Cybersecurity Workforce Development

Cybersecurity keeps demanding “experienced talent” while quietly deleting the jobs that create experience. That is not a pipeline problem. It’s math. In the legal profession, some organizations solved this issue long ago. New lawyers take on real work with real consequences, but with bounded scope, structured supervision, and escalating responsibility. Legal aid, public defenders, and state attorney offices are not “practice labs.” They’re supervised training grounds that build competent professionals fast without pretending the stakes are low. Cyber can do the same. In this month's Hiring Up newsletter, I wrote a blueprint for creating true entry-level cyber roles that are safe, valuable, and scalable. It lays out: • a three-phase progression (lane-based execution → ownership with guardrails → cross-training) • four lanes that work in the real world (GRC, vulnerability management, awareness/training, IAM) • what supervision has to look like to count • why this also helps retain mid and senior talent instead of burning them out If your organization is stuck in the “minimum 3+ years for entry-level” loop, this is a way out and forward. Read the full article below. #cybersecurity #talent #workforcedevelopment #hiring #riskmanagement

I’ve been thinking a lot about the cybersecurity talent debate, and a recent conversation with Raghu Nandakumara from Illumio. Everyone repeats the same headline. Three million open cybersecurity roles. Zero percent unemployment for anyone who steps in. On paper, it looks like an opportunity machine. Here’s the reality Raghu shared with me, and it cuts through the hype. He told me about a family friend in India with a master’s degree in cybersecurity. Technically capable. Motivated. Job-ready for many SOC analyst roles. But he was repeatedly rejected because he “only” has six months of real-world experience instead of five years. That is the chicken-and-egg problem at the heart of the skills crisis. Employers say they cannot find talent. Skilled people are ready to work. And the experience bar locks them out anyway. So we end up creating our own shortage. Are we repeating this same mistake with AI right now? If AI tools remove large parts of entry-level work, where do tomorrow’s junior professionals learn their craft? How do they build judgment, muscle memory, and professional confidence if there is no pathway in? Cybersecurity taught us that one tech buzzword can mask dozens of different job pathways. AI is exactly the same. Many treat it as a single discipline when in reality, there are at least 16 distinct career paths. We need to rethink recruitment, apprenticeships, and early-career design before the ladder gets pulled up again. If cybersecurity and AI are the backbone of our digital economy, we cannot afford a closed system that shuts out newcomers and does not upskill existing workers. I’d love to know how you see this playing out in your organization. You can also listen to my full conversation with Raghu Nandakumara about how Illumio is helping leaders rethink cybersecurity for a world where attacks keep happening. https://lnkd.in/eHC_k-7n #Cybersecurity #Recruitment #AI #Future #Podcast

The oft referenced cybersecurity talent crisis is not what we think it is. For years, we have called it a pipeline problem—not enough graduates, not enough certifications, not enough people entering the field. But that diagnosis misses what's actually broken. The real crisis? An imagination problem. We are hiring for yesterday's threats while adversaries are beginning to operate in tomorrow's reality. AI has fundamentally rewritten the rules of offense and defense, yet our talent strategies remain stubbornly anchored to a world that no longer exists. Here's the uncomfortable truth: The constraint is not AI's capability—it is human capacity to make sense of what the technology is telling us, to ask the right questions, and to think at machine speed. At Microsoft, our most effective AI-era defenders come from unexpected places: economists who understand game theory, linguists probing LLMs for semantic manipulation, psychologists studying how humans trust AI-generated content. These are not traditional security hires, but they bring exactly the cognitive diversity that spots vulnerabilities purely technical teams miss. The threat actors are rapidly adapting to the age of AI. If you are leading a security organization right now, you're facing a critical question: How do you build teams that can match that pace? I believe we need to fundamentally rethink how we recruit, retain, and develop cybersecurity talent—and why the traditional playbook is failing us in this moment: https://lnkd.in/gXHGY_D4 As a cyber optimist, I am confident the decisions security leaders make now will determine whether we stay ahead of AI-powered adversaries or fall behind. Would welcome your perspective on what's working in your organization.

