<p>The cybersecurity talent crisis has moved from a simple numbers problem to a fundamental mismatch between what organizations need and what the workforce can deliver.</p>
<p>While 87% of organizations plan to expand their security teams this year, according to Fortinet Training Institute’s “2026 Cybersecurity Skills Gap” <a href=”https://www.fortinet.com/content/dam/fortinet/assets/reports/2026-cybersecurity-skills-gap-report.pdf” target=”_blank” rel=”noopener”>report</a>, the CyberSeek <a href=”https://www.cyberseek.org/heatmap.html” target=”_blank” rel=”noopener”>online data tool</a> found that there are only enough available cybersecurity workers in the U.S. to meet 74% of employer demand.</p>
<p>As problematic as that data is, it doesn’t encapsulate the full extent of the workforce challenge. Cybersecurity leaders are finding not only a shortfall in the number of cybersecurity professionals, but also a significant misalignment between the <a href=”https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it”>available skills in the market</a> and those needed in enterprise cybersecurity departments.</p>
<p>Researchers from SANS Institute and GIAC called it “a widening skills gap that organizations struggle to close, even as they increasingly recognize that having the right abilities matters more than simply adding head count,” in the “2026 Cybersecurity Workforce Research Report.”</p>
<p>”The problem isn’t a shortage in head count. We’re never going to get the numbers we want to get. It’s really more about getting the needed skills,” said Brian Correia, director of global cyber workforce strategy and engagement at SANS.</p>
<p>CISOs must <a href=”https://www.techtarget.com/searchcio/feature/How-to-attract-tech-talent-The-essentials”>modernize their approach</a> to recruiting workers. This involves moving away from a conventional search strategy and adopting one that creates multiple talent pipelines and emphasizes workforce development to ensure hires continuously learn the latest skills.</p>
<section class=”section main-article-chapter” data-menu-title=”The impact of the security talent, skills gaps”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>The impact of the security talent, skills gaps</h2>
<p>Staffing challenges affect an organization’s cybersecurity posture. Recent <a href=”https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study” target=”_blank” rel=”noopener”>research</a> from ISC2 found that 88% of organizations experienced at least one significant cybersecurity event due to cybersecurity skills shortages.</p>
<p>Such findings are particularly troublesome because the increasing use of AI — both <a href=”https://www.techtarget.com/searchenterpriseai/tip/Evaluate-the-risks-and-benefits-of-AI-in-cybersecurity”>in SOCs</a> and <a href=”https://www.techtarget.com/searchsecurity/tip/Generative-AI-is-making-phishing-attacks-more-dangerous”>by malicious hackers</a> — is rapidly changing the types of skills needed by security professionals, putting organizations at even greater risk for incidents as they fall further behind in hiring.</p>
<p>”There are different skill sets needed in security due to AI,” said Vikram Desai, senior managing director of cyber strategy, risk and architecture at professional services firm Accenture. “But people don’t naturally have them. And very few organizations have training programs in place to help bridge this gap, so there is a giant gap between what is needed and the skills that job seekers present, and we [mistakenly] expect it to resolve itself.”</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Legacy practices hurt hiring”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Legacy practices hurt hiring</h2>
<p>Desai called the belief that cybersecurity professionals should come fully skilled for existing positions a “legacy mindset.” And it’s not the only one — plenty of other legacy recruitment strategies make it challenging for today’s CISOs to fill open roles.</p>
<p>For instance, the blanket requirement for candidates to hold a bachelor’s or master’s degree is, according to Shawn Murray, former president of the ISSA, “an old-fashioned approach that’s just not reasonable anymore.” Moreover, he said security skills are evolving so quickly that a degree is no guarantee that a candidate has the skills needed at the time of hiring.</p>
<p>Others criticized conventional recruitment strategies that put HR teams or recruiting firms in charge of defining candidate requirements and screening. These processes lead to an unrealistically long lis
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: