The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact

Daniel Boughton; Iain Reid

The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact

Daniel Boughton^*, Iain Reid

^*Corresponding author for this work

School of Criminology and Criminal Justice

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper examines the incorporation of artificial intelligence (AI) in cybersecurity operations, with a specific focus on applied machine learning within Security Operations Centres (SOCs). A mixed-methods approach was used, surveying 58 cybersecurity professionals from sectors including banking, healthcare, and technology, to investigate adoption, perceived advantages and drawbacks, and the implications for the human workforce. Quantitative results indicate extensive use of machine learning for alert triage and behavioural analytics, while qualitative findings underscore conditional trust, deficiencies in training, and the evolving dynamics of analyst roles. Thematic analysis identified fundamental categories such as AI as copilot, explainability and trust, and ethical risk. These findings indicate that although machine learning improves efficiency and alleviates cognitive burden, its adoption relies on transparent governance, continuous human monitoring, and professional development. This study enhances academic and industrial discussions by prioritising practitioner perspectives and clarifying the socio-technical considerations of machine-learning adoption in SOCs.

Original language	English
Title of host publication	Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025)
Editors	Marija Topuzovska Latkovikj, Peter Bednar, Mikko Rajanen, Joakim Kävrestad, Helena Vallo Hult, Amany Elbanna
Publisher	CEUR Workshop Proceedings
Number of pages	12
Volume	4134
Publication status	Published - 20 Dec 2025
Event	11th International Workshop on Socio-Technical Perspectives in Information Systems: STPIS 2025 - North Macedonia, Skopje, Macedonia, The Former Yugoslav Republic of Duration: 17 Sept 2025 → 18 Sept 2025 Conference number: 11 https://stpis.org/

Publication series

Name	Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems
Publisher	CEUR Workshop Proceedings
ISSN (Electronic)	1613-0073

Conference

Conference	11th International Workshop on Socio-Technical Perspectives in Information Systems
Abbreviated title	STPIS 2025
Country/Territory	Macedonia, The Former Yugoslav Republic of
City	Skopje
Period	17/09/25 → 18/09/25
Internet address	https://stpis.org/

Keywords

Artificial intelligence
machine learning
Security Operations Centres
SOC
human factors
workforce1

Access to Document

The role of Artificial Intelligence in SOC operationsFinal published version, 1.88 MBLicence: CC BY

https://ceur-ws.org/Vol-4134/

Cite this

Boughton, D., & Reid, I. (2025). The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact. In M. T. Latkovikj, P. Bednar, M. Rajanen, J. Kävrestad, H. V. Hult, & A. Elbanna (Eds.), Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025) (Vol. 4134). Article 28 (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems). CEUR Workshop Proceedings. https://ceur-ws.org/Vol-4134/

Boughton, Daniel ; Reid, Iain. / The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact. Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). editor / Marija Topuzovska Latkovikj ; Peter Bednar ; Mikko Rajanen ; Joakim Kävrestad ; Helena Vallo Hult ; Amany Elbanna. Vol. 4134 CEUR Workshop Proceedings, 2025. (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems).

@inproceedings{278b3387bc0c4e2db0e434039af59059,

title = "The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact",

abstract = "This paper examines the incorporation of artificial intelligence (AI) in cybersecurity operations, with a specific focus on applied machine learning within Security Operations Centres (SOCs). A mixed-methods approach was used, surveying 58 cybersecurity professionals from sectors including banking, healthcare, and technology, to investigate adoption, perceived advantages and drawbacks, and the implications for the human workforce. Quantitative results indicate extensive use of machine learning for alert triage and behavioural analytics, while qualitative findings underscore conditional trust, deficiencies in training, and the evolving dynamics of analyst roles. Thematic analysis identified fundamental categories such as AI as copilot, explainability and trust, and ethical risk. These findings indicate that although machine learning improves efficiency and alleviates cognitive burden, its adoption relies on transparent governance, continuous human monitoring, and professional development. This study enhances academic and industrial discussions by prioritising practitioner perspectives and clarifying the socio-technical considerations of machine-learning adoption in SOCs.",

keywords = "Artificial intelligence, machine learning, Security Operations Centres, SOC, human factors, workforce1",

