2026 SANS Cybersecurity Workforce Study
Brian Correia (SANS) and Deidre Diamond (CyberSN) unpack what the data really means for cyber and IT leaders planning their 2026 workforce strategy.
Featuring insights from Deidre Diamond, Founder & CEO of CyberSN, in collaboration with SANS.
What the 2026 Data Is Actually Telling Us
This isn't a talent problem, even though it feels like one. It's a visibility and alignment problem across the workforce ecosystem.
Audit is driving the agenda
Audit and regulation — not strategy — are dictating cybersecurity budgets and priorities across most organizations.
Business change outpaces workforce planning
The rate of operational change is shaping cyber capabilities faster than leaders can plan, hire, or reorganize.
Capability coverage > headcount
For the first time, capability coverage gaps (52%) outpace headcount gaps (48%). Adding people alone will not close the gap.
Visibility is the real gap
Most leaders lack real-time insight into who is doing what across FTEs, contractors, MSPs, consultants, and interns.
People are doing 5–10% work across many different cyber functions — offense, defense, engineering, architecture, analysis, IR, GRC, privacy — simultaneously. That's where the capability gaps come from.
Deidre Diamond — Founder & CEO, CyberSN
The Work Is Changing Faster Than Leaders Are Preparing Their People
Only 17% of organizations offer AI training — yet the 2026 SANS Workforce Study shows SOCs are being reshaped in real time by agentic AI. Level 1 and Level 2 analyst work is diminishing, threat hunting is rising, and managed services are being rewritten.
Career path visibility has tripled as a retention concern in a single year. Strategy is executed through people — but you can't optimize what you can't see. That's why Workforce Intelligence has become the priority for 2026.
Book a Consultation
Talk to CyberSN about what the 2026 Workforce Study means for your team — and how Workforce Intelligence can close your capability coverage gaps.