Every time another cybersecurity company announces layoffs, I hear some version of the same question:
How can cybersecurity companies be laying people off when cyber risk is increasing?
It is a fair question.
Snyk recently cut approximately 90 employees as it reorganized around AI. Cloudflare announced plans to eliminate more than 1,100 positions, roughly 20% of its workforce, as part of what it described as a shift toward an agentic AI-first operating model. Across the broader technology sector, more than 119,000 jobs had already been eliminated in 2026 by late June.
So what is actually going on?
After 30 years of building and supporting technology and cybersecurity workforces, including serving as the first VP of Sales at Rapid7, I do not believe there is one simple answer.
I believe several massive market forces are colliding at the same time. And cybersecurity companies are directly in the middle of it.
The Era of Cheap Money Is Over
For years, technology companies grew in an environment where money was relatively cheap.
Venture capital flowed freely. Interest rates were low. Companies could hire ahead of revenue, build large teams, invest aggressively in growth, and assume that more capital would be available. Growth was often rewarded more than profitability.
That changed.
As interest rates rose and the cost of capital increased, investors began demanding something very different: efficiency, operating discipline, stronger margins, and a clearer path to profitability. Companies that had built their workforce for a world of inexpensive capital suddenly found themselves operating in a completely different financial environment.
This is important, because many of today's layoffs are not simply about poor performance.
Some companies are growing and still cutting. Some are profitable and still cutting. Some are exceeding expectations and still cutting.
The question has changed from "How fast can we grow?" to "How much can we accomplish with fewer resources?"
And now AI has accelerated that question dramatically.
AI Is Not Just Replacing Jobs. It Is Forcing Companies to Rethink Everything.
I think we make a mistake when we reduce the AI conversation to a single question: is AI taking people's jobs?
That is far too simplistic. AI is forcing companies to reconsider their entire business model. What should we build? What should we buy? What should we automate? What should we outsource? What should we consolidate? What can an AI agent do? And where do we still need human judgment?
And perhaps most importantly:
How quickly could a competitor use AI to build something that took us years to create?
That last question is enormous.
Technology companies have always faced competition, but AI has the potential to dramatically compress development cycles. Companies can build products faster, add capabilities more quickly, automate work that previously required entire teams, and respond to competitors at a pace that would have been much more difficult only a few years ago.
That changes workforce planning. It changes product strategy. It changes investment decisions. And it changes which companies survive.
AI is increasingly being cited as one factor behind workforce reductions across technology, although it is rarely the only reason. Companies are simultaneously restructuring operations, moving investment into AI, eliminating some types of work, and hiring for entirely new capabilities.
This is not a simple story of humans being replaced by machines. It is a complete reassessment of how companies create value.
Cybersecurity Has a Product Consolidation Problem
Cybersecurity is particularly exposed, because for years our industry created more and more products.
A new threat emerged. A company was created. A new category was born. Another product was added to the security stack. Then another. Then another.
We ended up with thousands of cybersecurity companies, and organizations managing dozens, sometimes far more, security tools.
Now customers are asking a completely reasonable set of questions. Do we really need all of them? Can one platform perform the work of several point solutions? Can AI absorb capabilities that previously required separate products? Should we add another security vendor or consolidate with one we already have? Should we build the capability internally, use an MSP, or use an AI agent?
The cybersecurity product market is being forced to consolidate, because customers increasingly want fewer tools, better integration, clearer outcomes, and less complexity.
And when products consolidate, companies consolidate. When companies consolidate, roles overlap. When capabilities change, workforces change.
This is one reason I believe we can simultaneously have a growing need for cybersecurity and layoffs at cybersecurity companies. There is no contradiction.
We may not have a shortage of cybersecurity work. We may have too many overlapping cybersecurity companies, too many overlapping products, and a mismatch between the jobs companies created during the growth-at-all-costs era and the capabilities businesses need now.
Those are very different problems.
A Cybersecurity Company Laying Off Employees Does Not Mean Cybersecurity Work Is Disappearing
This distinction is incredibly important.
When a cybersecurity company lays off 100 employees, that does not necessarily mean 100 cybersecurity practitioners lost their jobs. Cybersecurity companies employ salespeople, marketers, software engineers, finance professionals, recruiters, product leaders, customer success professionals, security researchers, and many others.
At the same time, banks, hospitals, retailers, manufacturers, government agencies, and organizations across every industry continue to need cybersecurity capabilities.
