Hatem Naguib, CEO at Barracuda Networks.
The cybersecurity talent shortage is not just about filling open positions—it is about closing real capability gaps. More than half of cybersecurity and HR leaders agree that the real challenge is not just hiring more people, but finding professionals with the right skills, according to a study by SANS and GIAC.
This signals a critical shift in how organizations must address the workforce crisis. Hiring cybersecurity talent is time-consuming, expensive and increasingly competitive, especially for small and mid-sized organizations operating with limited resources and lean IT teams. The most sought-after candidates are scarce, in high demand and difficult to retain. As a result, many security teams are forced to operate reactively, addressing incidents after damage has already been done.
But increasing headcount alone will not close the gap. Based on what I’ve seen in the industry, even the upcoming classes of university graduates will not be able to meet the scale of the challenge. To stay ahead of fast-evolving threats, organizations must rethink how they build, enable and scale cybersecurity capabilities. That means combining smarter internal development with the strategic use of advanced technologies and expert partnerships.
Invest In Upskilling And Human-AI Collaboration
One of the most effective ways to close the skills gap is to strengthen the team you already have. Existing employees bring valuable institutional knowledge—deep familiarity with your systems, workflows and culture. By equipping them with the technical and analytical skills needed to detect and respond to threats, you not only reduce your dependency on new hires but also build a more resilient and loyal workforce.
Upskilling also needs to evolve. As artificial intelligence (AI) becomes a standard part of the cybersecurity toolkit, employees need to learn how to use it effectively. Synergy between humans and AI systems will be critical for cybersecurity, now and in the future. That includes everything from prompting a generative AI (GenAI) system to reviewing and refining the actions taken by agentic AI tools. I believe teams that know how to work with AI will be more productive, more adaptive and better prepared to defend against modern threats.
How GenAI And Agentic AI Could Transform Cybersecurity
AI is emerging as a core enabler in addressing the cybersecurity skills gap—not as a replacement for human talent, but as a multiplier of it. Two types of AI are driving this shift: GenAI and agentic AI.
GenAI refers to models that create content such as text, code or summaries. In cybersecurity, these tools can be used to draft incident reports, accelerate training, analyze security logs and make complex data more understandable. GenAI helps teams work faster and smarter, especially when resources are limited.
Agentic AI represents a more autonomous capability. These systems perceive their environment, make decisions, take actions and learn from the results—all with minimal human input. That makes agentic AI especially valuable for multistep, time-sensitive security processes like threat detection, investigation and remediation. From what I’ve seen, it can reduce alert fatigue, improve response times and support continuous monitoring, even during off-hours or staff shortages.
Cybersecurity is an ideal domain for AI. The field is defined by high data volumes, repetitive tasks and constant change—all areas where AI thrives. But adopting AI is not a plug-and-play solution. To embrace it effectively, organizations must invest in training their teams to collaborate effectively with AI systems. This human-AI partnership is what enables AI to act as a true force multiplier.
Automation As A Strategic Enabler
As threats grow more sophisticated, manual workflows simply cannot keep up. Automation is no longer a luxury; it is a necessity. It allows organizations to reduce the burden on their security teams and respond to threats at machine speed.
Capabilities like automated phishing response, log correlation and alert triage free up IT and security teams to focus on complex investigations and strategic priorities. I’ve found that automation can also improve consistency and reduce the chance of human error, which is critical in high-pressure, high-stakes scenarios.
The rise of agentic AI takes automation further. Instead of just handling isolated tasks, these systems can carry out entire workflows, adapting in real time based on the environment. When paired with trained human oversight, this creates a highly scalable and adaptive security model.
Strengthen Security With MSP And MSSP Partnerships
When internal teams are stretched too thin to keep up, partnering with a managed service provider (MSP) or managed security service provider (MSSP) can extend your capabilities without the cost of building everything in-house. These partners bring access to advanced technologies, proven processes and seasoned security experts.
Increasingly, MSPs and MSSPs are integrating GenAI and agentic AI into their own offerings. This allows customers to benefit from AI-driven detection and response capabilities without needing to deploy or manage these technologies directly. Many are also offering extended detection and response (XDR) platforms and security operations center (SOC)-as-a-service models, which provide around-the-clock monitoring and protection across diverse environments.
By leveraging external expertise alongside internal resources, organizations can gain enterprise-grade protection and faster response times without increasing their headcount. It is a scalable way to overcome talent limitations and build resilience.
A More Resilient Approach To The Cybersecurity Workforce
Closing the cybersecurity skills gap requires a more flexible, adaptive approach to workforce development. That means investing in your people through upskilling and AI training, embracing automation to increase impact and working with trusted partners who can extend your capabilities.
By combining human expertise, smart technology and strategic collaboration, organizations can stay ahead of threats, even in the face of resource constraints. Cybersecurity will always be a team effort. But by rethinking how we build and empower that team, we can meet today’s challenges with greater resilience and confidence.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
