AI may change the work—but it doesn’t change the simple truth that security is, and will always be, a people-first discipline
There’s a worrying idea taking hold across the security industry, and it’s already shaping hiring decisions. It’s the idea that AI will make security so efficient we won’t need admin or entry level roles anymore. In a report published last year, 52% of cybersecurity professionals surveyed said AI will significantly or somewhat reduce the need for entry-level staff. It’s a compelling idea. But it’s completely wrong.
I strongly believe that right now we need more early-career voices, not fewer. Not just because you can’t build a resilient security organisation if you stop hiring the next generation, but also because you can’t bridge a potential workforce gap of over 50,000 professionals by 2030 without them. I believe organisations need to treat early-career hiring as a strategic priority now, and in the process, fix the inability for many cybersecurity graduates in Australia to find jobs as most entry-level positions require existing experience.
A collapsing talent pipeline
Once a security talent pipeline collapses, it doesn’t bounce back in a year or two. In some cases, it doesn’t bounce back at all.
Short-term hiring cuts might look efficient on paper, but they create long-term operational fragility faster than most organisations expect. Remove junior roles, and the progression ladder breaks immediately. There’s no one to promote, no one developing breadth, intuition or experience, and no one ready to step in when senior defenders move on. The bench disappears and with it the pipeline for leadership five years down the line.
Then predictable trends continue to accelerate. Organisations hire from one another instead of developing talent. Salaries rise, teams shrink, and security functions operate with minimal staff, just as the job is getting harder.
AI expands the work, not the workforce
AI does not eliminate security work, and that reality is already visible in today’s teams. While AI accelerates certain tasks, it also expands the number of tasks that require human judgment, oversight and accountability. It introduces new threat models, new governance demands, new operational risks, and new patterns of behavior that we’ve never dealt with before. Meaning everyone has more work, not less. AI and automations will certainly help balance these new workloads, but they won’t net out as a requirement for fewer humans.
And that’s exactly why reducing early-career hiring at this moment is such a misstep. The work is growing. The complexity is growing. The attack surface is growing. The investigations and forensics are changing. And the people who are going to adapt most naturally to that evolution are the ones entering the field today.
Early career talent in an AI-era
New technologies always reset the playing field. The people who grow up with them build instincts the rest of us must consciously develop. Early-career professionals are digital natives and increasingly they’ll be AI natives. They tend to adopt and experiment with new technology quickly, which can accelerate how security teams integrate these tools into real operations.
Giving early-career employees meaningful exposure to AI-related work is therefore essential. Threat modelling, AI governance reviews, vendor assessments and forensics exercises are all emerging areas new talent can contribute to immediately. In an AI-driven environment—where threats are changing, tooling is changing, and even the definition of “user” is changing—that mindset matters.
If we remove junior roles, we remove the very people who will be most prepared to navigate the next era of security. We remove the future mid-level defenders, the future senior analysts, and the future leaders. And the work that needs to be done doesn’t go away. We will just end up with fewer people who can do it.
This is why I believe organisations need to treat early-career hiring as a strategic priority right now, because once the junior talent pipeline collapses, it is already too late. They need to give early-career employees exposure to AI-related work in areas that create opportunities for new talent to learn, develop breadth and build confidence quickly. In doing so, they should explore how AI can accelerate development, not replace it, and establish a culture where requests to learn something new are met with a “yes, and here’s how.” mindset. That mindset builds trust, collaboration and a healthier environment for new talent to grow.
AI will transform security. But it won’t remove the need for people who understand context, risk, systems and behavior. If we hollow out the bottom of the organisation today, we don’t just delay future growth—we create teams that will struggle to scale, adapt, and defend the business when pressure increases.
AI may change the work—but it doesn’t change the simple truth that security is, and will always be, a people-first discipline.
James Robinson is the CISO at Netskope
