The cybersecurity job market is experiencing something extraordinary—and deeply contradictory. There seems to be plenty of cybersecurity positions that remain unfilled across the United States, representing a 12% year-over-year increase in open roles. Entry-level security analysts are commanding starting salaries well into six figures. Organizations are competing fiercely for cloud security architects, incident responders, and GRC analysts.
Yet skilled professionals—both newcomers and veterans—find themselves trapped in application purgatory, watching job postings multiply while rejection letters pile up. We covered this recently in our story here, and in-depth report available here.
"The current market is tough and lean, with many people out of work despite so many job postings looking for cybersecurity workers," said David Marcus, federal senior security technologist and principal engineer at Intel. "There's significant confusion about AI's role and that's making the job market volatile, with rapid shifts in terminology and perceived skill requirements."
This is the cybersecurity talent paradox of 2025: simultaneous starvation and paralysis. The field desperately needs people, but neither employers nor job seekers seem yet to fully align on what skills those people should possess in an AI-dominated future.
AI Disruption Reshaping Security Roles
The confusion stems from a fundamental transformation. AI and automation are rapidly rewriting the cybersecurity playbook, automating traditional endpoint security, legacy vulnerability management, and manual penetration testing. Roles that once defined the profession are evaporating, replaced by demands for machine learning security analysts, adversarial ML researchers, AI model auditors, and security automation engineers—positions that barely existed two years ago.
"You'd better learn AI or learn a skill to uplift yourself real fast," Marcus warned. "If 80% of what you can do can be automated, you'll be automated away in no time. You're a sandcastle out there with the tide coming in."
For Andrew Storms, VP of security at commercial software platform Replicated, the shift is already affecting hiring decisions. "I want to hire engineers with a sharp desire and abilities to work with AI," Storms said. "How candidates code with AI is important today. I want to see that they understand how to use AI tools safely and effectively."
The requirements are evolving faster than the workforce can retrain. Fields once considered auxiliary—digital forensics, privacy law, AI governance—now sit at the strategic center of security programs. Cloud-native architectures and AI-driven threat analytics demand fluency in scripting, automation, and cross-platform controls. DevSecOps integration requires deep understanding of CI/CD pipelines. Incident response has become a test of advanced threat hunting, forensics, and orchestration, not just technical triage.
Meanwhile, traditional security operations center work—alert monitoring, basic triage—faces existential questions as AI assumes routine detection and remediation tasks.
The Skills Employers Actually Need (But Can't Articulate)
Part of the problem is that organizations don't entirely know what they're looking for. "No one has really figured out what AI means in the marketplace," Marcus acknowledged. "We don't know what roles will exist in ten years or what in-demand skills will look like. I'm sure, however, there will always be demand for people in many of these roles."
The certifications market reflects this uncertainty. Established professionals are pursuing everything from Google Professional Machine Learning Engineer and AWS Certified Machine Learning to Microsoft Certified Azure AI Engineer Associate and specialized programs from Stanford, NVIDIA, and IBM. But whether these credentials actually translate into job offers remains unclear.
Interestingly, the most valuable skills emerging from this chaos aren't purely technical. As AI automates routine work, soft skills are commanding a premium: communicating risk in boardroom language, bridging the trust gap with business stakeholders, leading cross-functional teams under stress, and demonstrating commercial awareness. The most sought-after cybersecurity leaders aren't just technically adept—they're adaptable, empathetic, and capable of articulating security's business value.
Chris Blow, a director of cybersecurity at global insurer Liberty Mutual, emphasizes this foundation. "I would love to see more people not just jump straight into cybersecurity but instead focus on other facets of IT and grow from that baseline," Blow said. "Some of the best professionals I've worked with came from the SOC, or the Help Desk, or some other area of IT before they touched cybersecurity, because they wanted to know how the bread was made."
No matter your cybersecurity career path, resiliency is your ultimate firewall. Embrace AI upskilling, hone soft skills like communication and leadership, and build a broad IT foundation—because in this paradox of plenty, the pros who evolve fastest will thrive amid the chaos.
