Applications are open for our Fall 2026 AI-Native Cohort →

  • Our Approach
  • Our Team
  • Our Values
  • Pursuit AI-Native Program
  • Pursuit Commit
  • Pursuit Good Job Agreement
  • Get Involved
  • Good Jobs Guarantee
  • Donate
  • Stories
  • Careers
  • Press
What's New
PartnershipInsights
04/08/2026
image
AI Literacy for the Social Sector: What We Learned from the Goldman Sachs Nonprofit Pilot
Read more →
Press ReleaseNewsPartnership
03/27/2026
Read more→
image
Pursuit Selected to Lead New York State’s AI Prep for Jobs Initiative
Read more →
InsightsAI-Native Program
01/26/2026
Read more→
image
Pursuit's AI Transformation: Products and Processes We Built in 2025
Read more →
See More

Pursuit is a 501(c)(3) non-profit and Public Benefit Corporation (PBC). © 2026 Pursuit. All rights reserved.

Launchfutureyou.

Start here:

☑ I agree to receive recurring automated marketing text messages at the phone number provided. Consent is not a condition to participate. Msg & data rates may apply. Msg frequency varies. Reply HELP for help and STOP to cancel.

Pursuit needs the contact information you provide to us to contact you about our programs. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Terms and Privacy Policy.

☑ I agree to receive recurring automated marketing text messages at the phone number provided. Consent is not a condition to participate. Msg & data rates may apply. Msg frequency varies. Reply HELP for help and STOP to cancel.

Pursuit needs the contact information you provide to us to contact you about our programs. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Terms and Privacy Policy.

image
image

What We Learned in a Room Full of CISOs: Security Careers in the Age of AI

05/29/26
Words by Devika Gopal Agge
Share:

Earlier this month, I had the privilege of presenting at CISO NextGen, an event co-hosted by Hitch Partners , Ballistic Ventures, and KPMG.

The room was full of sitting CISOs, security investors, executive recruiters, and practitioners who have spent decades shaping the cybersecurity field. I was there representing Pursuit — and, more importantly, the Builders we train and place.

So as I listened, I kept asking one question: what does this moment in cybersecurity mean for people trying to break into the field now?

The answer I heard was both urgent and hopeful.

Why This Moment Is Different

The conversation at BLOCK CISO NextGen kept returning to one reality: AI has changed the security landscape faster than most organizations have been able to respond, and the next 12 to 18 months are going to be turbulent.

A recent New York Times article captured part of this shift. Cybersecurity job postings in the first quarter of 2026 were up 11 percent from a year earlier, according to Glassdoor. Michael Piacente, managing partner at Hitch Partners and one of the organizers of BLOCK CISO NextGen, told the Times that demand for security executives has increased five to sevenfold since last fall. Some firms, he said, are turning away clients because there are simply not enough qualified candidates.

The reason is not mysterious. AI models are now capable of finding vulnerabilities in complex codebases at a speed and scale that was not possible before. Panelists described watching models identify critical zero-day flaws in some of the most scrutinized software in existence — in minutes.

At the same time, developers using AI to generate code are sometimes introducing new bugs and weaknesses in the process. The result, as LinkedIn’s CISO Lea Kissner put it in the Times, is something people in the industry are calling “the bug-pocalypse.” The volume of potential vulnerabilities is rising, the tools to find and exploit them are getting cheaper, and the organizations responsible for defending against all of it are scrambling to staff up.

For workforce organizations, this matters because the conversation cannot only be about risk. It also has to be about talent. If every company suddenly needs stronger security capacity, then we have to ask who gets prepared for those jobs — and who gets left out.

One panelist, a former offensive security specialist with experience in the Israeli military, made a point that stayed with me: attackers do not need every vulnerability to matter. They need one opening where the basics are missing.

Network segmentation. Strong authentication. Runtime security.

These are not glamorous, but they are decisive. AI may change the speed of the threat, but the fundamentals still matter.

The longer-term outlook is more hopeful. Multiple panelists, including a venture capitalist who spent five years at Google, described defenders as having structural advantages over attackers when it comes to AI. Defenders have context about their own environments. They can fine-tune models on their own data. They can adjust their systems in ways attackers cannot anticipate.

Some panelists projected that within a few years, software-level vulnerabilities in well-resourced environments could be dramatically reduced. The road there, though, is going to be rough.

What This Means for Security Careers

Here is what I think is most important for people building careers in security right now.

The field is growing at every level.The Times piece noted that demand is moving beyond executive roles to midlevel security engineers, who are asking for higher pay and more interesting work. This is not a moment that only benefits people with 20 years of experience. It benefits people who are genuinely building skills and can demonstrate them.

