Source: CyberNews – By Jurgita Lapienytė
During layoffs and hiring freezes, when shortsighted businessmen choose temporary savings over long-term wins, visionary employers are scooping up top cyber talent.
Mass layoffs, hiring freezes, market uncertainty, and rushed AI integration crack businesses wide open to cyberattacks. Visionary leaders, however, can see the current situation as a rare opportunity to snatch talent in between jobs.
Current cybersecurity landscape
Cybersecurity is no longer on the margins. Reactive approach to cyber incidents is being replaced by proactive measures to prevent cyberattacks. But while the necessary tools and innovation to fend off attackers might be in place, specialists are nowhere to be found. And the situation is getting even worse every year.
According to The 2024 ISC2 Cybersecurity Workforce Study, the cybersecurity workforce gap is around 4,8 million, or 19% higher than the previous year. I would expect the demand will keep outpacing talent supply because of two main reasons:
Businesses favor AI over inexperienced workers. According to a 54‑page Stanford paper titled “Canaries in the Coal Mine? Six Facts about the Recent Employment Effects of Artificial Intelligence,” employment among early‑career workers (ages 22–25) in AI‑exposed sectors—such as software engineering and customer service—fell by about 13%. More experienced workers who could oversee AI are needed. But not all companies recognize the need to grow and upskill talent themselves.
AI is being implemented hastily by organizations and threat actors alike. Companies are eager to deploy AI tools to pursue the promising opportunities these technologies offer, often without realizing that doing so introduces additional security risks. Attackers, in turn, leverage AI at scale to automate the discovery and exploitation of vulnerabilities.
Recently, the The World Economic Forum (WEF) urged companies to implement cybersecurity measures at the speed of AI implementation as “AI introduces risk at the same rate as it introduces efficiencies.” They say security has to be a part of the strategic business roadmap.
But given there aren't enough specialists, is that easier said than done? Let me make a brief detour and give you a quick overview of the current job market to show that hope is not lost just yet.
What's happening with the job market and why it matters
If you asked me to describe it in one word, I'd say: uncertainty. Between market frenzy and AI‑bubble talk, and a rush to cut operational costs, employers seem unable to settle on a long‑term hiring strategy.
In the US, 7.2 million people (about 4.3%) are unemployed. Federal and AI-related layoffs, global trade tensions, and AI‑fueled uncertainty have left tens of thousands struggling to find jobs despite months of searching.
But businesses with a long‑term vision see opportunity. The talent pool has grown, making it easier to find the right candidate. Cybersecurity insiders say people are now more willing to relocate for work, and many value stability over salary—often accepting raises of only 3–4% instead of the 10–15% that was typical before.
Time to tap the bigger talent pool
AI is already replacing many intern tasks, especially in IT roles like programming, and companies are automating other functions such as customer support. But treating this shift as a looming catastrophe would be a mistake.
While AI automates some tasks and renders certain roles redundant, it also creates new jobs — and cybersecurity stands out as a clear growth area. Cybernews's in‑house investigations show that automation has, so far, introduced fresh security risks for organizations. For example, Lenovo's chatbot Lena could be compromised, giving attackers a way into internal systems.
Our researchers even outsmarted Meta AI, showcasing even the biggest players need more input and talent when it comes to the security of their systems.
As autonomous AI agents become capable of solving problems and acting on users' behalf, the attack surface that cybersecurity teams must defend will only expand.
“Cybersecurity is one of those rare fields where AI creates more work than it automates away,” a security insider told me.
We will not only need more people to defend our systems, but we will need more highly skilled people. In the short term, market turmoil may give employers a larger candidate pool, but that's no substitute for a long‑term talent strategy.
To meet future business needs, we must invest in young people now. Some intern tasks can be automated, but hiring and training juniors remains essential. Firms that focus solely on short‑term savings risk losing out — it's wiser to invest in the next generation of talent.
ISC2 highlighted that investing in entry-and junior-level talent is key to building a more resilient cybersecurity workforce.
The more we automate, the more human input we'll need. When searching for talent, cherish non‑technical skills like problem‑solving, analytical thinking, and a willingness to learn on the job.
In the age of AI, prioritize people.
ABOUT THE AUTHOR
Jurgita Lapienytė is the Editor-in-Chief at Cybernews, where she leads a team of journalists and security experts dedicated to uncovering cyber threats through research, testing, and data-driven reporting, including AI security. With a career spanning over 15 years, she has reported on major global events, including the 2008 financial crisis and the 2015 Paris terror attacks, and has driven transparency through investigative journalism. A passionate advocate for cybersecurity awareness and women in tech, Jurgita has interviewed leading cybersecurity figures and amplifies underrepresented voices in the industry. Recognized as the Cybersecurity Journalist of the Year and featured in Top Cyber News Magazine's 40 Under 40 in Cybersecurity, she is a thought leader shaping the conversation around cybersecurity. Jurgita has been quoted internationally – by the BBC, Metro UK, The Epoch Times, Extra Bladet, Computer Bild, and more. Her team reports on proprietary research highlighted in such outlets as the BBC, Forbes, TechRadar, Daily Mail, Fox News, Yahoo, and much more.
ABOUT CYBERNEWS
Cybernews is a globally recognized independent media outlet where journalists and security experts debunk cyber by research, testing, and data. Founded in 2019 in response to rising concerns about online security, the site covers breaking news, conducts original investigations, and offers unique perspectives on the evolving digital security landscape. Through white-hat investigative techniques, Cybernews research team identifies and safely discloses cybersecurity threats and vulnerabilities, while the editorial team provides cybersecurity-related news, analysis, and opinions by industry insiders with complete independence.
Cybernews has earned worldwide attention for its high-impact research and discoveries, which have uncovered some of the internet's most significant security exposures and data leaks. Notable ones include:
Cybernews researchers discovered multiple open datasets comprising 16 billion login credentials from infostealer malware, social media, developer portals, and corporate networks – highlighting the unprecedented risks of account takeovers, phishing, and business email compromise.
Cybernews researchers analyzed 156,080 randomly selected iOS apps – around 8% of the apps present on the App Store – and uncovered a massive oversight: 71% of them expose sensitive data.
Recently, Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews security research team discovered an unprotected Elasticsearch index, which contained a wide range of sensitive personal details related to the entire population of Georgia.
The team analyzed the new Pixel 9 Pro XL smartphone's web traffic, and found that Google's latest flagship smartphone frequently transmits private user data to the tech giant before any app is installed.
The team revealed that a massive data leak at MC2 Data, a background check firm, affects one-third of the US population.
The Cybernews security research team discovered that 50 most popular Android apps require 11 dangerous permissions on average.
They revealed that two online PDF makers leaked tens of thousands of user documents, including passports, driving licenses, certificates, and other personal information uploaded by users.
An analysis by Cybernews research discovered over a million publicly exposed secrets from over 58 thousand websites' exposed environment (.env) files.
The team revealed that Australia's football governing body, Football Australia, has leaked secret keys potentially opening access to 127 buckets of data, including ticket buyers' personal data and players' contracts and documents.
The Cybernews research team, in collaboration with cybersecurity researcher Bob Dyachenko, discovered a massive data leak containing information from numerous past breaches, comprising 12 terabytes of data and spanning over 26 billion records.
The team analyzed NASA's website, and discovered an open redirect vulnerability plaguing NASA's Astrobiology website.
The team investigated 30,000 Android Apps, and discovered that over half of them are leaking secrets that could have huge repercussions for both app developers and their customers.
