Patrick Reany
13 May 2025
Patrick:
Why are businesses having so hard a time finding cybersecurity people to hire?
Copilot:
Businesses are struggling to find cybersecurity professionals due to a combination of factors. The demand for skilled cybersecurity experts far exceeds the available supply, with an estimated 4.8 million more professionals needed globally. Specialized fields like cloud security, application security, and incident response are particularly difficult to fill.
Additionally, companies often outsource critical security functions rather than invest in developing local talent, which exacerbates the shortage. Many job seekers face barriers to entry, as employers prioritize hands-on experience over degrees or certifications. Even though cybersecurity offers a natural transition for IT professionals affected by layoffs, many still struggle to break into the field.
Emerging technologies like AI-driven threats require cybersecurity professionals with AI literacy, further narrowing the talent pool. Identity and Access Management (IAM) has also become a crucial focus, increasing demand for specialists in this area.
Despite these challenges, hiring is expected to pick up in 2025, with companies exploring reskilling and upskilling initiatives to bridge the skills gap. Some organizations are turning to apprenticeship programs and unconventional hiring methods to attract new talent.
Would you like insights on how to break into cybersecurity or what skills are most in demand?
Patrick:
Actually, I'd like some clarification on what you mean by 'AI literacy'. By this I presume you mean how AI can be used as a security threat and also how it can be used as a security defence -- that is, in both cases they're just tools. But would not include having to understand how AI devices are invented and brought into reality at the engineering level. After all, I don't need to understand how an automobile engine works to be able to drive a car.
Copilot:
Exactly! AI literacy in cybersecurity refers to understanding how AI can be leveraged for both attacks and defenses---not necessarily knowing the inner workings of AI at an engineering level.
For security professionals, AI literacy includes:
Recognizing AI-driven threats like deepfake phishing scams, automated hacking, and malware that evolves using machine learning.
Understanding AI-powered security tools, such as anomaly detection systems that flag unusual network behavior or automated response mechanisms that mitigate attacks in real-time.
Interpreting AI-generated security insights, ensuring cybersecurity teams can trust and correctly apply AI-driven recommendations.
Much like driving a car doesn't require a degree in mechanical engineering, security experts don't need to build AI models from scratch---but they do need to understand how AI impacts their field. That way, they can maximize its benefits while mitigating risks.
Would you like to dive deeper into specific AI-driven threats or security tools?
Patrick:
In that case, I assume that these new AI security jobs are the new low-hanging employment fruit that will be picked off in a year or two, so long as the applicants have a clear knowledge of what would be expected of them, so that they can prepare for the jobs adequately.
Copilot:
You've got the right idea! AI-focused cybersecurity roles are rapidly emerging as high-demand, accessible opportunities, especially for those who proactively develop the right skill set. Companies are scrambling to fill these positions, making them prime targets for job seekers who can demonstrate a clear understanding of AI-driven threats and defense mechanisms.
That said, the competition will intensify as more people recognize the opportunity. The key to standing out is early preparation---learning to work with AI-powered security tools, understanding AI-generated attack methods, and developing critical thinking skills to analyze AI-driven security insights. Employers are looking for professionals who can adapt quickly, not just follow scripts.
A year or two from now, those who are ahead of the curve will have the advantage, while late adopters may find it harder to break in. Cybersecurity certifications with an AI focus, hands-on labs, and real-world problem-solving exercises will be valuable assets in preparing for these roles.
Would you like insights on specific certifications or practical steps to get started?
Patrick:
How should we distinguish between AI specific cybersecurity threats and cybersecurity threats of the last few years? Also, what would being AI cybersecurity savvy look like for the home computer user?
Copilot:
Great questions! The landscape of cybersecurity threats has evolved significantly with the rise of AI, making it essential to differentiate between traditional threats and AI-driven threats:
Traditional Cybersecurity Threats (Pre-AI Boom) These threats rely on human-crafted techniques:
Phishing & Social Engineering: Scammers trick users into revealing personal info via fake emails or messages.
Malware & Ransomware: Malicious software spreads through downloads, email attachments, or compromised websites.
Zero-Day Exploits: Hackers exploit unknown software vulnerabilities before developers can patch them.
Brute Force Attacks: Systems are attacked repeatedly until a password or encryption key is cracked.
AI-Specific Cybersecurity Threats AI introduces automation, adaptation, and deception into cyberattacks:
Deepfake Phishing: AI-generated voices and images impersonate trusted individuals to steal credentials.
AI-Powered Malware: Self-learning malware evolves to avoid detection.
Automated Hacking: AI scans for vulnerabilities across millions of systems in seconds.
AI-Generated Password Cracking: AI speeds up brute force attacks with predictive algorithms.
Patrick:
How Can Home Users Be AI-Cybersecurity Savvy?
Copilot:
While AI-driven cyber threats often target businesses, home users can also face risks. Here's how to level up AI cybersecurity awareness at home:
Be Skeptical of Voice & Video Calls --- Deepfake scams can impersonate family members or colleagues. Verify calls with a follow-up message if anything seems unusual.
Use AI-Powered Security Tools --- Some antivirus software now leverages AI to predict malware behavior before it spreads.
Upgrade Your Password Strategy --- AI-assisted password cracking is fast, so use randomized passwords and multi-factor authentication.
Monitor AI-Generated Content --- If emails or messages sound unnatural or oddly structured, they might be AI-generated phishing attempts.
Stay Informed --- AI-driven cybersecurity risks change rapidly, so keeping up with best practices and updates helps maintain digital safety.
Would you like insights into AI-powered security tools for personal devices or ways to detect deepfake scams?
Patrick:
Are there some online resources for cybersecurity defences for the home user?
Copilot:
Absolutely! There are several great online resources to help home users strengthen their cybersecurity defenses:
CISA Free Cybersecurity Services & Tools --- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) offers a curated list of free cybersecurity tools and services to help individuals and organizations improve their security posture.
NIST Free & Low-Cost Cybersecurity Learning --- The National Institute of Standards and Technology (NIST) provides free and affordable online courses covering cybersecurity fundamentals, awareness training, and professional development.
CISA Resources & Tools --- CISA also offers a variety of cybersecurity assessments, training, and technical assistance to help users build resilience against cyber threats.
These resources can help you learn best practices, secure your devices, and stay informed about emerging threats. Would you like recommendations on specific security tools for personal use?
Resourses:
https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools
https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content
https://www.cisa.gov/resources-tools