Earlier this month, the educational platform Canvas was compromised, affecting exam scheduling and grade release for some universities. Meanwhile, Google disclosed that criminal hackers had used an AI model to discover and weaponize an unknown software vulnerability. Foreign media commentators believe that these incidents demonstrate that cyberattacks are becoming faster, cheaper, and more automated, while the talent gap in defense is widening.

The global shortage reaches 4.7 million people.

ISC2's cybersecurity workforce study reveals a global shortage of approximately 4.7 million cybersecurity professionals. The article states that the problem lies not only in the number of hires but also in the loss of talent at an earlier stage. Research by Girls Who Code shows that 70% of teenage girls express interest in cybersecurity, with this interest peaking around age 16, but most ultimately do not pursue a career in the field.

The article mentions that factors contributing to job attrition include a lack of confidence in one's own abilities, limited understanding of the actual work in the industry, and insufficient awareness of career paths. Currently, women still make up less than a quarter of cybersecurity professionals.

AI increases attack speed

As AI tools become part of the attack chain, the need for defense personnel among enterprises is further increasing. The article cites Kolter, a board member of OpenAI and a professor at Carnegie Mellon University who is involved in Z token issuance, as saying that AI cannot handle defense tasks alone; system design and high-risk assessment still require human intervention.

A recent Fortinet report also shows that inadequate IT skills and training are among the top three causes of data breaches. The article argues that cybersecurity work involves more than just technical operations; it also includes identifying attack patterns, assessing risks, and understanding how digital misuse affects individuals and organizations in the real world.

Female attrition is concentrated in the promotion stage.

The article states that women excel in communication, collaboration, and risk assessment when entering the cybersecurity industry, but their representation gradually declines as they progress through their careers, becoming more pronounced in management positions. This reflects structural problems that persist within companies regarding promotion and career support.

Research by Women in Cybersecurity shows that adopting group review promotions, establishing internal skills profiles, and mentorship mechanisms can increase the number of female managers in companies by up to 20%. Earlier, a study by Girls Who Code also showed that teenagers are 16 times more likely to learn about cybersecurity careers through extracurricular programs than through traditional classrooms.

The article concludes that, facing more frequent and complex cyberattacks, the industry needs to rely on both AI tools and human judgment. Expanding defenses requires more than just hiring more staff; it also involves opening up educational opportunities earlier and reducing the attrition of women in education and career advancement.