A few months ago, I did an AMA on Reddit's r/cybersecurity. I expected questions about tools, certifications, maybe some war stories. What I got instead was a wave of anxiety.
"Is cybersecurity engineering still worth it?" "I feel like everything is moving too fast." "How much effort goes into getting your foot in the door?" "I feel stagnant right now." "How do you handle burnout and not go feral in the woods with a tin foil hat?"
These weren't idle questions from people browsing Reddit at lunch. These were people genuinely worried about their futures. Experienced practitioners with 7, 10, 15 years in the field feeling like the ground was shifting under them. Fresh graduates staring at a job market that seems to have evaporated overnight. CISOs quietly burning out under impossible expectations.
I want to talk about all of it. Honestly.
The Job Market Isn't What It Was. Let's Start There.
I run a 500-person cybersecurity firm. We used to pride ourselves on our fresher intake. Some of those fresh graduates went on to become CISOs. Genuinely.
We used to hire hundreds of graduates a year. Now it's 20 to 30.
I am sorry to be the bearer or confirmer of bad news. But AI is doing so much of the Level 1 and Level 2 work that it's becoming near impossible to find useful work to give newer folks. GRC is becoming highly automated. Pentesting: hundreds of GitHub repos now automate what used to take a team weeks. SOC alert triage, evidence validation, compliance reporting: agents handle it.
Entry-level jobs in most knowledge fields are gone.
This is a serious issue because our entire economy runs on the apprenticeship model. Junior people do junior work. They learn from seniors. They become the next generation of experts. That pipeline is breaking. If AI handles the Level 1 and 2 work, how do we produce the next generation of Level 3 and 4 practitioners? I don't have a clean answer. It does not bode well for the future, I fear.
And here's the part people don't say out loud: this isn't just about cybersecurity. The execution layer of most knowledge work is getting hollowed out. Junior lawyers, junior consultants, junior developers, junior analysts, all facing the same squeeze. The "AI augments, doesn't replace" argument is comforting, but the speed of this transformation is different from anything we've seen before. Societies didn't have to retrain factory workers into software developers in 18 months.
The Middle Is Getting Squeezed
If you're at the senior level, 10, 15, 20 years in, you're not safe either, but the dynamics are different.
The people at the top, with genuine domain expertise and the judgment to direct AI systems, are becoming more productive than ever. The people at the bottom are struggling to get a foothold. And the middle? The middle is getting squeezed from both ends.
I told someone recently: the highest you'll probably go in pure cybersecurity is CISO, which is a high stress, high burnout role. I have the deepest empathy for my CISO friends. It is a tough gig. You're responsible for everything, blamed when anything goes wrong, and half the organization doesn't understand what you do. Business legitimately wants and needs to make profits. IT is focused on uptime and performance. Security is a cost and a hindrance no matter how smartly you position it.
That first moment when you realize that very few people actually care about what you do? That's just a sad one. But we shall persevere.
The structural problem is this: if a company of 10 people can now do what 200 people used to do, and the productivity gains flow to founders and investors, you get a society where a significant fraction of the workforce loses economic purpose faster than new purpose gets created. For executives and middle management specifically, there's a comforting narrative that "leaders are safe because leadership requires human judgment." That's partially true and largely self-serving. Strip away the values-setting and novel decision-making, and look at what most executives actually spend their time on: processing information, synthesizing reports, running structured decision processes. That work is already being automated.
Burnout Is Not a Personal Failure
Someone asked me during the AMA how I handle burnout and stay in the game. The honest answer is: not always gracefully.
I've been through 2 or 3 burnout cycles myself. The whole field gets overwhelming at times, especially when you realize literally no one outside security cares for any of it. You enter the field believing you're doing something special, that you'll make a difference, that you're making the world a safer place. And then reality hits.
I agree with the person who told me it's getting overwhelming. You have to run faster and faster just to stay in the same place. Everyone's releasing tools, feeds are blowing up with AI this and AI that. Certifications feel like they matter less every year. And beneath all of it is this ambient anxiety. Am I keeping up? Am I falling behind? Is my role going to exist in 3 years?
Here's what I've learned works. Not as a productivity hack, but as a way to keep going.
Identify the most boring and annoying parts of your job and either make your peace with them or hire someone to do them. Now, I use AI to do the stuff I don't enjoy doing. That alone has been transformative.
