State of cybersecurity hiring in 2025 — is the "skills gap" real?
Every vendor report says there are 3.5 million unfilled cybersecurity positions. But I see hundreds of applicants for every junior SOC analyst role posted.
Is the skills gap actually a senior skills gap? Companies want 5+ years experience, CISSP, and cloud certs for $75k/year. Meanwhile, entry-level folks can't get interviews.
What's your experience? Are you hiring? What are you actually looking for?
The gap is real but misunderstood. Companies want unicorns who can do IR, cloud security, AppSec, AND manage a team — for mid-level pay. The actual gap is in realistic job descriptions and willingness to train.
I got my start through an MSP. If you're entry level, MSPs will give you exposure to everything — patching, firewalls, endpoint, alerting. You learn fast because you're doing real work from day one.
Hiring manager here. I'd rather see a home lab write-up and a TryHackMe profile than a stack of certs from someone who can't explain how DNS works. Show me you can think, not just study.
Certs still matter for getting past HR filters. But once you're in the interview, it's all about can you troubleshoot, can you explain findings, and do you have intellectual curiosity.
The gap is also geographic. Remote work helped but many gov/defense roles still require on-site + clearance. That concentrates talent in specific metros.
Verified Access Required
To maintain the integrity of our intelligence feeds, only verified partners and security professionals can post replies.
Request Access