Once a source of steady employment and career opportunities, the cybersecurity market has been in a state of flux over the last 12 months. On the positive side, job boards such as Cyberseek show more than 514,000 U.S. cyber job openings with over 1.3 million people employed in the field nationwide.
At the same time, technologies such as artificial intelligence are affecting how enterprises and other organizations hire, train, and retain cyber talent. Reports and studies have begun to show that generative AI is displacing some entry-level positions that have traditionally served as stepping stones toward career advancement in the security market.
By the end of 2025, reports and studies indicated that the cybersecurity space had begun showing signs of balance but also that a market once rich in career advancements was showing signs of strain. Data published by ICS2 found that 24 percent of cyber pros experienced a layoff in their organization this year, compared with 25 percent in 2024. At the same time, 39 percent of security workers reported hiring freezes over the last 12 months compared with 38 percent in the previous year.
“The surge in hiring freezes, layoffs, budget cuts and promotions reported in 2024 shows signs of stabilizing in 2025. Figures are beginning to level off rather than significantly diminishing, intimating the economic drivers that are forcing caution on spending to remain, adding pressure on existing cybersecurity teams,” according to the ICS2 report. “Many in the cybersecurity workforce are worried that economic austerity will harm the security resilience of the organizations in which they work.”
While stable for now, experts and industry insiders believe that additional disruptions and economic concerns will affect cybersecurity hiring and skills development in 2026.
Experts also noted that large and small organizations still need cybersecurity professionals with specific skill sets, such as penetration testing and knowledge of identity and access management (IAM) tools, to help create better defenses.
At the same time, these organizations are looking at AI as a way to tighten headcounts, trim costs, create efficiencies and boost profits.
“The relentless pace of technology means the skills gap will often widen as it is so hard to develop new skills while having full-time responsibilities,” Gareth Lindahl-Wise, CISO of Ontinue, recently told Dice. “Recruiting potential [talent] is often the best long-term strategy to build a cohesive team that can develop. If there are some real outliers from a technical skills perspective, consider the use of contractors to give you flexibility – especially if your use of technology changes at pace.”
Looking for Skilled Cyber Pros
While thousands of open security positions are still listed, recruiters and executives are searching for cybersecurity professionals who possess specific skill sets to meet their organization’s unique needs.
Diana Kelley, CISO of Noma Security, pointed to a study that found more than 50 percent of respondents could not find workers with the skill sets that matched their needs. At the same time, the recruiting process has become frustrating for those seeking employment, especially when generative AI fills some junior positions that younger workers previously used to build their CVs, ensuring that they were prepared for more skilled work.
“This is all very frustrating to people who recently entered the cyber workforce, assuming they'd be immediately employed, because entry-level cybersecurity jobs have become nearly impossible to land, with HR managers reporting 5,000 plus applications for a junior role,” Kelley told Dice. “No surprise, AI is making this even more complicated. Some companies require justification that proves AI can't do a role before the headcount is opened. In May, CrowdStrike replaced 500 jobs in part due to AI, and has stated that its hiring curve is flattening.”
While an easy answer is hard to find, Kelley believes that 2026 will see more hiring managers, executives and CISOs attempting to fill roles with skilled workers regardless of their education and previous experience.
“Companies with the most skills-based searches are 12 percent more likely to make a quality hire. CISOs will also look to apprenticeships, which allow companies to develop their workforce in-house rather than competing for expensive, fully-trained professionals,” Kelley added.
Cybersecurity organizations and their leaders must also look inward and recruit from within to help close these gaps, said Heath Renfrow, co-founder and CISO at Fenix24.
“We don’t lack people – we lack pathways to turn potential into capability. CISOs must stop recruiting unicorn résumés and instead adopt a ‘talent factory’ mindset,” Renfrow told Dice. “In 2026, the most successful programs will hire for aptitude and resilience, then invest heavily in on-the-job training and structured mentorship. Pair this with selective outsourcing for niche or 24/7 functions, and CISOs can build a sustainable talent engine instead of constantly fighting attrition.”
AI Security Skills Will Matter Most
While AI is taking some entry-level positions, experts note that those cybersecurity pros who understand and can work with these platforms will be the workers who find the most opportunities in 2026.
Kelley noted that the most important skills recruiters and executives will look for over the next 12 months include prompt engineering as well as the ability to develop AI to assist in threat hunting.
Other critical skills areas include AI governance as well as roles requiring strategic decision-making that still requires human judgment, creativity and contextual understanding – capabilities that AI cannot replicate.
Organizations will also need assistance in implementing AI safely and securely in security operation centers (SOCs), which can help augment the current cyber workforce, expand situational awareness, and accelerate mean time to action, which can allow cyber professionals to be more efficient, reduce fatigue, and prioritize security investigation workloads, said Nicole Carignan, senior vice president for security and AI strategy, and field CISO at Darktrace
“AI can act as a force multiplier, augmenting human teams by performing autonomous investigations to lower remediation time and accelerate the learnings of an incident,” Carignan told Dice. “Organizations must focus on implementing models that drive the accuracy of detection and data analysis to help uplift teams, enabling security teams to prioritize higher-level strategic efforts, like improving cyber resilience.”
Organizations also have a responsibility to help those wanting to learn to develop the skills they need. CISOs and other executives need to implement upskilling programs and other educational opportunities for cyber pros, said Amit Zimerman, co-founder and chief product officer at Oasis Security.
“These programs should focus on both foundational AI security knowledge and emerging threats like prompt injection. Partnering with universities and industry certification bodies to develop standardized curricula can help bridge the gap,” Zimerman told Dice. “Moreover, encouraging cross-functional collaboration between AI specialists, security professionals, and software engineers can help teams stay ahead of evolving threats. Implementing AI security tools that provide real-time threat detection and learning capabilities can also alleviate the skills gap by automating the identification of vulnerabilities like prompt injection.”