Digital threats are growing as organizations adopt more cloud services, expand their digital footprints and face increasingly sophisticated adversaries who exploit every gap in speed, visibility and expertise. The World Economic Forum’s “Global Cybersecurity Outlook 2025” underscores an added challenge: Only 14% of companies report having the talent needed to meet their security goals.
As attack surfaces widen and skilled defenders remain scarce, many organizations are rethinking traditional hiring pipelines and exploring creative ways to strengthen their defenses without relying solely on hard-to-find specialists. Below, members of Forbes Technology Council share unconventional approaches companies can use to close capability gaps, reinforce existing teams and maintain strong cybersecurity amid the ongoing talent shortage.
“Rather than chasing scarce talent, companies should focus on visibility and context. Most breaches stem from unknown identities and unchecked access, not zero days. By strengthening identity governance and access intelligence, organizations can multiply the impact of small security teams, turning knowledge, not headcount, into their greatest defense.” – Peter Hill, Gathid
Cyber Guild Ecosystems
An unconventional yet timely way to bridge the cybersecurity talent gap is to cultivate “cyber guild ecosystems”—dynamic, AI-supported communities blending the energy of gamers, ethical hackers and professionals from diverse domains into mission-driven teams. These guilds could create environments where people learn, compete and problem-solve together while AI systems act as mentors and co-defenders. – Deep Narayan Mishra, Walmart Inc.
Agentic AI For Continuous Control Validation
In a talent-constrained world, forward-leaning organizations aren’t hiring more analysts—they’re deploying agentic AI to generate continuous, cryptographic proof that controls worked when it mattered. This defensible automation reduces breach impact, insurer friction and boardroom risk—no headcount required. – JJ Thompson, Spektrum Labs
Architecture And Engineering Review Boards
Create an architecture and engineering review board (AERB) that all current and future technical designs are required to flow through. Make sure the AERB comprises a small group of your best engineers, developers, network engineers and security experts. The group should meet multiple times a year, and all technical staff should be required to rotate through to listen and contribute to the AERB. – Jonathan Doughty, Mentat, LLC
Organizationwide Security Ownership
Cybersecurity is everyone’s job. Instead of creating a silo for a single department, invest in training and guardrails for every department. Build a culture where security teams focus on high-impact issues while everyone else is responsible for basic security hygiene. – Cody Pierce, Neon Cyber Inc.
Embedded Security-By-Design Practices
Build security into product design instead of adding it in afterward. Embed industry best practices through predefined controls and policy templates that enforce protection automatically—then partner with trusted experts who can extend that foundation with deep, domain-specific insight. Together, these strategies turn scarce talent into amplified capability. – Ganesh Kirti, TrustLogix
AI-Driven Automation And Internal Cross-Training
The best way to get the most out of your current cybersecurity team is to leverage AI to automate routine tasks and free up your human talent for more high-impact, strategic work—including cross-training internal staff from IT or data roles into cybersecurity roles. Training internally is faster than trying to recruit outside talent and results in a more resilient, adaptable and unified team. – Eyal Benishti, IRONSCALES
Problem-Based Cyber Awareness Training
Empower your technical teams via awareness and know-how. Using awareness techniques such as problem-based learning can produce “laser focus,” since the training is based on real-world issues the business is faced with. Frankly, generic awareness training switches people off. Problem-based training could focus on recent events such as an attempted phishing attack or a code vulnerability. – Eoin Keary, Edgescan
Pursuit Of Quantum Readiness
Adopt a quantum readiness mindset. Preparing for the post-quantum era forces organizations to build adaptable, future-proof security frameworks that emphasize automation, resilience and continuous learning. This approach helps teams do more with less while staying ahead of emerging threats. – Jason Sabin, DigiCert Inc.
