Why cybersecurity cannot hire its way through the AI era | CyberScoop<\/title> <meta name=\"description\" content=\"AI is changing cybersecurity work as roles shift, AI agents automate operations, and leaders adopt risk operations centers to prove ROI, improve governance, and reduce risk in 2026.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Why cybersecurity cannot hire its way through the AI era\"> <meta property=\"og:description\" content=\"AI is changing cybersecurity work as roles shift, AI agents automate operations, and leaders adopt risk operations centers to prove ROI, improve governance, and reduce risk in 2026.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-07T12:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg\"> <meta property=\"og:image:width\" content=\"4897\"> <meta property=\"og:image:height\" content=\"3428\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1767719924g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1763439630g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87310\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87310\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87310 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.3828125\">\n<div class=\"single-article__header-content\" readability=\"34.693766937669\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/cybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed\/\"> <span>Commentary<\/span> <\/a> <\/li>\n<\/ul>\n<p> AI can close the speed and scale gap in security, but only if organizations prioritize the risks that matter most. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87310\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"448\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era.jpg?resize=640%2C448&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg 4897w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=300,210 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=768,538 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=1024,717 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=1536,1075 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=2048,1434 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=600,420 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=240,168 240w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=481,337 481w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=964,675 964w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-2.jpg?resize=1204,843 1204w\" sizes=\"(max-width: 964px) 100vw, 964px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"53.132808657157\"><body readability=\"107.15978854025\"><\/p>\n<p>The cybersecurity industry has been battling a talent shortage and skills gap for years. Meanwhile, organizations need a new way to approach risk management proactively and more effectively. AI seems the clear answer to both.<\/p>\n<p><a href=\"https:\/\/www.dice.com\/recruiting\/ebooks\/dice-tech-job-report\/\">Open tech roles are trending down or flat<\/a>, while demand for AI skills is climbing fast. It\u2019s structural change that shows today, automation is no longer optional. The speed, scale and complexity of modern threats have already outpaced manual processes, and AI is the only viable way to keep up. That\u2019s why humans, armed with AI, make such a powerful combination. Because the need for speed and precision \u2013 combined with a lack of skilled manpower \u2013 forces us to rethink our cybersecurity workflows. AI agents will take over high-volume, repetitive tasks \u2014 continuously analyzing vast streams of telemetry, correlating signals across environments, and surfacing the handful of risks that truly matter. They will identify the needle in the haystack.<\/p>\n<p>Over nearly three decades of my career in tech and cybersecurity, I\u2019ve witnessed how every technological shift redefines the workforce. The AI boom is simply the latest cycle. I am sure that centuries ago, it was someone\u2019s job to chisel manuscripts on stone slabs. When ink and paper was invented, the world evolved, the workforce changed, and we all survived. In the short term, adopting new technology may reduce demand for some roles. Yet over time, AI-driven productivity gains will help businesses grow and create new positions that did not exist before. We\u2019re already witnessing the creation of entirely new disciplines in model evaluation, orchestration, and AI security. In the short-term, some people might find themselves out of a job if they don\u2019t reskill, but ultimately, the workforce must adapt.<\/p>\n<p>But how are organizations supposed to fill AI roles if no one has expertise in the new field? These roles are hard to fill because they require experience across the AI lifecycle: data sourcing, training, evaluation, deployment, and monitoring, plus the judgment to defend those systems when attackers aim at the model rather than the application. You don\u2019t learn that from tutorials; you earn it by deploying AI systems into production, getting attacked, and iterating controls. <a href=\"https:\/\/www.deloitte.com\/us\/en\/insights\/topics\/technology-management\/tech-trends\/2026\/using-ai-in-cybersecurity.html\">Deloitte\u2019s analysis<\/a> framed the paradox succinctly: the very AI that accelerates operations introduces shadow usage, agentic autonomy, and data leakage risks that must be actively governed.