#RSAC 2026: The Cybersecurity Jobs Paradox: The Industry Needs Talent, But Entry-Level Workers Can’t Get In

Despite years of warnings about a massive shortage of cybersecurity professionals, breaking into the field has become increasingly difficult for newcomers. At RSAC 2026 this week, we're hearing a lot of discussion about how we reached this point and what to do about it.

It was also the major theme in a recent podcast conversation between hosts Michael Farnum and Sam Van Ryder, and Valerie Moon, Executive Director of the Institute for Critical Infrastructure Technology (ICIT).

Full episode:

CYBR.SEC.CAST Episode 65: ICIT’s Valerie Moon

The ICIT executive director discusses the importance of government internships, training programs, and public-sector experience in developing cybersecurity professionals.

CYBR.SEC.MediaBill Brenner

Moon, whose career includes leadership roles at the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), described a cybersecurity labor market that remains hungry for experienced professionals while leaving many entry-level candidates struggling to find their footing.

“For years we told students to pursue cybersecurity degrees because there were hundreds of thousands of open jobs,” Moon explained. “But what we’re seeing now is that many of those jobs aren’t entry level.”

The result is a frustrating dynamic: universities continue producing graduates with cybersecurity degrees, but many employers expect candidates to already possess several years of hands-on experience.

Related:

Top 10 Cybersecurity-Related Jobs with the Highest Demand

Global demand for cybersecurity professionals continues to surge. Discover the top 10 fastest-growing roles and their salary outlook.

CYBR.SEC.MediaGeorge V. Hulme

The Cybersecurity Talent Paradox of 2025

Thousands of cybersecurity jobs remain unfilled, yet skilled pros struggle. Here’s how AI disruption is reshaping the entire job market.

CYBR.SEC.MediaGeorge V. Hulme

From the Editor: To Those Trapped on the Job Hunt Hamster Wheel

Many good individuals, nonprofits, and organizations are trying to address this problem in meaningful ways. But too often, those efforts exist in isolation.

CYBR.SEC.MediaBill Brenner

Moon believes the disconnect reflects a broader issue in how the cybersecurity workforce is developed.

One major pathway into the profession historically has been government service. Agencies such as the FBI, Department of Defense, and other federal cybersecurity organizations often provide training and operational experience that later translates into private-sector careers.

“The government has traditionally done a very good job of giving people the skills and experiences that are marketable,” Moon said.

But those pipelines are under pressure. Federal agencies face challenges recruiting and retaining cyber talent due to salary caps and competition from the private sector. Meanwhile, reductions in internships and early-career programs have limited opportunities for students to gain real-world experience.

Moon argues that expanding those programs could help address both workforce shortages and the entry-level hiring problem. The conversation also touched on the role of artificial intelligence, which is lowering the barrier to entry for cybercrime while reshaping the skills required for defenders.

Innovative programs such as student-run security operations centers (SOCs) are emerging to bridge the gap, providing real-world experience for students while helping smaller organizations improve their security posture.

“There are so many talented people who want to contribute,” Moon said. “We just need to do a better job of connecting education, experience, and opportunity.”