A Multidisciplinary Security Culture
Upskill existing employees across departments—not just IT—to create a multidisciplinary security culture. Leverage AI-driven tools and teams for automation in threat detection and response. Foster partnerships with specialized firms, and encourage cross-training internally to bridge gaps and strengthen resilience amid evolving security demands. – Matthew Peters, CAI
A Focus On Identity Governance And Access Intelligence
Rather than chasing scarce talent, companies should focus on visibility and context. Most breaches stem from unknown identities and unchecked access, not zero days. By strengthening identity governance and access intelligence, organizations can multiply the impact of small security teams, turning knowledge, not headcount, into their greatest defense. – Peter Hill, Gathid
AI-Driven Security Copilots
One unconventional approach is to leverage AI-driven security copilots that augment human analysts rather than replace them. These tools can automate routine monitoring, threat detection and incident triage, freeing skilled staff to focus on complex issues. By combining limited human expertise with intelligent automation, companies can scale cybersecurity capabilities faster and smarter. – Ilakiya Ulaganathan, JPMorganChase
Enhanced Permission Visibility
One way to combat the cybersecurity talent shortage is to focus on prevention. Understand not just who has access, but what they can actually do. When organizations gain visibility into permissions across systems, they reduce complexity, risk and manual toil and often reduce the need to hire for work that visibility and automation can solve. – Tarun Thakur, Veza
Treating Cybersecurity As A Strategic, Innovation-Forward Initiative
I’d suggest a threefold solution. First, cybersecurity should be viewed as a strategic initiative anchored in scalable architecture, phased modernization and AI-driven automation. Second, embed cross-functional security teams within business and engineering teams and treat security as innovation, not cost. Finally, strengthen hiring and talent retention and link cybersecurity to KPIs to reinforce accountability for a secure and intelligent company. – Saurabh Gupta
The ‘Player/Coach’ Model
Adopt the “player/coach” model: Bring in external experts who don’t just complete tasks, but also actively mentor your internal team while delivering work. This provides immediate expertise without long recruitment timelines while upskilling your existing team, building long-term capability as you address short-term needs. You get deliverables and a stronger internal team, not just a finished project. – Shane O’Donnell, Centric Consulting
‘Elevated Generalists’
Companies should upskill existing talent through structured rotations, AI-driven automation backfills and targeted training. This includes developing “elevated generalists”—emerging leaders who bridge AI, data and risk across the enterprise. Partnering with trusted providers and hiring for adaptability and problem-solving further strengthen cybersecurity resilience. – Fletcher Keister, GTT Communications, Inc.
Partnerships With Managed Security Services
With security teams stretched thin, organizations should outsource smartly by investing in managed security services to augment their cybersecurity stack. Partnering with trusted providers adds expertise and 24/7 coverage without expanding headcount, allowing internal teams to focus on proactive defense and strategy instead of routine firefighting. – Fran Rosch, Imprivata
Internal Training Through Short Projects And Mentoring
A practical way to handle the cybersecurity talent shortage is to develop cybersecurity talent and skill sets within. Instead of waiting to hire experts, companies can train engineers, analysts and IT staff through short security projects or mentoring programs. It builds real-world skills, strengthens collaboration and creates a culture where everyone thinks about security—not just the specialists. – Umesh Chauhan, American Express
Evaluation Of The Current Threat Landscape
Before setting up a security team from scratch, it’s advisable to bring in a consultant to evaluate the organization’s current threat landscape. First understanding the specific risks and then planning targeted mitigation strategies is more effective than rushing into solutions based on general advice. – Vasanth Mudavatu, Dell Technologies
Making Cybersecurity A Priority Of The Board Of Directors
Addressing the cybersecurity skills gap needs to be a priority. Ensuring that the board of directors is receiving enterprise risk reports or is part of annual audit checks are great ways to make sure the issue gets the focus it deserves; otherwise, it’s put in the bucket of “nice to haves.” Tie it to your financial and insurance requirements. – Frank Carnevale, iGreenTree Inc.
