• For years the fix was always “hire more people.” Bootcamps printed graduates. Companies posted thousands of jobs.
• Didn’t work. Because the skills the jobs actually need changed faster than schools could teach them.
• Then AI showed up and broke everything again — now you need people who understand BOTH security AND how AI gets attacked. Demand for that combo doubled in 5 years.
• Meanwhile the existing crew is fried. Over half report constant stress. They quit. The hole gets deeper. Rinse, repeat.

bro it’s a treadmill and everybody’s running the wrong direction.

Source: Accenture leads via Fortune.

Think of a security team like an orchestra. The Operators are the musicians — each one shreds on their instrument (firewalls, scans, code). Plenty of talented players out there.

The Conductor is the one who makes them all play together AND walks out to tell the audience (the CEO, the board, the budget people) what’s going on in words they understand. That person is unicorn-rare. Companies will pay stupid money for one.

You don’t need to be the best musician in the room. You need to be the one who can read the room. That’s the whole cheat code right there.

• The security veterans: “lol they finally noticed the problem isn’t headcount, it’s that nobody can translate a breach into English for the suits.”
• The bootcamp grads: “great, so my certificate that took 6 months is already half-obsolete?” (kinda, yeah — keep going.)
• The hustlers: “wait. desperate companies + skill gap + no training budget = they’ll pay outsiders. say less.”
• The cynics on r/cybersecurity: “they created the burnout, now they’re shocked about the burnout.” classic Surprised-Pikachu energy.

Here’s the thing nobody says cleanly: a “skills shortage” is almost never about smart people not existing. It’s about a system that’s too lazy or too cheap to grow the people it already has. Under 30% of companies fund training — then act betrayed when nobody shows up pre-trained for a job that didn’t exist 18 months ago. That’s not a talent gap. That’s a management gap wearing a talent-gap costume.

Which means the opportunity isn’t “go get hired.” The opportunity is to become the bridge the whole industry forgot to build — the rare person (or tiny service) that connects “we found a scary thing” to “here’s what to do about it in plain words.” You can start building that today with free labs and free reading, no degree, no permission slip.

and yeah, that’s your two paragraphs of sincerity. back to your regularly scheduled chaos.

Companies are drowning in scary security reports written by techies that no boss can read. Be the person who turns a wall of jargon into a one-page “here’s the risk, here’s the fix, here’s the cost” memo. You’re not finding the bugs — you’re making them understandable. That’s the rare skill (the 59% nobody has).

Example: A 24-year-old in Lagos, Nigeria with basic security knowledge + actually-good writing joins a few MSP Discord/Slack groups and offers “raw scan → boardroom one-pager” rewrites at $80 a pop. Small shops with no time eat it up. 6 clients on retainer = rent covered.

Timeline: First paid memo in 1-2 weeks. Steady retainers by month 2-3. Plateaus once you max your hours — that’s your signal to hire a junior and become the Conductor of Conductors.

Demand for AI-security skills DOUBLED, but the bootcamps haven’t caught up yet. There’s a 12-18 month window where being the first person in your city/country to test how AI chatbots get tricked makes you the only option. Learn prompt-injection testing now, before everyone else floods in.

Example: A 22-year-old in Manila, Philippines spends a month on free OWASP LLM guides, then offers “is your AI chatbot leaking secrets?” mini-audits to local SaaS startups for $200. They have AI bots, zero idea how to secure them, and no budget for a big firm. First-mover takes the niche.

Timeline: Skills in ~4 weeks. First audit within 6 weeks. The window stays open until ~late 2027 when this becomes a standard checkbox — get in before the crowd.

A brand-new field means a brand-new vocabulary nobody’s organized yet. Build the cleanest free cheatsheet / lab walkthrough for ONE specific thing (say, AI red-teaming basics). The first comprehensive, genuinely-useful resource becomes the link everyone shares — and the SEO anchor that quietly funnels readers to your paid Discord or 1-on-1 help.

Example: A 26-year-old in Pune, India builds a free GitHub repo of “100 ways AI chatbots get jailbroken — explained for beginners,” posts it on r/netsec and Hacker News. It blows up, ranks on Google, and the pinned Discord ($5/mo) hits 400 members. Picks-and-shovels money while everyone else digs.

Timeline: Repo built in 2 weeks. Traffic snowballs over 2-3 months. The SEO position is sticky — this one keeps paying long after you stop touching it.

People quit cyber jobs every 1.8 years. That leaves a brutal dead zone where a company has NO security person while they spend 3 months hiring a new one. That’s the gap. Offer short “keep-the-lights-on” coverage — 2 to 4 week contracts to babysit the basics until the full-timer lands.

Example: A 28-year-old in São Paulo, Brazil posts on LinkedIn + Wellfound offering “interim security cover during your hiring gap” — basic monitoring, no fancy strategy. Startups terrified of being naked for 3 months pay $1,500 for a month of peace of mind. Stack 2-3 overlapping gigs.

Timeline: First gig in 3-4 weeks of outreach. Steady flow once word spreads — every company has a gap eventually. Stops working only if you don’t ask for referrals (so always ask).

Already have ANY job at a company with no real security person? Volunteer to BE that person. Companies won’t fund training (under 30% do) — but they’ll happily let you self-learn on the clock if it means free security coverage. You exit in 18 months with the rare hybrid resume the whole market is starving for.

Example: A 25-year-old admin in Nairobi, Kenya tells the boss “I’ll handle our basic security” — then spends work hours on free TryHackMe and Microsoft Learn modules. Company saves money, she builds a Conductor resume on their dime, jumps to a role paying 3x. Diabolical. Legal. Genius.

Timeline: Start tomorrow. Resume-ready in 12-18 months. The only “patch” here is you outgrowing the place — which is the whole point.