Cybersecurity work is also no longer performed exclusively by full-time employees. Today's workforce ecosystem includes:
- Full-time employees.
- Contractors.
- Consultants.
- MSPs.
- Outsourced providers.
- And increasingly, AI agents.
So when we talk about whether there is enough cybersecurity talent, or whether cybersecurity jobs are disappearing, we need to be much more precise about what we mean.
Because the work may not be disappearing at all. It may simply be moving.
The Question Nobody Asks After a Layoff
This is the part of the conversation that concerns me most.
When a company announces that it is cutting 10%, 15%, or 20% of its workforce, everyone focuses on the number of people leaving. I want to know something different.
What Everyone Focuses On
- The headcount number
- The org chart
- Job titles
- Job descriptions
What Leaders Should Ask
- What work were those people doing?
- Did that work disappear, or was it automated?
- Did it move to an MSP, contractor, or AI agent?
- Was a product discontinued?
- Are fewer people now carrying the same workload?
Those are entirely different outcomes. And yet, in my experience, many organizations cannot clearly answer those questions.
They know headcount. They have an org chart. They have job titles. They have job descriptions. But that does not mean they have clear, current visibility into the work being performed across their entire workforce ecosystem, or the capabilities required to execute their strategy.
Headcount is not capability. And cutting headcount does not necessarily eliminate the work.
Efficiency and Risk Are Not the Same Thing
There is an understandable push right now for efficiency.
Every company should care about efficiency. Every leadership team should question duplication, unnecessary spending, outdated processes, and work that technology can perform better.
But there is a dangerous assumption that fewer people automatically means a more efficient organization. It does not.
A company can reduce headcount and become significantly more efficient. It can also reduce headcount and quietly create:
- Critical capability gaps.
- Key-person dependencies.
- Burnout and retention risk.
- Slower execution.
- Loss of institutional knowledge.
- Operational risk.
- And, in cybersecurity, additional security risk.
The number of employees eliminated tells us almost nothing about whether a restructuring was strategically successful. The real question is what happened to the work and the capability.
This Is Why I Believe Workforce Intelligence Has Become So Important
We are entering an era in which organizations will constantly make decisions about whether work should be performed by a person, a technology, an external provider, or an AI agent.
The workforce is no longer static. The technology is not static. The strategy is not static. The capabilities needed to compete are not static.
So why would we manage the workforce using static job descriptions and outdated org charts?
Leaders need to know:
- What work is actually being performed today?
- What capabilities do we actually have?
- Where are the gaps, and where are we overinvested?
- What work could be automated, and what should be outsourced?
- Where are we dependent on one individual?
- What capabilities walk out the door when someone leaves?
- Can the workforce we have today actually execute the strategy we have for tomorrow?
That is the conversation I believe every CEO, CIO, CISO, board, and investor should be having.
My View: The Layoffs Are Real. But They Are Not the Whole Story.
I do not believe cybersecurity is becoming less important. I believe the opposite.
But I do believe the cybersecurity industry is going through a fundamental restructuring. The days of endless point solutions are being challenged. The days of cheap capital are gone. AI is changing how quickly products can be created, how work gets done, and how companies compete.
Customers want consolidation. Investors want efficiency. Leaders want growth. And organizations are trying to make workforce decisions while the capabilities they need are changing faster than ever.
So when the next cybersecurity company announces layoffs, I would not just ask how many people lost their jobs. I would ask:
What work disappeared? What capabilities were lost? Who or what is doing that work now? And does leadership actually know?
Because that is the real story behind the layoffs. And I believe it is one of the biggest workforce questions of our time.
About CyberSN Workforce Intelligence
CyberSN's Workforce Intelligence Engagement gives cybersecurity and IT leaders a living view of the workforce ecosystem: where time is being spent, what capabilities exist, where dependencies and gaps are forming, how MSPs, contractors, and consultants are contributing, and what work should move to AI agents, across employees and every other resource doing the work.
The result is stronger strategy, more defensible workforce and budget decisions, reduced operational risk, and greater confidence that the workforce can actually execute the plan, even as the industry restructures around it.
See where the work actually goes, not just the headcount
CyberSN's Workforce Intelligence Engagement gives cybersecurity and IT leaders a living view of where time is spent, what capabilities exist, where dependencies are forming, and what work should move to an AI agent, an MSP, or a contractor, across every resource doing the work. So when the workforce changes, leadership can actually see what changed.
Request a Workforce Intelligence Briefing