AI literacy is no longer optional.One of the sharpest points from the event came from the recruiting sessions. Candidates who gave surface-level answers about AI in interviews were being passed over — not because they lacked technical ability, but because they could not connect AI to the actual security concerns of the business.

Kissner described looking for engineers with the open-mindedness to navigate the ambiguity of the AI era. That is a skill, and it can be developed. Candidates who are experimenting with AI tools, understand how models can be used on both offense and defense, and can speak to that clearly are standing out right now.

The story you can tell matters as much as the credentials you hold.This was a theme across every session. Security leaders talked about the shift away from purely technical hiring toward candidates who can communicate risk to non-technical stakeholders, brief a board, and operate across business functions.

One recruiter described “talent bypass,” where technically strong candidates get promoted into senior roles without having developed the communication and judgment skills those roles require. That tends not to end well for anyone.

The candidates who are succeeding are the ones who can explain not just what they did, but why, what they were thinking, and what happened as a result.

Experience with hard moments is an asset, not a liability.This was one of the more striking things I heard. For a long time, having lived through a serious security incident was something practitioners were reluctant to talk about. The stigma has flipped.

Leaders who have been through a major breach, who can speak to how they managed the response, communicated to leadership, and rebuilt afterward, are now actively sought after. One journalist in the room noted that the CISOs she most admires are the ones who can tell the full story of a crisis, not just the clean version.

That experience is hard to simulate. And it is valuable.

The path into this field is wider than it looks.Several senior leaders in the room came into security from completely different starting points: retail management, military intelligence, finance, IT operations. What they had in common was not a traditional pathway. It was curiosity, the willingness to keep learning, and the ability to build trust with the people around them.

That is genuinely encouraging for anyone coming into this field through a nontraditional route.

For Pursuit Builders, this is the part I want to underline: your path does not have to look traditional to be valuable. Security needs people who can learn quickly, communicate clearly, stay calm under pressure, and understand how technology affects real organizations.

Those are not secondary skills. At this moment, they are central.

A Note on NotPetya

One reference that came up during the event was NotPetya, the 2017 cyberattack that caused billions of dollars in damage to companies around the world. It was initially disguised as ransomware, but its real purpose was not extortion. It was destruction.

Merck was among the hardest hit, losing access to critical systems across its operations. Bob Stasio, Merck’s CISO, described how that experience shaped his understanding of resilience: security is not only about preventing every attack. It is about limiting damage, communicating clearly, and knowing how to rebuild when something breaks.

NotPetya became a case study in why security cannot just be about keeping attackers out. It also has to be about what happens when they get in.

Why Rooms Like This Matter

I want to close with genuine thanks to Hitch Partners and Ballistic Ventures for making this event happen and for including Pursuit. A special thank you to David Hahn at Ballistic Ventures, whose support has meant a great deal to our team.

There is something meaningful about being in a room where the people who lead security at major organizations, and the people who fund the next generation of security companies, are having honest conversations with a workforce development organization like Pursuit.

That does not happen everywhere. It reflects a belief that the talent gap in this field is a shared problem and that closing it requires everyone’s participation.

Pursuit has placed cybersecurity professionals at organizations including Citizens and Blackstone, and we are continuing to build in this space. The people we train bring things to this field that are hard to teach: adaptability, resilience, and the ability to learn under pressure.

What they need from us, and from the broader industry, is access and preparation to show what they can do.

We are grateful for every door that gets opened. And we are even more committed to making sure that when those doors open, talent that has too often been underestimated is ready to walk through them.

Devika Gopal Agge presented at BLOCK CISO NextGen, hosted by Hitch Partners and Ballistic Ventures, in May 2026. Pursuit trains and places the next generation of technology professionals. To learn more about Pursuit’s cybersecurity program, contact devika@pursuit.org.

Newsletter
Thank you for subscribing!
Make this more personal. Share a bit about yourself to get content that’s relevant to you.

Join the Pursuit community. Subscribe to our newsletter and stay up to date with what's happening.

    • Our Approach
    • AI-Native Program
    • Pursuit Commit
    • Our Team
    • Stories
    • Good Jobs Guarantee
    • Donate
    • Jobs
    • Press
    • Twitter
    • Instagram
    • Facebook
    • Youtube
    • Privacy Policy
    • Terms
Pursuit is a 501(c)(3) non-profit and Public Benefit Corporation (PBC). © 2026 Pursuit. All rights reserved.

We use cookie to personalize and deliver content. By clicking "Accept" you agree to our Privacy Policies