COMMENTARY: After spending a few days walking around Mandalay Bay for Black Hat 2025, one theme stood out more than the others:
the widening gap between the security industry’s innovations and the well-being of its people.Yes, this year’s conference was once again dominated by discussions about AI, threat intelligence, ransomware, cloud security, and identity. And yes, vendors are buzzing with new product announcements. But the conversations that stuck with me — the ones that felt urgent — were from the people talking about burnout, about
broken job pipelines, and about the increasingly frustrating search for meaningful, stable employment in security.
Every year, attendees show up looking for their next opportunity, but this year the tone has shifted. The stories feel heavier, the anxiety more palpable. People are openly wondering whether anyone ever sees
the job applications they send, or if AI filters are kicking them out before a human ever has a chance to evaluate their experience. They’re describing
a hiring process that feels cold, impersonal, and in many cases — entirely disconnected from the talent it claims to be seeking.
Disruption fatigue and the AI impact
The market has been in flux for years now — reshaped by geopolitical instability, economic swings, and the endless march of digital transformation. And now, of course,
AI is the newest force of disruption. It’s no surprise that many vendors here are showcasing AI-powered capabilities. But alongside the hype, I’m hearing real concern about how AI is being used to justify workforce reductions and cost-cutting — in some cases, prematurely and without clarity about long-term impacts.
We’ve seen this before. At the dawn of the internet, and again during the dot-com bust, technology promised scale and speed — and many talented people were left behind in the name of efficiency. AI feels like it’s heading toward the same inflection point. The difference now is that the pace of disruption is faster, and the margin for error is thinner.
Human resilience as the real differentiator
There’s a lesson buried in all this:
the people who will thrive in this new era are those who can use AI as a skill amplifier, not a replacement. It’s not about letting go of human insight — it’s about learning how to prompt better, think bigger, and work faster without abandoning the integrity of our craft.
Companies that understand this — and that invest in their people with the same intensity they invest in platforms — are going to be the ones that weather the coming shifts best.
One bright spot I’ve been amplifying is the work of
Deidre Diamond and
CyberSN, a company focused on repairing the broken job matchmaking system in security. They’re working to ensure that practitioners are paired with roles that actually fit — both in terms of skills and career trajectory. That kind of work deserves more attention and support.
Another bright spot is a company I talked to called
Command Zero, co-founded by industry pioneer
Dov Yoran. This company is focused on something sorely needed in SOCs: autonomous & AI-assisted cyber investigations that bring things like alert fatigue to heel.
The road ahead: From burnout to belonging
This is a problem that’s not going away anytime soon. But the good news is, people are talking about it — and listening. I’ve seen encouraging signs that vendors, including those doing the hiring, are starting to take these concerns to heart.
There’s a growing recognition — maybe even a universal one — that we’re all in this together, and we need to take better care of our own. That’s going to take more than acknowledgment. It’s going to take structural change, sustained attention, and a willingness to do the work.
We can’t control everything: not the next wave of tariffs, not the next economic dip, and not the unpredictable effects of AI on the job market. But we can control how we support one another. We can keep having the conversations. We can keep brainstorming new ways to navigate what comes next.
Because while there’s a lot of uncharted territory ahead, this feels like the first real challenge of its kind in cybersecurity after a decade of investment and momentum.
And if history is any guide — the dot-com collapse, the 2008 crash — we do get to the other side.
