The most important skill for SOC analysts in the next five years isn't knowing your tools — it's knowing how to think alongside AI agents.

When I asked Michael Sinno, Director of Detection and Response at Google, for his advice to security teams making the transition to an agentic SOC, he said, “Critical thinking is key.”

AI agents naturally struggle with unknown unknowns. They answer based on what's in the prompt and their reasoning chain, but they don't naturally ask what they haven't considered. That's still a human job.

As more security teams automate their way out of manual triage, the analysts who thrive will be the ones who can check an agent's work and ask it the right questions.

Michael called it "playbook blindness" — the failure mode where you follow five steps, check the boxes, and close the ticket without ever asking what you might have missed. Teaching agents to avoid that trap is one of the hardest problems in this transition, but so is making sure humans don't fall into it while supervising them.

Michael's vision for the next two years: "the merge to autonomous." I think he's right, and this episode is the clearest map I've seen of what that actually looks like in production.

Check the full episode out below!