Skip to main content

AI, Hybrid Work and the Cybersecurity Skills Gap

EnterpriseAICyberState & Local
January 20, 2026

AI and hybrid work have changed cybersecurity faster than most organizations have changed how they train their people. The result is a widening cybersecurity skills gap, not just open roles, but a deeper mismatch between today’s AI‑driven, cloud‑first, hybrid environments and the skills your workforce actually has.

For organizations and state and local government agencies, the question is no longer “Do we have a security team?” It’s “Do we have a future‑ready cyber workforce that can protect how we really operate, AI, SaaS, and hybrid work included?”

Closing that gap requires more than another tool purchase. It demands role-based cybersecurity training, a clear cybersecurity certification path, and continuous learning that reaches far beyond the SOC.

How AI and hybrid work expand the attack surface

Most organizations didn’t intentionally design a complex attack surface. It emerged over time from the push to move faster, adopt cloud services, and support flexible work.

In a large enterprise, that often translates into a hybrid workforce accessing hundreds of SaaS applications. Developers and analysts rely on generative AI to write code, summarize content, and analyze data. At the same time, business units frequently procure cloud tools independently, without consistently engaging with central IT or security.

In state and local government, the risks show up differently but are just as serious. Lean IT teams are stretched thin managing both aging legacy systems and modern cloud environments. Agencies are piloting AI for use cases such as public safety, triage, and case management. Meanwhile, field staff and contractors are connecting from diverse locations and devices that sit well beyond the traditional network perimeter.

Across both environments, there is clear attack surface expansion:

  • More places to defend: homes, field locations, partner sites, third‑party data centers.

  • More technology: AI models, APIs, SaaS platforms, cloud workloads, mobile apps.

  • More people making security‑relevant decisions: not just security analysts, but everyone who handles data or access.

  • More process gaps: controls built for office‑centric work applied to a fluid, hybrid reality.

Traditional approaches, like annual training for everyone and deep technical training for a few specialists, were not designed for this world. They leave both hybrid work security and AI‑related risk under‑addressed.

The skills gap is a mismatch, not just a shortage

When leaders talk about the cybersecurity skills gap, the conversation often stops at unfilled jobs. That matters, but it hides an equally serious problem: skills misalignment inside the staff you already have.

A common pattern: a small, highly trained security team is overloaded, constantly triaging alerts and incidents. While a much larger group, such as IT staff, developers, managers, and front‑line employees, makes daily decisions that affect security with limited or outdated training.

You see symptoms like:

  • System administrators who can deploy cloud resources but lack strong cloud security skills.

  • Developers who use AI‑assisted code generation without a plan to check for AI‑introduced vulnerabilities.

  • Business and agency managers who approve risky exceptions because they don’t see the security implications.

  • Staff who assume the SOC will “catch everything,” even though they are the first line of defense against phishing or social engineering.

This isn’t a failure of individuals. It’s a gap in how organizations design cybersecurity workforce development. Many still:

  • Treat cybersecurity as a narrow IT function rather than an organization‑wide competency.

  • Rely on generic awareness training for non‑technical staff.

  • Keep job descriptions static even as AI, cloud, and hybrid work reshape the work itself.

In effect, AI and hybrid work haven’t just increased risk. They’ve invalidated the old mental model of who belongs in the cyber workforce.

How AI changes cybersecurity skills for every role

AI now sits on both sides of the security equation: attackers use it, and so do defenders. That dual role changes what you need to expect from your workforce.

On the threat side, AI can generate highly convincing phishing and social engineering messages, automate reconnaissance and vulnerability discovery at scale, and help attackers better mimic normal user and system behavior.

On the defense side, AI‑enabled tools can triage alerts and surface high‑risk anomalies for SOC teams, analyze log and telemetry volumes far beyond human capacity, and assist with report writing, documentation, and secure code review.

This means your people need new capabilities, not just new tools.

That’s where AI cybersecurity training fits in. Rather than a standalone add‑on, it should be woven into your broader cybersecurity certification path—building on foundational certifications like Security+, advancing through CySA+, and extending into AI‑focused credentials such as SecAI+ where appropriate.

Hybrid work security: You can’t policy your way out

Hybrid work didn’t just move people out of the office. It changed their expectations about how and where they work, and how much friction they will tolerate.

In organizations, you see:

  • Leaders who expect to access sensitive systems from home and on the road.

  • Teams that depend on collaboration platforms and cloud file sharing as their default workspace.

  • Occasional use of personal devices for “just this meeting” or “just this document”.

If controls make everyday work painful, people will work around them. A hybrid work security strategy that leans only on restrictive policy is likely to fail quietly as staff find more convenient paths.

