Cybersecurity is a critical pillar of the modern digital ecosystem, safeguarding sensitive data, financial systems, and critical infrastructure from ever-evolving cyber threats.
As businesses and governments increasingly rely on interconnected systems, the demand for skilled cybersecurity professionals has surged. Yet, there remains a significant gap in the workforce, with millions of job vacancies globally, according to NukuDo, a cybersecurity workforce development company.
Meanwhile, reports of cyber-attacks continue to occur regularly, from personal ransomware incidents to enterprise and organizational data breaches.
The AI Innovator caught up with Dean Gefen, CEO of Nukudo, to discuss the cybersecurity job landscape and the trends he is seeing.
The following is an edited version of that conversation.
The AI Innovator: The cybersecurity skills gap is well-documented. What do you see as the primary reasons behind this shortage, and how can the industry address it more effectively?
Dean Gefen: The shortage of cybersecurity professionals stems from several factors. First, the sheer volume of data being generated, stored, and accessed globally has increased the vulnerability to cyberattacks, but the workforce to defend against these threats has not kept pace. Traditional paths into cybersecurity — such as specific degree programs — are limiting and do not tap into non-traditional candidates. This results in a skills gap not just in the U.S., where we are short by half a million professionals, but globally, where the shortage reaches over 3 million.
The industry must focus on eliminating barriers for entry and identifying candidates who possess the right aptitude, attitude, and motivation to excel in cybersecurity. Hands-on training, continuous upskilling, and guaranteed career opportunities are vital approaches to prepare professionals who can contribute effectively from day one and adapt as technology advances and threats evolve.
With the rise of automation and AI, will the demand for human cybersecurity professionals decrease, or is there a complementary role that AI can play alongside skilled workers?
Automation and AI are powerful tools in the cybersecurity landscape, but they will not replace the need for human professionals. In today’s cybersecurity tooling ecosystem, there is still not one solution that does it all and protects a company across its entire ecosystem. Today’s environment still requires many tools to adequately defend against attacks. There’s a risk of relying too heavily on AI-driven tools without sufficient human oversight, leading to complacency or overconfidence in AI’s capabilities.
A well-governed AI practice should always incorporate a human in the loop, providing oversight to ensure that the data being interpreted by AI is yielding accurate and expected results. For the foreseeable future, AI will complement skilled workers by handling routine tasks, allowing cybersecurity experts to focus on more complex and strategic issues. Human professionals are essential for interpreting data, making critical decisions, and responding to nuanced and sophisticated attacks.
As AI and automation tools become more integrated into cybersecurity defenses, how can professionals ensure they have the right skills to work with these technologies rather than be replaced by them?
Professionals can stay relevant by developing a strong foundational understanding of both IT and cybersecurity. This includes knowing how to use AI tools effectively and understanding their limitations. Professionals can stay relevant by developing a unique blend of technical knowledge, strategic insight, ethical awareness, and communication skills.
Rather than viewing AI as a replacement, they should see it as a tool that enhances their capabilities, allowing them to focus on high-value tasks that require human intuition, judgment, and adaptability.
Real-world training scenarios should incorporate AI tools into cybersecurity strategies, ensuring that professionals are comfortable with automation while mastering the fundamentals of network defense and incident response. Flexible training programs must adapt to new trends, threats, or concepts requiring attention.
What role do you see AI playing in both offense (cyberattacks) and defense (cybersecurity), and how should professionals prepare to address AI-driven threats?
AI can be both a tool for defense and a weapon in the hands of attackers. On the offense, AI can be used to automate attacks, finding vulnerabilities faster than humans can detect them. On the defense, AI can provide enhanced monitoring, detection, and response capabilities.
Professionals need to be prepared to counter AI-driven threats by understanding the underlying technologies. Ultimately, AI’s role in cybersecurity will continue to grow, both as an asset and as a challenge. Training programs must equip professionals to think like attackers, using offensive insights to build stronger, more adaptive security solutions that keep them a step ahead of evolving threats.
Cyber threats are constantly evolving. What emerging threats do you see as most concerning over the next few years, and how can professionals be trained to stay ahead of these threats?
One of the most concerning emerging threats is the rise of AI-driven cyberattacks, where adversaries use automation to scale attacks more quickly and efficiently. Attacks on critical infrastructure, health care, and financial services will also continue to grow, with ransomware and supply chain attacks becoming increasingly sophisticated.
The industry must emphasize continuous learning through frequent refresher training to keep cybersecurity professionals updated on the latest threats and ensure they are equipped to handle them.
How have the types of cyberattacks evolved, particularly in sectors like health care, financial services, and critical infrastructure, and what new skills are necessary to tackle these sector-specific threats?
In sectors like health care, financial services, and critical infrastructure, attacks have become more targeted and sophisticated. For instance, health care systems have become prime targets due to the sensitive nature of patient data, while financial services face constant threats related to fraud and data breaches. Critical infrastructure is increasingly vulnerable to nation-state actors.
Tackling these threats requires sector-specific knowledge, such as understanding how medical devices can be compromised or the intricacies of financial transaction systems. Training programs must include hands-on experience tailored to these high-risk sectors.
How has the approach to cybersecurity training evolved over the last decade? What are the key skills or areas of expertise that weren’t as emphasized before but are now critical?
Over the last decade, cybersecurity training has shifted towards a more practical, hands-on approach. Today, there is a greater emphasis on real-world scenarios, which was previously lacking. Skills like penetration testing, incident response, and network forensics are now critical and have become integral parts of training programs. Soft skills, such as problem-solving and adaptability, have also become more emphasized as the threat landscape continues to evolve.
Hands-on experience is often cited as a key component of effective training. How can the industry ensure that students and trainees gain real-world experience in managing cyber incidents?
Hands-on experience is indeed crucial. The industry should prioritize training that incorporates extensive real-world simulations, solving exercises that reflect actual cyber incidents. Partnering trainees with organizations after training ensures they gain valuable real-world experience while being supported by ongoing professional development.
Cybersecurity is a broad field with many specializations. What trends are you seeing in terms of the types of roles that are in highest demand, and how can individuals choose the right specialization for a sustainable career?
We are seeing increased demand for roles in cloud security, incident response, and offensive security (red teaming). As organizations move more data and operations to the cloud, professionals with cloud security expertise are highly sought after.
With cyber incidents becoming more frequent, those skilled in incident response and forensic analysis are in demand. Training programs that expose individuals to a wide range of cybersecurity specializations can help them discover what they excel in, aligning their strengths with industry needs for mutual benefit.
How do you foresee the cybersecurity workforce evolving over the next five to 10 years? What new skills or areas of expertise will be essential for professionals to remain relevant in an ever-changing threat landscape?
Over the next five to 10 years, we expect to see even greater integration of AI and automation in cybersecurity. This means professionals will need to not only understand how to use these technologies, but also how to defend against AI-driven attacks.
Skills in areas such as cloud, AI security, quantum computing, and machine learning will become increasingly relevant. To stay relevant, professionals must embrace continuous learning and develop a mix of technical and strategic skills to remain resilient against ever-evolving cyber threats.
Be First to Comment