3 Converging Challenges Reshaping Cybersecurity Hiring in Higher Education

If you're a higher education IT leader, you've probably noticed that the job market for cybersecurity professionals is beginning to shift. Many institutions still list traditional requirements, such as degrees, certifications, and years of experience, in their job postings, but forward-thinking organizations are starting to emphasize the skills candidates actually possess. Requirements are evolving from "must be a Certified Information Systems Security Professional (CISSP)" to "must demonstrate the ability to configure Security Information and Event Management (SIEM) tools." This isn't just a minor adjustment. It's the beginning of a fundamental transformation in how organizations evaluate and hire talent.

Consider this paradox: Many of you work at institutions that grant the very credentials the broader market is starting to look past. Colleges and universities issue degrees and certificates that have traditionally served as the primary currency of qualification, yet when it comes to protecting your own digital infrastructure, it is becoming clear that demonstrated capability matters as much as—if not more than—formal credentials.

This shift isn't happening in a vacuum. It's being driven by three converging challenges that create what I call the "perfect storm" for higher education cybersecurity teams. Understanding these forces and how skills-based hiring addresses them is essential for anyone looking to build, join, or advance within a higher education security team.

Challenge #1: The Budget Reality

Let's start with the challenge dominating every IT department meeting: shrinking resources. According to a recent EDUCAUSE survey, 42 percent of higher education institutions expect IT budget decreases in the 2025–2026 academic year.^Footnote1 Yet, the average cost of a data breach for educational institutions is $3.86 million, and the threat surface continues to expand with the adoption of cloud technologies, remote learning platforms, and emerging technologies.^Footnote2

The broader industry is experiencing the same squeeze. According to the 2024 ISC2 Workforce Study, 37 percent of cybersecurity teams reported budget cuts, and 67 percent said they lacked the staff needed to meet their goals.^Footnote3 Nearly 60 percent of professionals believe that these shortages have put their organizations at significant risk.

This budget reality fundamentally changes how you need to think about talent acquisition. If you can't match private sector salaries—and to be honest, most institutions likely can't even come close—you need to expand your search. Skills-based hiring opens doors to talented professionals who might lack traditional credentials but who possess the exact capabilities you need. That self-taught security analyst who spent nights and weekends mastering cloud security might not have a four-year degree but could be exactly who you need to secure your AWS environment.

Challenge #2: The AI-Accelerated Threat Landscape

The second challenge is the rapid evolution of threats, particularly those powered by artificial intelligence (AI). If you think phishing emails have gotten more convincing lately, you're right. Threat actors are using generative AI (GenAI) to craft targeted, context-aware attacks that bypass traditional security awareness training. They're using AI to identify vulnerabilities faster, automate exploitation at scale, and even generate polymorphic malware that adapts to evade detection (see video below).

Protecting Yourself from Deepfake Scams

According to the same ISC2 study, cybersecurity teams are also using AI, with more than 45 percent integrating it into their workflows to help bridge skills gaps and strengthen threat detection.^Footnote4 But this raises additional concerns: More than half (54 percent) of cybersecurity professionals say they have faced data privacy and security concerns due to the adoption of GenAI.^Footnote5

Higher education institutions need professionals who not only understand traditional defenses but also know how to secure and safely deploy AI-driven tools. Traditional education and certification programs provide crucial foundational knowledge; however, ongoing skill development and verification are necessary to keep pace with emerging technologies and evolving threats.

Challenge #3: Doing More with Less

The third challenge is the growing mismatch between the scale of cyber risk and the size of the available workforce. According to CyberSeek, there are currently 518,000 unfilled cybersecurity jobs in the United States, and nearly 10 percent of those job postings require AI skills in addition to cybersecurity expertise.^Footnote6

In higher education, this plays out as smaller teams are asked to secure more systems, more data, and more threats with fewer people. The Life and Times of Cybersecurity Professionals report revealed that 59 percent of organizations impacted by the skills shortage placed heavier workloads on existing staff, and 40 percent said they were unable to fully utilize the security technologies already in place.^Footnote7

Skills-based hiring, powered by new AI verification technologies, can help you address this pressure by ensuring that you hire people who possess the skills you need. The challenge isn't just finding candidates; it's determining whether they can work effectively with your specific tech stack at the level you require and have the potential to grow with your organization.

Traditional résumés and certifications don't tell you whether someone is capable of investigating incidents in your Splunk environment, writing detection rules for your specific EDR platform, or prioritizing threats based on the risk profile at your institution. AI-powered skills verification changes this equation entirely. These platforms can evaluate candidates by having them perform real tasks on simulated versions of your actual tools and compare their performance to that of thousands of other professionals who have done similar work.

