Cyber leaders focusing on AI upskilling over hiring workers, data shows
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Allie Carl/Axios
Cybersecurity leaders are less stressed about hiring new talent and more worried about having the skills they need to tackle the AI-enhanced threat landscape.
Why it matters: De-emphasizing hiring and talent could end up exacerbating the existing cyber workforce shortage in the long-run, Hugh Thompson, executive chairman of the RSA Conference (RSAC) told Axios.
Driving the news: RSAC released a report Tuesday, shared exclusively with Axios, detailing its predictions for the industry in the coming three years based on attendance data from its 2025 conference, including which attendees went to what panels.
- The conference, which is the largest annual gathering of cybersecurity professionals, says its past years' attendance data has been predictive of where the industry's focus ended up turning.
By the numbers: C-level executives and board members were 36% more likely than average to attend skill-building sessions at this year's conference, according to the new data. Vice presidents and other senior executives were also similarly as likely to go to the same sessions.
- Meanwhile, those same executives were 5% less likely than the average attendee to participate in sessions about team development and retention.
- Vice presidents and other senior executives were 14% less likely to go to team development sessions.
Between the lines: Security executives are worried about their own ability both to secure the AI tools their companies are adding to their network and to use AI, themselves, to make their teams more efficient, Thompson said.
- At the same time, executives are eager to see whether they need to continue hiring as AI agents improve, he added.
- "These executives are realizing the world really is changing around them," Thompson said.
Reality check: RSAC is a go-to destination for both upskilling and training, but also for networking on the sidelines.
- In past years, it's normal for high-ranking attendees to only make it to a handful of official panels and prioritize one-on-one networking events.
- "Now, people are going to sessions," Thompson said. "They want to be better, they want to get with their peers, they want to understand what they're doing."
The big picture: Even so, AI has prompted an existential crisis among security leaders who are worried they will be at-fault for any security issues that come from their businesses' decision to rapidly deploy untested solutions.
- Unlike when security executives had to reckon with cloud adoption, now executives don't have much say in how companies are using AI tools.
- "The business is demanding that we are going to use AI in these use cases. It's coming at them," Thompson said. "They're caught off-guard in a speed cycle that they really haven't been in before with another technology disruption."
The intrigue: Another reason why executives may not be prioritizing hiring and team development is because of the wave of ex-government workers who are now looking for private sector roles, Thompson said.
- The Cybersecurity and Infrastructure Security Agency has lost at least one-third of its staff this year, and many other agencies are also losing cyber talent.
What to watch: By 2027, Thompson predicts that executives who ignore team development will face costly staff departures.
- By 2028, they'll be re-investing in new ways to recruit and retain new talent yet again, he added.
Go deeper: Security teams embrace agentic AI
