Reinventing the Recruiting Wheel: Addressing the Cyber Workforce Gap in 2025

As 2025 swings into full force, the talent shortage continues to be prevalent across the security industry. Research by the World Economic Forum indicates that since 2024, the cyber skills gap has increased by eight percent, with two out of three organizations reporting moderate-to-critical skills gaps, including a lack of essential talent and skills to meet their security requirements.

While there have been consistent efforts to address this gap, more must be done to address the roadblocks faced in attracting and obtaining new talent. These include a lack of education pathways, outdated recruitment techniques, and the need for more streamlined public-private partnerships to support these efforts across the industry. To better address these challenges, there are a few key aspects organizations should consider.

Understanding the impact of AI on talent development

The demand for additional cyber talent has accelerated as many businesses are struggling to keep pace with escalating cyber threats while lacking the people in the field equipped to deal with them. This is most evident with the emergence of artificial intelligence (AI), which presents both challenges and opportunities for the cybersecurity field. 

AI has become a central part of the growth strategy for many businesses. That said, adversaries also use this technology to carry out attacks, creating an inherent risk. In fact, the Boston Consulting Group reveals that close to six out of ten (58%) cybersecurity leaders expressed concern over new adversarial techniques, including AI-enabled cyberattacks.

There are also concerns involved with the internal use of AI, like the unintentional sharing of sensitive information that could compromise data privacy. For example, precautions must be taken to avoid personnel names and job roles being inadvertently shared with AI tools.

Adding further nuance to the challenge, many organizations lack a thoughtful approach when it comes to aligning their AI investments with specific needs and making sure their employees are trained to use AI effectively. They tend to jump on the bandwagon before first defining how it will be used and its potential impact on learning and development for current and future employees. This can increase the chance of employees mishandling AI and compromising data privacy.

As a result, AI proficiency couldn’t be more critical for cyber professionals to combat these growing threats, but it will require a deeper understanding of this technology to fight AI with AI. Leaders must consider how they can fill this knowledge gap as it continues to impact the cyber workforce as a whole. If they are not already, implementing specific learning curriculums centered around AI to educate new workers in this technology will be crucial. 

Investing in alternative pathways to education

It’s been widely acknowledged that seeking diverse talent increases innovation by expanding ideas, driving creative problem-solving, and helping fill the roles needed to maintain a cyber team. That said, while we’ve taken steps forward as an industry in recognizing the value that different backgrounds and experiences can provide, we also need to invest in the tools and training to help new talent develop the necessary skills for the job. 

Traditional education models are proving insufficient to meet the demands of the cybersecurity industry, making it essential to explore alternative pathways. This includes promoting more equitable opportunities for those who may not have the resources to learn about a career in cybersecurity. Initiatives like “Service for America,” which connect those seeking a career in cyber to different pathways, are important because they shine a light on areas of focus to ensure everyone has an equal opportunity and playing field by removing unnecessary degree requirements in favor of a skills-based approach. They also encourage leaders and other hiring managers to pause and take a more international approach to hiring, holding them accountable to considering all available talent and actively working to remove unconscious biases.

Investing in the next generation of cyber talent is also crucial. Organizations can support programs like the National Cyber Collegiate Defense Competition (NCCDC), which help source up-and-coming talent and educate them about potential career paths in cybersecurity. They can also consider creating new programs aimed at helping attract, retain, and recognize top talent. At Nightwing, for example, we are working towards the creation of a technology fellows program, which is designed to elevate employees who develop expertise in key technology areas such as AI and ML. Not only does this help align with the needs of the cyber landscape, but it also can help develop new talent while setting our organization apart when seeking recruits.

Revamping recruitment processes

Another crucial element to onboarding new talent is the recruitment process itself, which can benefit from an industry-wide revamp. This consists of shifting messaging in job postings and making them more accessible overall. A prevalent issue is that many people may assume they aren’t a match for a cyber job because they don’t meet certain educational requirements (i.e., having a bachelor’s degree).

Without a distinction in a job description, organizations may lose out on an entire pool of eligible applicants. As such, human resource departments and recruiters must make sure messaging reflects the qualities that are actually important in a cyber defender; i.e., a desire for continuous learning in innovation and problem solving. Another helpful step to streamline recruitment is to redesign job classification guides to outline current workforce talent needs and align training paths with job profiles, ensuring access to roles without stringent degree requirements.

Given that many cybersecurity professionals are not actively seeking new roles, organizations must also focus on passive sourcing to identify individuals with specific skills and security clearances. How a company brands itself in the marketplace can become a differentiator in passive sourcing as well. Being open and receptive to talent and highlighting the exciting work that employees are doing is a method to connect with potential talent. There is merit to creating a culture where employees feel connected, valued, and positive about their jobs, as this will positively impact the organization's ability to attract new talent. When employees act as ambassadors for the company, this helps to strengthen the overall talent pool for the industry. Showing that employees are satisfied with their jobs is a key component to passive sourcing. 

Harnessing public and private sector collaboration

Despite efforts to revamp the recruitment and training process for cyber workers, specific degree requirements and the process of obtaining security clearances will sometimes remain major limiting factors when it comes to talent acquisition. This must be resolved through better collaboration across the private and public sector, which is especially pertinent as we navigate how the evolving political landscape will impact public-private partnerships.

Many federal and intelligence agencies often mandate degree requirements, which can conflict with efforts to diversify talent and focus on skill-based hiring. As such, companies must become creative in how they partner with these agencies, such as adding entry-level positions to contracts to develop a pipeline of talent. In return, this benefits the customer by providing them a broader scope of talent for their missions.

Focusing on expanding cyber talent requires a multi-faceted approach that integrates AI proficiency, alternative education pathways, revamped recruitment strategies, and public-private collaboration. By addressing these critical areas in 2025, organizations can position themselves to meet the growing demands of the cybersecurity landscape and foster a sustainable pipeline of skilled professionals.