If you spend any time talking to people in cyber right now, you’ll probably hear two things that don’t quite add up.

On one side, there are candidates saying it’s never been harder to land a role. Applications go unanswered. “Entry-level” jobs ask for years of experience. The whole process feels slower, more competitive, and a bit opaque.

On the other side, there are hiring managers saying they still can’t find the right people. Roles stay open for months. Shortlists are thin. And when they do find someone good, they’re often already juggling multiple offers.

Both of these things are true...

And that’s where it starts to get interesting.

More People, Same Problem

There’s definitely more interest in cyber than there was a few years ago.

Courses, certifications, career switchers, grads... there’s a steady flow of people trying to break into the industry, which, on paper, should make hiring easier.

But in practice, it hasn’t solved the problem because while the number of applicants has gone up, the number of people with relevant, hands-on experience hasn’t increased at the same rate.

So you end up in this strange position where:

• roles attract a lot of applicants
• but only a small percentage are actually a close fit
• and hiring managers still feel like they’re searching for a needle in a haystack

The Experience Problem

This is where the paradox really sits.

Most organisations aren’t struggling to find people, they’re struggling to find people who can step into a role and operate with minimal ramp-up.

That usually means:

• prior experience in a similar environment
• familiarity with specific tools or frameworks
• the ability to handle real-world incidents, not just theoretical ones

And that’s fair, to a point. Hiring takes time, training takes time and teams are often stretched.

But when everyone optimises for already-experienced talent, something starts to break.

Because those people have to come from somewhere.

The Missing Middle

What’s quietly happening in the market is a squeeze.

Entry-level roles are harder to find, because companies don’t always have the capacity to train from scratch.

At the same time, expectations for mid-level roles keep creeping up.

So you end up with a gap where:

• juniors struggle to get in
• mid-level roles demand more than ever
• and senior talent is constantly in short supply

This creates a pipeline issue which won’t fix itself.

Regional Flavour, Same Theme

Whether you look at the UK, the US, or DACH markets, the pattern is broadly similar.

There are differences, of course.

The US tends to move faster and pay more aggressively. The UK sits somewhere in the middle. DACH often has more structure, with stronger emphasis on qualifications and local language.

But underneath all that, the same dynamic shows up.

Plenty of interest in cyber. Ongoing demand for experienced professionals. And a persistent gap between the two.

Why It Feels Worse Right Now

Part of the reason this stands out more at the moment is that the market has slowed slightly in places.

Hiring cycles are longer, and budgets are more scrutinised, so teams are being more selective.

That tends to amplify the problem.

When hiring is fast, companies are more willing to take a chance on someone with potential.

When things slow down, the focus shifts to lower-risk hires - people who can contribute immediately.

Which, again, pushes everything back toward experience.

So What Happens Next?

This isn’t a new problem by any means, but it does feel like it’s becoming more visible.

Because the industry is growing, expectations are rising, and the gap between “wanting experience” and “creating experience” is getting harder to ignore.

Long term, organisations will have to make a choice.

Either continue competing for the same limited pool of experienced talent, or invest more deliberately in developing it.

That could mean more structured entry pathways, better internal training, or a rethink of what “ready” actually looks like in a candidate.

The Reality

Cyber hiring isn’t broken, but it is slightly out of balance.

There’s more interest than ever in the field. More awareness. More people are trying to get in.

At the same time, the demand for experience hasn’t gone away; in fact, it’s probably increased.

And until those two things line up a bit better, this paradox is likely to stick around.

Which is why, depending on who you ask, the market can feel either full of opportunity…

Or surprisingly difficult to navigate.