author = "Daniel Boughton and Iain Reid",

year = "2025",

month = dec,

day = "20",

language = "English",

volume = "4134",

series = "Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems",

publisher = "CEUR Workshop Proceedings",

editor = "Latkovikj, \{Marija Topuzovska \} and Bednar, \{Peter \} and Rajanen, \{Mikko \} and K{\"a}vrestad, \{Joakim \} and Hult, \{Helena Vallo \} and Elbanna, \{Amany \}",

booktitle = "Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025)",

note = "11th International Workshop on Socio-Technical Perspectives in Information Systems : STPIS 2025, STPIS 2025 ; Conference date: 17-09-2025 Through 18-09-2025",

url = "https://stpis.org/",

}

Boughton, D & Reid, I 2025, The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact. in MT Latkovikj, P Bednar, M Rajanen, J Kävrestad, HV Hult & A Elbanna (eds), Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). vol. 4134, 28, Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems, CEUR Workshop Proceedings, 11th International Workshop on Socio-Technical Perspectives in Information Systems, Skopje, Macedonia, The Former Yugoslav Republic of, 17/09/25. <https://ceur-ws.org/Vol-4134/>

The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact. / Boughton, Daniel; Reid, Iain.
Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). ed. / Marija Topuzovska Latkovikj; Peter Bednar; Mikko Rajanen; Joakim Kävrestad; Helena Vallo Hult; Amany Elbanna. Vol. 4134 CEUR Workshop Proceedings, 2025. 28 (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact

AU - Boughton, Daniel

AU - Reid, Iain

N1 - Conference code: 11

PY - 2025/12/20

Y1 - 2025/12/20

N2 - This paper examines the incorporation of artificial intelligence (AI) in cybersecurity operations, with a specific focus on applied machine learning within Security Operations Centres (SOCs). A mixed-methods approach was used, surveying 58 cybersecurity professionals from sectors including banking, healthcare, and technology, to investigate adoption, perceived advantages and drawbacks, and the implications for the human workforce. Quantitative results indicate extensive use of machine learning for alert triage and behavioural analytics, while qualitative findings underscore conditional trust, deficiencies in training, and the evolving dynamics of analyst roles. Thematic analysis identified fundamental categories such as AI as copilot, explainability and trust, and ethical risk. These findings indicate that although machine learning improves efficiency and alleviates cognitive burden, its adoption relies on transparent governance, continuous human monitoring, and professional development. This study enhances academic and industrial discussions by prioritising practitioner perspectives and clarifying the socio-technical considerations of machine-learning adoption in SOCs.

AB - This paper examines the incorporation of artificial intelligence (AI) in cybersecurity operations, with a specific focus on applied machine learning within Security Operations Centres (SOCs). A mixed-methods approach was used, surveying 58 cybersecurity professionals from sectors including banking, healthcare, and technology, to investigate adoption, perceived advantages and drawbacks, and the implications for the human workforce. Quantitative results indicate extensive use of machine learning for alert triage and behavioural analytics, while qualitative findings underscore conditional trust, deficiencies in training, and the evolving dynamics of analyst roles. Thematic analysis identified fundamental categories such as AI as copilot, explainability and trust, and ethical risk. These findings indicate that although machine learning improves efficiency and alleviates cognitive burden, its adoption relies on transparent governance, continuous human monitoring, and professional development. This study enhances academic and industrial discussions by prioritising practitioner perspectives and clarifying the socio-technical considerations of machine-learning adoption in SOCs.

KW - Artificial intelligence

KW - machine learning

KW - Security Operations Centres

KW - SOC

KW - human factors

KW - workforce1

M3 - Conference contribution

VL - 4134

T3 - Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems

BT - Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025)

A2 - Latkovikj, Marija Topuzovska

A2 - Bednar, Peter

A2 - Rajanen, Mikko

A2 - Kävrestad, Joakim

A2 - Hult, Helena Vallo

A2 - Elbanna, Amany

PB - CEUR Workshop Proceedings

T2 - 11th International Workshop on Socio-Technical Perspectives in Information Systems

Y2 - 17 September 2025 through 18 September 2025

ER -

Boughton D, Reid I. The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact. In Latkovikj MT, Bednar P, Rajanen M, Kävrestad J, Hult HV, Elbanna A, editors, Proceedings of the 11th International Workshop on Socio-Technical Perspectives in Information Systems (STPIS 2025). Vol. 4134. CEUR Workshop Proceedings. 2025. 28. (Proceedings of the International Workshop on Socio-Technical Perspectives in Information Systems).

The role of Artificial Intelligence in SOC operations: Adoption, perception, and workforce impact

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this