This means you can confidently hire that boot camp graduate or career changer, knowing they've demonstrated the exact capabilities you need. These candidates often bring fresh perspectives while also valuing the mission-driven nature of higher education. AI-powered assessments also help eliminate unconscious bias by evaluating candidates' skills rather than where they learned them. This naturally creates more diverse and inclusive security teams.

The Skills Verification Evolution

So how can skills be verified in practical, meaningful ways? This is where AI technology is fundamentally changing what's possible. It's the key that finally makes skills-based hiring viable at scale.

Modern AI-powered skills verification goes far beyond asking candidates to complete a lab exercise or reviewing their GitHub portfolios. When a candidate investigates a security incident in a simulated environment, AI evaluates not only whether they found the threat but also how their approach compares to that of thousands of other security professionals, providing objective rankings and identifying specific strengths and skills gaps.

The federal government is already embracing this approach through skills verification pilot programs, as well as through its broader transition to DoD 8140 (the U.S. Department of Defense Cyber Workforce Qualification Program). This shift emphasizes continuous skills development and validation over static certification checklists.

For higher education, AI technology removes the last barrier to skills-based hiring. You can now evaluate candidates at scale, with a level of consistency and objectivity that wasn't possible even two years ago. When proposing this approach to institutional leadership, you're not suggesting an experiment. You're recommending proven technology that's already transforming how the federal government and leading organizations identify talent.

Implementation Strategies for Institutions

You can begin implementing AI-powered skills-based hiring by establishing strategic partnerships and by following these manageable steps:

Partner with AI verification platforms. Your higher education institution may not have the budget to build a platform internally. Providers such as Infosec have already evaluated thousands of professionals across various industries, building comparative databases that enable accurate assessments. By partnering with such providers, you gain immediate access to technology that would otherwise take years and millions of dollars to develop internally.

Start with pilot programs. Begin with one or two positions for which traditional hiring has been challenging and then assess both traditional and nontraditional candidates. When you can show your colleagues in the human resources (HR) department that a community college graduate or career changer can perform cloud-security tasks as capably as other industry professionals, the value becomes undeniable.

Build data-driven cases for HR. Your HR partners need concrete evidence to change established practices. AI verification platforms can provide detailed analytics related to skill level. Instead of saying, "This candidate seems qualified," you can provide objective data, which reduces legal risk and helps justify hiring decisions.

Scale gradually with proven success. As pilot programs demonstrate value—such as faster hiring, better retention, or stronger performance—expand the approach. Track the on-the-job performance of these new hires and feed this data back to improve future evaluations.

The Path Forward for Higher Education

The convergence of budget constraints, AI-powered threats, and talent shortages represents a lasting shift in higher education cybersecurity. But unlike past calls for skills-based hiring, AI technology now makes this transformation achievable at scale.

Institutions that integrate AI-powered skills verification into their hiring and upskilling processes will build stronger, more capable security teams. The question isn't whether this shift will happen but whether your institution will lead or lag.

Educational institutions are uniquely positioned to embrace this transformation. You understand better than most that learning and skill level manifest in many forms beyond traditional credentials. The mission of expanding access to education aligns perfectly with expanding access to cybersecurity careers—welcoming community college graduates, career changers, veterans, and self-taught professionals who can demonstrate the skills you need.

By embracing the shift toward verified skills, you're not only adapting to the changing market but also positioning your institution to thrive despite budget constraints, evolving threats, and a leaner talent market. Those who recognize and act on this shift will help define the future of cybersecurity hiring in higher education.

Notes

1. Mark McCormack, "EDUCAUSE QuickPoll Results: Technology Budgets and Staffing," EDUCAUSE Review, April 21, 2025.Jump back to footnote 1 in the text.↩
2. Cost of a Data Breach: Report 2025 (IBM, 2025).Jump back to footnote 2 in the text.↩
3. ISC2 Workforce Study (ISC2, October 2024). Jump back to footnote 3 in the text.↩
4. Ibid.Jump back to footnote 4 in the text.↩
5. Ibid., 57.Jump back to footnote 5 in the text.↩
6. "Cybersecurity Supply/Demand Heat Map," Workforce Map, CyberSeek, accessed September 10, 2025.Jump back to footnote 6 in the text.↩
7. Jon Oltsik and Bill Lundell, The Life and Times of Cybersecurity Professionals, Vol. VII (Enterprise Strategy Group, TechTarget, September 2024). Jump back to footnote 7 in the text.↩

---

Keatron Evans is the VP of Portfolio Product and AI Strategy at Infosec Institute.