Find a hobby that gets you outdoors and lets you meet people outside of cyber. I took to hiking and then to mountaineering. Getting up a mountain doesn't care about your CVSS scores or your compliance deadlines. It just cares about whether you put one foot in front of the other.
Pursue something creative. Creating social media content has become my current outlet. It sounds small, but having a space where I'm building something for the joy of it, not for a client, not for a board, not for a compliance audit, that matters more than I expected.
Find a coach or a therapist. I did a year or so with a business coach. It was quite life-changing.
And this isn't just personal anecdote. There's real research showing a global convergence of crises: post-COVID collective trauma, dopamine-rewired attention spans, remote work isolation, and chronic economic anxiety all compounding each other. People aren't refusing to learn or engage. Their capacity has been genuinely diminished by chronic stress and fragmented attention. As a leader managing mostly Gen Z teams with millennial managers, I've had to learn that what looks like disengagement is often exhaustion wearing a different mask.
So What Do You Actually Do?
I don't want to end this with vague encouragement. Here's what I'm telling people, whether they're fresh graduates, mid-career professionals, or senior practitioners feeling the squeeze.
If you're starting out. You have to really stand out from the hundreds of thousands of graduates coming out of cybersecurity courses every year. I encourage you to explore unsolved problems in cybersecurity. Use AI and Reddit and Google's NotebookLM to brainstorm and research. Build free tools and share them with the community. Offer to teach at your college. Go help your local law enforcement office with cybercrime investigations. Make yourself as useful as you can to your local community and the broader cybersecurity community.
I don't have a college degree. I started in India in 2001, where the cybersecurity market was non-existent. I wrote on blogs, contributed to security mailing lists like Bugtraq and Security Focus. You could do something similar on social media now. Create useful tools and have a GitHub repository. Your GitHub repo matters more than your GPA. Prove yourself publicly, add value to people's lives, and your degree, location, age, none of it will matter.
If you're mid-career and feeling stuck. Don't try to learn everything. Pick one field: Azure Forensics, Agentic AI Security, OT Security, something specific, and become one of the top 10 people in the world at it. That kind of in-depth knowledge and expertise makes you irreplaceable by AI. That is my current philosophy. Depth beats breadth. It always has, and it matters even more now.
I'd also push back on anyone considering a career change into cybersecurity without a strong reason. Cybersecurity is glamorous on the outside, but demand for entry-level positions is non-existent, and even for experienced practitioners, burnout is a very real possibility. Passion will only get you so far. You need a stronger reason to make this decision. Are you seeing real demand in your company or region? Please be 100% sure.
If you're senior and wondering what to focus on. Understand AI from an architecture perspective. Build your own agents. Figure out MCP and multi-agent architectures. How do you do identity and access management, observability, input validation, output validation when it comes to agents? The confluence of AI/ML knowledge combined with cybersecurity is going to be a high-demand skill going forward. That intersection is where the most valuable work will happen for the next decade.
If you're a leader. I've committed to everyone at Network Intelligence that we won't fire a single person because AI is replacing their job. We'll invest in their training and upskilling. But I'm not sure other cybersecurity and services firms will approach it the same way.
The most valuable people on my team, across GRC, pentesting, SOC, every practice, are the ones who took AI disruption and ran with it. Our GRC folks are now extending into pentesting, cloud architecture, appsec. They could never have touched that work before. AI made them more capable across a wider set of domains. The people who embraced it became 10x more productive. The people who resisted are struggling.
The Ground Is Moving. But You Can Move With It.
I started my company at 20 years old. College dropout. No clients. In India in 2001, when cybersecurity didn't exist as a market. We called it "computer security" and customers would say "we have Antivirus" and walk away.
25 years later, I've watched multiple waves of technological transformation hit this industry. Each one sparked panic. Each one created new opportunities for the people willing to adapt.
This wave is faster and more disruptive than anything before it. I won't pretend otherwise. But the people who will thrive are the same kind of people who have always thrived: the ones with genuine expertise who learn to use new tools as a multiplier, the ones who build in public, the ones who contribute to their community, and the ones who find meaning outside their job title.
If you're feeling overwhelmed, you're not alone. If you're questioning your career path, that's a sign of intelligence, not weakness. If you're scared, good. Use it. Channel it into building something.
As Goethe said:
Whatever you can do or dream you can, begin it; Boldness has genius, power and magic in it.
That line inspired me to start my company at 20 and not wait for a college degree or postgrad. I hope it inspires you to start whatever it is you've been putting off.
