Imagine spending four years earning a cybersecurity or computer science degree only to realize that entry-level roles demand more than two years of experience. Consider the frustration and disillusionment of having the right certifications yet never hearing back after submitting your resume again and again because you lack hands-on experience.
This is the reality graduates entering today’s job market face.
On the other side of the coin are hiring managers in a security operations center (SOC) looking to hire qualified, experienced resources. They’re inundated with junk resumes generated via LLM chatbots, with no real way to substantiate candidate expertise.
The problem with this picture isn’t that there’s a lack of talent. Between 2022 and 2023, the rate of Computer and Information Sciences and Support Services graduates grew by 4.99%. Rather, the issue is that there isn’t enough experienced talent to meet demand. And the adoption of AI is widening that skills gap.
Understanding the Workforce Disconnect
Having a certain level of expertise has always been a requirement for entering the cybersecurity field. But the automation of level-one security analyst roles with AI has increased the barrier to entry, with expectations for newly minted cybersecurity professionals highlighting a mismatch between needs and reality.
Employers want incoming talent to demonstrate a higher order of thinking, in addition to proficiency in AI. They want them to be adept at understanding threat actor behavior, building advanced AI-driven detections, and improving cyber defenses in real time, while acquiring certifications typically required for higher-level roles.
Yet the incoming talent is not equipped to meet these expectations. A study by the National Skills Collation demonstrated that over a third of the workforce lacks the foundational digital skills necessary to enter today’s job market — a highly in-demand skill set for 92% of the 43 million job postings analyzed.
The Need for a Modern Approach to Cybersecurity Education
At the crux of the cybersecurity skills gap is the need to overhaul traditional cybersecurity curricula. Higher education has a long history of struggling to keep pace with the latest trends and innovations. In an industry like cybersecurity, this delay is clearly visible.
Technology, security approaches and the pace and nature of cyberattacks are constantly shifting. Learning about ransomware attacks that happened 20 years ago will not be of much help in remediating one spawned by an adversarial AI last week. It highlights the continued need for cyber education to align with industry demand.
While employers can implement training programs to bridge the skills gap, most lack the time and resources to run them effectively. Part of the problem is that there simply aren’t enough senior engineers to dedicate the hours needed to bring new professionals up to speed, especially in the public sector.
Solving this dilemma ultimately means that training has to start in the classroom. Students need access to hands-on training to gain AI literacy, practical skills and an understanding of the latest security innovations to be marketable to future employers.
But here’s the caveat. Higher education can’t address the cybersecurity skills gap alone. Matching the agility and speed of threat innovation in the market requires public-private partnerships to succeed. And the partnership must go beyond tool implementation and curriculum design to drive the desired outcome.
Just-In-Time Training and AI: Redefining Workforce Development
For the past three years, my colleagues and I have been working tirelessly to solve this industry challenge. Our solution, developed initially in a public-private partnership with Louisiana State University (LSU), Splunk and AWS, has been to weave just-in-time (JIT) training to append the traditional curriculum via a student-run SOC.
Through our managed detection and response (MDR) security solution, students work alongside TekStream employees in a multi-tenant SOC environment to gain real-life incident response experience. They learn to map threat frameworks, anticipate cyberattacks and how to supervise, refine and validate AI outputs in a live environment.
With AI becoming mainstream and the bar for human oversight to oversee it getting higher, students need to be adept at vetting and spotting the subtle mistakes AI tools make. Our solution to this industry shift has been to use AI to enable, rather than replace, tier-one analyst tasks so they graduate with a solid foundation.
Since the SOC is built on a multi-tenant environment, it enables us to leverage shared threat intelligence across the ecosystem to farm production events that provide the framework for a live training lab. By turning the AI on and off, students gain the necessary context to use these tools effectively.
The labs also operate as research and development hubs for automating incident response with AI, and they are shared across the ecosystem. At LSU, for example, one student detected a malware attack linked to an active ransomware campaign, mitigating a multi-million-dollar breach for the university.
As a commercial MDR security provider, we offer AI-driven incident response supervision alongside automation and analysis, enabling students to keep up at a pace the academic curriculum can’t. When they enter the workforce, they bring skills equivalent to those of a mid-level engineer with a transcript of work completed in the student SOC to quantify their experience.
The impact on productivity and security quality is something we have been able to measure across multiple levels in a production setting over three years, and we have substantiated it with every new institution or agency added to the fold. It’s only improving, and it’s also how we’ve ensured 100% placement for students participating in our workforce development program.
Closing the Skills Gap of Tomorrow, To day
AI may be helpful for monitoring logs or indicators of compromise, such as file or IP hashes. However, skilled talent is still needed to combat the increased sophistication of AI-driven cyberattacks. Automation is not yet the singular answer, and neither is more theory-based coursework.
Industry and academia need to work in tandem to enhance education with hands-on training and use AI with a human in the loop to enable it. Otherwise, the result will be continued brain drain, increased costs and a slower pace of innovation that transcends industries.
As the rate of change in the service economy accelerates with AI, this public/private model may serve as a benchmark for multiple disciplines. For now, it’s a proven approach to solving the cybersecurity skills gap.
About the Author
Bruce Johnson is the Vice President, Solutions of TekStream. He has over 38 years of experience in the information technology industry, including security, infrastructure architecture, software development, and portfolio management. Johnson has experience in Splunk, security solutions, cloud migration, portal, content workflow, integration, and project management. As the Vice President, Solution for TekStream, he works to implement security and compliance solutions leveraging Splunk for customers across a variety of environments and industries, as well as cloud migration and broader Splunk consulting solutions.
Bruce can be reached on LinkedIn and at our company website https://www.tekstream.com.
