“CYBERSECURITY JOBS – WHY BOTHER?” It’s a provocative question, but one that’s becoming increasingly common in industry circles. A recent ZDNet report highlighted a sobering reality: nearly half of all cybersecurity professionals are considering hanging up their headsets. The culprits? Stagnant compensation, chronic overwork, and a fundamental disconnect between technical experts and the executives who hold the purse strings.
As a 30-year veteran of the IT and Infosec trenches, I’ve seen this movie before. I’ve lived the 90-hour work weeks and woken up under a desk to the sound of a manager’s boot because an on-call tech missed a page. I’ve spent the last quarter-century as a consultant specifically to avoid the soul-crushing weight of salaried “leadership” roles.
If we want to save the industry, we need to stop offering pizza parties and start addressing the structural rot.
The Myth of the Skills Shortage
We are constantly told there is a “talent shortage.” To be blunt: a talent shortage is almost always a funding shortage in disguise. If you pay people more, they find the motivation to “skill up.”
The industry currently suffers from a massive coordination failure. HR departments demand “entry-level” candidates who somehow possess five years of experience and three certifications. Meanwhile, middle managers are often forced to choose between hiring a seasoned pro or an apprentice because both count equally against a rigid “headcount” quota. We are eating our own seed corn, then wondering why the harvest is thin.
Security as a “Cost Center”
Information security is expensive. It’s a hard pill for a CFO to swallow because, on a spreadsheet, security doesn’t contribute to the bottom line—it only protects it.
I like to think of senior leadership’s approach to tech like a car owner. Most people don’t need to know how to rebuild an engine; they just need to know that when the dashboard light flickers, it’s time to call a professional. But in the corporate world, if the cost of the repair exceeds the perceived value of the car, they’ll just keep driving until the wheels fall off.
This is why **regulation** is our only path forward. Frameworks like DORA and NIS2 take away the “agency” of leaders to gamble with digital safety. Just as we have environmental protections to stop factories from dumping sludge into rivers, we need digital protections to stop companies from dumping risk onto society.
The Leadership Crisis and the “RTO” Devil
We have plenty of managers, but a shocking lack of leaders. Too often, we promote brilliant technologists to their level of incompetence—the Peter Principle in action. These “accidental bosses” often fall back on outdated control mechanisms, like mandatory Return-to-Office (RTO) mandates.
If a manager insists on seeing your face in a cubicle to verify you’re working, they aren’t managing performance; they’re managing presence. In a field as high-stress as ours, flexibility isn’t a perk—it’s a retention strategy. People stay because of leaders; they leave because of companies.
Why We Stay
With all the griping, why does anyone stick around for 30 years? Because at its core, cybersecurity is one of the most intellectually stimulating fields on Earth. It requires you to be a polymath: part engineer, part lawyer, part psychologist, and part geopolitician. It is rarely dull.
Working with startups and mentoring the next generation provides a glimpse of what’s possible when ego and bureaucracy are stripped away. There is a profound reward in sharing hard-won wisdom with people who are actually motivated to listen.
The Bottom Line…
The “secret” to fixing the cybersecurity talent drain hasn’t changed in three decades: **Hire competent people, trust them to do their jobs, and pay them what they are worth.** Until the boardrooms realize that “things cost money,” the industry will continue to sleep under its desk, waiting for a wake-up call that might finally come in the form of a total system failure.
Author:
Bharat Raigangar, 1CxO