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Here\u2019s the good news: CISOs don\u2019t have to fix everything. When everything is critical, nothing is. The most effective cybersecurity programs focus on reducing the risks that matter most to the business. A Risk Operations Center (ROC) provides the framework to do exactly that: consolidating risk factors, applying business-driven prioritization, and orchestrating remediation. Unlike a Security Operations Center (SOC), which is focused more on analyzing incidents when they happen and responding appropriately, the ROC takes a proactive, future-looking approach to reduce the risk of a catastrophic cyber event happening to the business. And agentic AI can take risk orchestration to the next level, by automating threat prioritization and guiding remediation strategies aligned to an organization\u2019s unique risk posture. The AI-native ROC shifts organizations from reactive firefighting to proactive risk management, ensuring security keeps pace with AI-driven innovation.<\/p>\n<p>The truth is: everything we do in cybersecurity is about risk management. The ROC is not just for security. It connects CISOs, CIOs, CFOs, business unit leaders, and boards around a single view of risk\u2014bridging priorities, aligning decisions, and creating accountability across the business. Boards are optimizing for ROI and resilience simultaneously. They recognize AI\u2019s productivity upside but also expect security leaders to connect spend to business outcomes: fewer material incidents, faster reporting, lower exposure, and demonstrable business continuity. The question is no longer \u201cHow much did we spend?,\u201d but \u201cWhat risk did we measurably reduce?\u201d Therefore, our hiring strategies must align to outcomes, not headcount: upskill the workforce, redeploy cross\u2011functionally, and use security platforms with embedded, governed AI capabilities over needing more headcount to manage tool sprawl. That efficiency helps the business strengthen its top line, leading to expansion and ultimately fuels future hiring.<\/p>\n<p>We also need to confront a hard truth: <a href=\"https:\/\/cyberscoop.com\/vibe-coding-ai-cybersecurity-llm\/\">AI\u2011generated code is often insecure<\/a>. Multiple studies in 2025 found about 45% of AI\u2011generated code contains security flaws, with particularly weak defenses against cross\u2011site scripting and log injection. If AI becomes the default author of routine code, we will ship vulnerabilities faster than human review can catch them, unless we embed security in the pipeline. This means enforcing mandatory reviews, scanning both code and binaries continuously, gating high\u2011risk changes behind human approval, and logging agent actions like we log privileged users.<\/p>\n<p>The paradox isn\u2019t paradoxical at all. AI is compressing some job categories while expanding others and raising the bar for everyone. Cybersecurity leaders who embrace that reality will be best positioned to deliver resilience, regulatory readiness, and growth in 2026.<\/p>\n<p><em>Sumedh Thakar is the president and CEO of Qualys, a leading cybersecurity company, and is passionate about making the digital world safer. He joined Qualys in 2003 as an engineer and rose through leadership roles including chief product officer and president, helping expand the Qualys platform with integrated capabilities and scaling global engineering teams. He is a co-inventor on five U.S. cybersecurity patents and previously held engineering roles at Intacct and Northwest Airlines.<\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.9230769230769\">\n<div class=\"author-card\" readability=\"10\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era-1.jpg?w=640&ssl=1\" alt=\"Sumedh Thakar\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Sumedh Thakar<\/h4>\n<p> Sumedh Thakar is the president and CEO of Qualys, a leading cybersecurity company, and is passionate about making the digital world safer. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why cybersecurity cannot hire its way through the AI era<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,384,5713,280,506],"tags":[236,388,5714,284,507],"class_list":["post-8235","post","type-post","status-publish","format-standard","hentry","category-ai","category-artificial-intelligence-ai","category-code-developement","category-commentary","category-workforce","tag-ai","tag-artificial-intelligence-ai","tag-code-developement","tag-commentary","tag-workforce"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/code-developement\/\" rel=\"category tag\">code developement<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/commentary\/\" rel=\"category tag\">Commentary<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/workforce\/\" rel=\"category tag\">workforce<\/a>","tag_info":"workforce","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8235"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8235\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8235,"date":"2026-01-07T06:00:00","date_gmt":"2026-01-07T12:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87310"},"modified":"2026-01-07T06:00:00","modified_gmt":"2026-01-07T12:00:00","slug":"why-cybersecurity-cannot-hire-its-way-through-the-ai-era","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/07\/why-cybersecurity-cannot-hire-its-way-through-the-ai-era\/","title":{"rendered":"Why cybersecurity cannot hire its way through the AI era"},"content":{"rendered":"