America’s talent shortage is one of our most urgent national security challenges. A new report from JPMorganChase’s PolicyCenter points to a sobering reality: the U.S. simply does not have enough skilled workers to build, compete, or protect its economic and strategic interests. Critical sectors are feeling the strain. 75% employers report difficulty finding qualified talent, 40% of adults lack basic digital skills, and manufacturing alone may need 3.8 million workers by 2033 with nearly half of those jobs projected to go unfilled. Technology roles are expected to grow at twice the rate of the rest of the labor market, and energy apprenticeships must expand significantly to meet future demand. JPMorganChase’s Security and Resiliency Initiative is investing $1.5 trillion dollars to strengthen strategic industries. But the report is clear: capital cannot deliver results without a strong talent pipeline. Workforce must be treated as core infrastructure. The report highlights several polices to strengthen the talent pipelne: ✅ Scale high quality apprenticeships to expand pathways into advanced manufacturing, energy, AI, and cybersecurity. ✅ Increase employer based training through reforms to WIOA that allow more investment in upskilling and on the job training. ✅ Strengthen industry and sector partnerships that align employers, education providers, and community organizations around shared workforce needs. ✅ Expand public private partnerships so education and training programs stay closely connected to in demand careers. ✅ Accelerate digital skill development by updating federal definitions of basic skills and expanding access to digital literacy programs. ✅ Implement Workforce Pell effectively by aligning federal regulations with state workforce systems, supporting classroom instruction connected to apprenticeships, and ensuring states use data to approve only high quality short term training programs aligned to critical industries. Last week's release of the National Security Strategy and the Administration’s AI Action Plan both make clear that America’s strategic advantage will hinge on our ability to innovate, deploy, and secure critical technologies like AI and quantum computing. But none of these ambitions can be realized without a workforce equipped with the skills to build, operate, and secure these technologies. Closing the talent gap isn’t just an economic imperative; it is foundational to sustaining our technological edge, economic resilience, and national security https://lnkd.in/gsa45XxV

We do not have a cybersecurity talent shortage. We have a cybersecurity readiness gap. Last week, a group of trainees in San Antonio defended a simulated corporate network during a live cyber range exercise. It was hands-on. Real tools. Real attack flow. Real stress. Here is the part we need to talk about: More than 700 people have gone through that program. Fewer than half landed jobs. This demonstrates the distance between education, certification, and operational reality. Our industry often treats cybersecurity talent like it is a pipeline problem. It is not. It is a preparation and deployment problem. Classroom training alone does not create defenders. Certifications alone do not build instincts. Theory without pressure does not translate to action at 2:00 a.m. when something breaks. If we want to scale the cybersecurity workforce, we need to rethink how we prepare and introduce talent into real environments: • Realistic attack simulations before the first day on the job • Apprenticeships that pair learning with live operations • Remote and flexible hiring models to widen the pool, not shrink it • A focus on capability and judgment, not only credentials Cybersecurity is a team sport. We do not fix this by searching harder for “unicorn candidates.” We fix it by building systems that equip driven people to become mission ready. I am curious how others are bridging the gap in their organizations. Are you leaning into simulations and apprenticeships, or still relying on traditional hiring funnels?

Had some really interesting conversations earlier in the week on talent shortage in cybersecurity Everyone is talking about the cybersecurity talent shortage. Companies complain about not finding the “right fit” or enough “experienced hires.” But here’s the gap a lot isn't paying enough attention to; Most organizations are still focused on hiring only experienced professionals, instead of building a pipeline of fresh talent. Imagine the opportunity they’re missing: - Bringing in undergraduates or entry-level candidates • Training them in real-world environments • Embedding company values and culture early on • Growing them into skilled professionals over time Yes, it takes patience. Yes, it takes investment. But the payoff is huge. We are talking ; - More available talent in the long run - Reduced hiring bottlenecks - Professionals who are shaped by your organization not just the last place they worked If we’re serious about closing the cybersecurity skills /talent gap, we can’t just keep recycling the same pool of experienced people.We have to build the next generation . The conversation was also a reminder of how much of the future CyBlack , CyberSafe Foundation and other great organizations are building.

The White House Office of the National Cyber Director (ONCD), in partnership with the Office of Management and Budget (OMB) and Office of Personnel Management (OPM), has launched Service for America—an initiative focused on preparing the U.S. for a digitally enabled future by expanding access to well-paying, meaningful jobs in cyber. Aligned with the 2023 National Cyber Workforce and Education Strategy (NCWES), this effort prioritizes skills-based hiring, removing unnecessary barriers, and promoting work-based learning opportunities like registered apprenticeships. These programs aim to create pathways for Americans from diverse backgrounds, including veterans, career changers, and rural workers, to step into rewarding careers in cyber. I believe this initiative is crucial for securing the future workforce in an AI-powered America. By focusing on skills and creating accessible pathways, we are building a stronger, more inclusive workforce ready to tackle the challenges of tomorrow. The importance of local partnerships and collaboration to meet the evolving needs of the cyber workforce cannot be understated! As we approach Cybersecurity Awareness Month, I encourage you to explore the different opportunities and resources available through this initiative. #ServiceForAmerica #CyberWorkforce #Cybersecurity 

