AI Is Reshaping Cybersecurity Hiring, but Skills Gaps Pose Long-Term Risk
Artificial intelligence is eliminating entry-level cybersecurity jobs while simultaneously creating demand for AI-specific roles, according to research presented Monday at the RSA Conference 2026. The trend threatens to hollow out the talent pipeline that organizations depend on to develop experienced security professionals.
The SANS Institute's 2026 Cybersecurity Workforce Research Report, based on responses from over 900 cybersecurity leaders and HR professionals, found that 61% of organizations have reduced AI-related roles. Entry-level security analyst positions absorbed the heaviest cuts at 32%, followed by threat intelligence analysts at 26% and incident responders at 22%.
These reductions don't always mean layoffs. They can also reflect hiring freezes or restructuring of existing positions. Still, 39% of respondents said AI has had a significant or moderate impact on team size, with another 31% reporting slight impacts.
New Roles Emerge, But Training Lags
Organizations are creating AI-focused security positions. Seventy-two percent reported filling new roles, with AI/ML security specialists (34%), AI security engineers (32%), and AI governance analysts (30%) leading the demand.
Training adoption hasn't kept pace. Only 20% of organizations train all staff in AI, and 18% train only their cybersecurity team.
SANS CEO James Lyne framed the dynamic bluntly: "Cybersecurity practitioners who use AI are likely to replace those who don't."
The Senior Talent Squeeze
The loss of entry-level positions creates a structural problem. Without junior staff learning foundational skills, organizations will struggle to develop the senior and expert talent they need in five to ten years.
Nearly half of survey respondents already report that senior roles (10-15 years of experience) and expert roles (15+ years) are the hardest to fill. More than half said these positions take six months or longer to staff on average.
One conference attendee, a 56-year-old security professional, said he's concerned about both his own relevance and the next generation's prospects. He plans to help his children develop AI skills early, treating AI literacy as foundational to any future career path.
Regulations Are Driving Hiring Changes
Regulatory pressure is reshaping the workforce faster than AI alone. The percentage of organizations reporting regulatory impact on hiring jumped from 40% in 2025 to 95% in 2026.
Rules like the EU's Network and Information Security Directive 2 (NIS2), the Digital Operational Resilience Act (DORA), and U.S. Department of Defense cybersecurity frameworks have forced organizations to add specialized skills rather than headcount. Sixty percent of companies now report that skills gaps exceed headcount gaps.
The result: 57% of organizations experience delayed projects, 47% report employee burnout, and 47% face slower incident response times.
What HR Leaders Should Do
SANS leaders recommended that organizations take three steps to address these challenges.
- Identify specific skill gaps and create a workforce development plan
- Use frameworks like the National Institute of Standards and Technology's NICE Framework for Cybersecurity or the European Cybersecurity Skills Framework (ECSF) to define job requirements clearly
- Establish career progression programs, implement AI training for all employees, and pursue certifications to validate team capabilities
HR teams managing cybersecurity talent should understand that the shortage isn't about finding enough people-it's about finding people with the right skills. That distinction changes how you recruit, train, and retain staff.
For HR professionals managing broader workforce strategy, AI for CHROs covers how to address AI's impact on hiring, skills development, and workforce planning. AI for HR Managers provides practical guidance on recruitment analytics and talent management in an AI-driven environment.
Your membership also unlocks:
