Challenges and Pathways in Cybersecurity Career Development
The cybersecurity industry continues to grapple with a persistent talent gap, with organizations struggling to fill critical roles due to a combination of hiring practices and perceived skills shortages. Carol Lee Hobson, CISO at PayNearMe, highlights that the issue is not solely a lack of qualified candidates but also stems from misaligned compensation structures and limited entry-level opportunities. She emphasizes the importance of creating clear pathways for newcomers, including internships and junior roles, to help bridge the gap between education and employment. Retention is another significant challenge, with many professionals leaving due to inadequate professional development, inflexible work environments, and insufficient support from leadership. Hobson notes that fostering a culture of mentorship and continuous learning is essential for building a robust pipeline of future security leaders. Diversity in the cybersecurity workforce is gradually improving, and this trend is seen as a positive force for innovation and resilience within teams. In parallel, industry experts argue that the most effective entry into cybersecurity is not through specialized roles like red teaming but by developing a strong understanding of risk management and business fundamentals. Security Operations Center (SOC) roles and foundational security positions are often more accessible and provide a broader perspective on organizational security needs. The misconception that red teaming is the primary or most prestigious entry point can deter candidates from pursuing other valuable career paths. Understanding how businesses operate and what assets need protection is considered more critical than technical prowess in offensive security for those starting out. Podcasts and industry discussions reinforce the message that a well-rounded skill set, including communication and risk assessment, is highly sought after by employers. The evolving landscape of cyber threats requires professionals who can adapt and think strategically, not just technically. Organizations are encouraged to rethink their hiring criteria, focusing on potential and aptitude rather than rigid experience requirements. By aligning compensation, offering flexible work arrangements, and investing in employee growth, companies can better attract and retain top talent. The collective insights from industry leaders and practitioners underscore the need for a holistic approach to cybersecurity career development, balancing technical skills with business acumen and people-centric strategies. As the field matures, the emphasis is shifting toward building sustainable, diverse, and adaptable teams capable of meeting the complex challenges of modern cyber risk.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Career Pathways and Talent Development in Cybersecurity Education
Cybersecurity education is evolving to address the persistent talent gap in the industry, with professionals entering the field from diverse backgrounds, including both traditional educators and those with hands-on security experience. The scope of cybersecurity education now encompasses not only university classrooms but also community colleges, corporate training, online learning platforms, and mentorship programs, all aimed at equipping individuals with the skills needed to protect critical systems. Military veterans are increasingly recognized as valuable contributors to the cybersecurity workforce, bringing with them a strong sense of duty, risk management skills, and experience with advanced technologies. Their training in leadership, mission focus, and adherence to security protocols makes them well-suited for roles in cybersecurity, especially as the field seeks to counter rising threats fueled by AI and other emerging technologies. The integration of veterans and experienced professionals into cyber education and operational roles is seen as a key strategy for strengthening the industry's defenses and closing the skills gap.
Mar 21, 2026
Cybersecurity Career Opportunities and Leadership Approaches
A range of cybersecurity job openings are currently available across multiple organizations, including roles such as Cybersecurity Threat Intelligence Analyst, Application Security Engineer, BISO, and Cloud Security Engineer. These positions emphasize responsibilities like vulnerability scanning, incident analysis, risk assessment, and the implementation of security controls in diverse environments such as IT, OT, DeFi, Web3, and cloud infrastructures. Employers are seeking candidates with skills in threat intelligence, application security, risk management, and cloud security, with some roles highlighting the integration of AI tools and collaboration with business units to enhance security posture. In addition to job opportunities, cybersecurity leadership is evolving to prioritize empathy, curiosity, and continuous learning. Myke Lyons, CISO at Cribl, exemplifies this trend by drawing on his unconventional background in the culinary industry to foster a security culture that values mentorship, learning from diverse experiences, and using empathy to guide incident response and team development. This approach underscores the importance of hiring for potential and adaptability, rather than solely technical credentials, and encourages a supportive environment where security incidents are treated as learning opportunities rather than failures.
Mar 21, 2026
Cybersecurity Workforce Skills and Talent Pipeline Challenges
The cybersecurity industry is grappling with a persistent skills gap, prompting discussions about the need for more generalists, the value of diverse backgrounds such as military veterans, and the current landscape of job opportunities. Industry voices highlight concerns that over-specialization and a focus on tool management have led to inefficiencies, while advances in AI and better design could help refocus efforts on solving core security problems. At the same time, the sector is actively seeking talent for a wide range of roles, from threat intelligence analysts to CISOs and data protection engineers, reflecting the breadth of skills required to secure modern organizations. Military veterans are increasingly recognized as a vital talent pool for cybersecurity, with their discipline, leadership, and mission-critical mindset translating well to cyber defense roles. The field is open to veterans from all specialties, not just those with technical backgrounds, and organizations are leveraging their unique skills to strengthen security operations. The ongoing demand for cybersecurity professionals, combined with calls for broader skill sets and the integration of non-traditional candidates, underscores the industry's urgent need to address workforce challenges and adapt to evolving threats.
Mar 21, 2026