-fits-all stack. It’s a smaller set of well-connected platforms with open interfaces, clear data agreements and service models partners can operate at scale.
The real benefits appear in everyday operations: faster detection, faster containment, more predictable recovery and the confidence to make changes without breaking controls.
Talent strategies that can scale.
The next phase combines training, apprenticeships and layered operating models. Automation should handle repetitive tasks so experience staff can focus on complex investigations and design work. Clear growth paths help teams keep learning—and stay engaged.
Operational consistency as a control.
Expect closer attention on how work gets done, how playbooks are followed, how exceptions are handled and how lessons learned shape daily routines.
Operational consistency is itself a security control.
Practical steps partners can act on:
- Start with outcomes. Focus on a few metrics that matter—cycle time, containment time, alert quality and recovery predictability—and build dashboards teams use daily.
- Design for trust. Make component tracking and change visibility routine so teams can quickly understand what changed and why.
- Keep systems flexible. Build in operations so supply challenges don’t become business blockers, and document tradeoffs clearly.
- Use AI thoughtfully. Pair measurable use cases with sound data practices and oversight. Track what was automated, what was suggested and where people made the final call.
- Invest in people. Create clear paths from entry-level roles to advanced work that reward skill and judgment instead of credentials.
Hybrid environments are becoming the norm.
Limits on memory and compute, especially for AI workloads, are pushing organizations toward cloud models where capacity is easier to scale. As a result, environments are increasingly hybrid by default, with workloads moving between on-premises and cloud based on cost and availability.
Security needs to work the same way in both places. Identity, data protection and visibility must follow the workload. If it follows the hardware, there’s increasingly less chance for it to succeed.
AI is Reshaping Where Risk Appears
AI adds new complexity not just in how systems are built, but in how they run. Data now moves through training, tuning and inference pipelines, each of which introduce risk.
Agentic AI raises that risk further because these systems don’t wait for input. They act, call APIs, trigger workflows and make decisions. That creates a new attack surface.
Security teams need to address:
- Access for machines, models and automated agents.
- Data protection across training and inference.
- Model integrity and resistance to tampering.
- Visibility into agent behavior.
- Control over automated actions and integrations.
Traditional static controls don’t fully fit this model. Monitoring, enforcement and oversight must evolve together. Building these capabilities will be a major driver of security growth, and it’s already underway.
Why This Matters for Partners
Across the ecosystem, progress builds through many small, well-run decisions. When organizations focus on results, insist on trust and invest in people, customers face fewer surprises and recover faster.
Your goal? Resilience.
And increasingly, that resilience comes from constant daily operations rather than random moments of crisis.
Where Partners Go Next
The path forward requires structure. Partners need a clear, repeatable way to grow security practices across technologies, vendors and customer needs—at scale and profitably.
Security will keep moving quickly. Uncertainty won’t disappear. In more complex environments, progress comes from clarity in how security runs day-to-day.
Clear outcomes.
Simple operations.
Strong trust.
Teams focused on high-value work.
With those principles in place, the future of global security will favor partners who execute with discipline and scale with purpose.
Follow Mariano O’Kon on LinkedIn for more on security and the global partner landscape.