2024 Cybersecurity Hiring Trends You Can’t Ignore 🛡️ The cybersecurity landscape is changing fast—and so is the demand for skilled talent. As cyber threats evolve, so must our approach to hiring. 📄 Here’s a breakdown of the hottest trends shaping cybersecurity recruitment in 2024 and some strategies to help you attract top talent. 🔍 Key Trends & Tips to Shape Your Hiring Strategy 🔹 AI & Machine Learning Expertise AI and machine learning are transforming cybersecurity by automating threat detection and response. 🌟 Tip: Target candidates with a background in data science, programming (especially Python), and AI/ML technologies. Consider partnering with tech boot camps and universities to tap into a pipeline of candidates trained in AI cybersecurity. 🔹Cloud Security & DevOps Skills With more companies shifting to the cloud, cloud security professionals are in high demand. The rise of DevOps means these pros need to work seamlessly across development and operations teams. 🌟Tip: Look for candidates experienced with platforms like AWS, Azure, and GCP. A solid understanding of DevOps principles will also make a candidate more versatile in integrating security within IT operations. 🔹Cybersecurity as a Service (CaaS) CaaS is on the rise, opening doors for professionals from diverse backgrounds, including sales and customer success. 🌟Tip: Seek candidates who have customer service experience and can simplify complex cybersecurity concepts for non-technical audiences. Those with sales backgrounds can be especially effective in client-facing CaaS roles. 🔹High Demand for Ethical Hackers Ethical hacking and penetration testing are vital for identifying vulnerabilities. These skills remain some of the most sought-after in the industry. 🌟Tip: Focus on candidates with certifications like Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP). Explore hacking communities and competitions for untapped talent. 🔹Cybersecurity Training & Awareness Roles Organizations are prioritizing cybersecurity education, creating new opportunities for professionals with training and instructional design skills. 🌟Tip: Look for individuals with experience in adult learning and a knack for simplifying technical content. Connecting with cybersecurity training companies can be a great way to find these niche talents. The cybersecurity job market is evolving quickly. 🌏 To stay ahead, align your hiring strategy with these trends to attract the talent needed for building world-class security teams. ✅ Which trend do you think will impact the cybersecurity job market the most? 🤔 Comment below! 👇👇👇 #Cybersecurity #TechTalent #FutureOfWork Source: techbullion

Is Once or Twice-A-Year Cyber Training Enough? If your answer is "no" or "not sure", you are not alone. In Singapore, human error remains the number one cause of cyber breaches. According to the 2024 Voice of the CISO report by Proofpoint, 67% of Chief Information Security Officers in Singapore identify human error as their greatest cybersecurity risk. And while most companies are making progress, 92% of CISOs say their employees understand their role in cybersecurity, that awareness has not yet translated into lasting behavioural change. Why is this the case? A Lesson from the Past The 2018 SingHealth breach compromised 1.5 million patient records, including those of Prime Minister Lee Hsien Loong. Investigations revealed that it was not only outdated systems and delayed responses that enabled the breach, but staff hesitation and gaps in training also played a critical role. The Committee of Inquiry made it clear: it was not just the technology that failed but also the human element. Why It Still Matters The simulation was conducted as part of Proofpoint's Exercise SG Ready, which involved over 4,500 employees across 14 countries. The results revealed that 17% of participants clicked on phishing links within a two-week period in Singapore, almost double the global average, highlighting the need for continuous, rather than one-time, cyber awareness training. What Could Work Instead Real change happens when learning is continuous and relevant. That means: - Short, focused modules delivered regularly, not all at once - Real-time phishing simulations that teach by doing - Monthly nudges and refreshers to keep awareness active - Make the training content personally relevant to the employees This is how you can build what we call a "human firewall", a workforce that is alert, informed, and ready to respond. Ready to Shift the Mindset? If the idea of turning routine training into something more engaging and lasting resonates with you, there are some interesting approaches worth exploring. I would love to share some ideas with you that could work in your local business context. #alvinsratwork ✦ #ExecutiveDirector ✦ #cybersecurity ✦ #cyberhygiene ✦ #Cyberawareness ✦ #BusinessTechnologist ✦ #Cyberculture