A more sustainable approach treats hybrid work as standard and builds it into role-based cybersecurity training:

  • Non‑technical staff get simple, practical guidance on securing home environments, handling accounts and data in SaaS tools, and recognizing phishing.

  • IT and security teams build stronger skills in identity and access management, endpoint protection, zero trust security patterns, and secure configuration for remote access.

  • Managers learn how to reinforce secure behavior—backing practices like MFA and least privilege rather than rewarding risky shortcuts.

In short, if your people live in a hybrid world, your training and expectations must live there too.

From one-size-fits-all to role-based cybersecurity training

Most organizations still rely heavily on two blunt tools: annual awareness training aimed at everyone, and deep technical training for a small specialist group.

In an AI‑enabled, hybrid environment, that misses how risk actually travels through your organization. A more effective approach is role-based cybersecurity training mapped to a defined cybersecurity certification path.

A simple way to think about roles:

  • All employees and contractors: Need practical awareness and hybrid work security basics.

  • IT generalists and system administrators: Need stronger foundations in security concepts, cloud security, identity, patching, and incident reporting. This is where Security+ for enterprise teams often fits as a common baseline.

  • Cybersecurity specialists: Need advanced skills in threat detection, SOC workflows, incident response, and threat hunting, areas aligned with CompTIA CySA+ and similar certifications.

  • Leaders and managers: Need enough cyber and AI literacy to interpret risk, sponsor programs, and make credible trade‑offs.

Using cybersecurity certifications as anchors turns this from an abstract concept into something operational. Security+ defines an agreed‑upon foundation. CySA+ signals readiness for analyst work. AI‑focused training marks staff who are prepared to work directly with AI‑driven cyber threats and AI‑enabled tools.

You’re not chasing badges for their own sake. You’re using them as markers in a deliberate development journey.

You can start with one department, business unit, or agency and expand from there. The important shift is treating cybersecurity workforce development as a core program, not an occasional activity.

How often should cyber skills be updated?

In a slower‑moving world, organizations could get away with updating cybersecurity training every few years. With AI, cloud, and hybrid work, that’s risky.

There’s no single standard, according to techclass, but three practical cues signal it’s time to refresh:

  • Technology change: New cloud platform, identity system, AI solution, SOC tooling, or major SaaS consolidation.

  • Threat change: Noticeable shifts in ransomware and phishing tactics, more sophisticated social engineering, AI‑enabled attacks or new regulatory expectations.

  • Role change: When responsibility for technology shifts to business teams, when agencies consolidate services, or when hybrid work patterns become permanent rather than provisional.

As a planning assumption, many organizations treat core cyber training as an annual minimum, layering more frequent updates for rapidly evolving areas like AI and cloud. Certification updates are also useful markers: when a major cybersecurity certification path is revised, it’s a sign that the underlying skills landscape has shifted.

Why vendor-neutral certifications are a strategic lever

With so many products and platforms in play, vendor training will always have a role. But when you operate across multiple clouds and dozens of SaaS tools, vendor‑neutral certifications give you something vendor courses can’t: a shared foundation.

For organizations, they:

  • Standardize baseline expectations across geographies and business units.

  • Make it easier to plan, budget, and report on skills at scale.

For state and local governments, they:

  • Provide portable credentials for staff moving between agencies.

  • Support consistent practices across partner organizations.

CompTIA’s portfolio of cybersecurity certifications, including Security+ and CySA+, is one example of how to structure that foundation. The specifics are less important than the strategy: pick a small set of well‑recognized, vendor‑neutral certifications and use them to shape hiring profiles, career paths, and training plans.

Building a future-ready cyber workforce

AI and hybrid work are not side projects. They are now the backdrop for how your organization operates. The cybersecurity skills gap you face is not just a matter of unfilled positions; it’s a question of whether the people you already have are equipped for this new context.

Addressing that gap credibly means:

  • Accepting that your attack surface has fundamentally changed.

  • Recognizing that your cyber workforce includes far more roles than your security team.

  • Designing role-based cybersecurity training anchored by a clear cybersecurity certification path.

  • Using vendor‑neutral cybersecurity certifications such as CompTIA Security+ and CompTIA CySA+ as structural supports for continuous development.

Threats will continue to evolve. The organizations that thrive will be those that treat cybersecurity workforce development as a long‑term strategic investment, not a short‑term reaction.

If you’re ready to move from ad‑hoc training to a structured, role‑based approach, explore how CompTIA’s cybersecurity certifications and training can support your organization or government agency. Use Security+, CySA+, and the broader CompTIA pathway as building blocks for a future‑ready cyber workforce that can keep pace with AI, hybrid work, and whatever comes next.