As artificial intelligence reshapes nearly every profession, the cybersecurity field is undergoing its own reckoning. At The Cyber Guild's Uniting Women in Cyber conference, the session What's Next for the Cybersecurity Workforce challenged conventional thinking about who belongs in cybersecurity and how they can get there. With a shortage of millions of professionals, panelists agreed that the future cybersecurity workforce won't be built on résumés - it will be built on resilience, curiosity and durable skills.
From Degrees to Aptitude
Traditional employment screening required rigid degree requirements, yet the current environment demands a broader view. "The road to success doesn't necessarily go through a four-year degree," said Dwan Jones of ISC2, a member association for cybersecurity professionals. Jones encourages leaders to consider aptitude and whether candidates can acquire the necessary skills.
Mastercard's Deputy CSO, Dr. Alissa Abdullah, has also shifted hiring philosophy. "We look at experiences, not just education," she explained. A former radio DJ herself, Abdullah explained how she uses storytelling and communication as core security tools. She also described hiring a police officer whose experience in identifying fake IDs translated perfectly to identity management, offering a different yet impactful perspective compared to traditional technologists. Her reasoning for looking outside educational background is simple: "The adversaries aren't requiring degrees to become hackers, so why should we?"
Strengthening the Cybersecurity Workforce
Debbie Sallis, founding executive director of The Cyber Guild, notes that strengthening the cyber workforce requires more than just different recruitment strategies; it means rethinking how organizations develop and retain people. "Organizations must invest in diverse talent pipelines, support alternative career pathways and give talent real-world experience," she said. "Successful employers are those who invest in reskilling and upskilling their employees who are values- and mission-aligned."
AI and the New Rules of Cybersecurity Workforce Hiring
Employers are increasingly using AI to screen résumés using keyword-based algorithms, while candidates use AI to trick them. Some candidates even embed invisible text to outsmart algorithms - a trend that's already reshaping how hiring managers detect authenticity.
Erin Kelly of SentinelOne cautioned that hiring in this environment requires a sharper eye for what she called "durable skills" such as collaboration, curiosity, and likability. Moderator Simone Petrella, Board Member of N2K Networks, agreed. "Companies need strategies that look beyond pure cybersecurity skills to durable skills," she said. Kelly's advice for job seekers? "If you aren't selected, ask for feedback and stay in touch." She referred to a recent hire who followed up the interview with a personal note summarizing the conversation and her personal interest—a rare gesture of human connection in an AI-driven process.
Dawn-Marie Vaughan of DXC Technology noted that specific keywords, such as lockpicking, have become ubiquitous in resumes. So, her team looks for what she calls "little Easter eggs" that demonstrate individuality and human input, such as hobbies and interests, since AI can't include humor or personality. DXC Technology also puts candidates through live-fire testing—a real-world simulation of a cyber attack—to confirm they have the skills without using references or AI.
As deepfakes and social engineering evolve, candidate screening has become a matter of national and corporate security, not just HR compliance. "We must realize that this is a business," Abdullah said, noting that nation-states are grooming individuals to participate in the business of cybercrime, and that LinkedIn is a popular platform for these individuals to target U.S. organizations. In response, Mastercard requires in-person interviews at a company facility before hiring, rather than over video or phone, due to the growing sophistication of deepfakes.
Co-Chair of The Cyber Guild Foundation and former National Security Agency Signals Intelligence Director Teresa Shea agrees. "As digital deception grows, the strongest cybersecurity teams will be those built on integrity and critical thinking, not just code." Shea encourages managers to "trust, but verify your potential candidates - it's a leadership imperative now more than ever."
The cybersecurity workforce of tomorrow won't be defined by those with the highest college degree, but by those who learn, collaborate and adapt. At The Cyber Guild's UWIC conference, that message was clear: in a field built on defending humanity from unseen threats, being human may be the most valuable qualification.