A Project Envisioned by Bellini Capital Developed and Led by Cyber Florida University of
Modernizing the U.S. Cyber Talent Pipeline for the AI Era
A Multi‑Sector Workforce Study and Regional Alignment Plan for Tampa Bay March 2026
About the CyberBay Workforce Development Working Group
The CyberBay Workforce Development Working Group is a multi sector collaborative convened to examine entry level cybersecurity workforce readiness and identify structural strategies to strengthen role aligned preparation across Florida. The group brings together employers, workforce development leaders, academ ic partners, students, and representatives from the private and public sectors to provide practical insight, validate emerging themes, and inform implementation recommendations.
Working Group Lead Dr. Michelle Angelo‑Rocha
Cyber Research Analyst, Cyber Florida Convener, Lead Qualitative Researcher, and Principal Report Editor
Contribution & Acknowledgment
Working Group members participated voluntarily, contributing their time, professional expertise, candid discussion, and review of synthesized findings across multiple structured sessions and follow-up exchanges. Their insights directly informed the eight findings and the Phase Two pilot recommendation roadmap presented in this report.
Participation does not imply endorsement of every individual recommendation. Rather, the findings reflect validated themes that emerged through structured discussion and were strengthened through iterative refinement, participant review, and consensus input to ensure accuracy in representing employer realities and regional workforce dynamics.
We gratefully acknowledge the members of the CyberBay Workforce Development Working Group, listed alphabetically by last name. Affiliations are included for identification purposes only. While individual perspectives may vary, the themes presented in this report reflect patterns that consistently surfaced across sessions. This work would not have been possible without the sustained commitment, expertise, and professional integrity each member brought to the process.
CyberBay Workforce Development Working Group
Listed alphabetically by last name. Affiliations for identification purposes only.
April M. Augustine
Idaho National Laboratory
Director, National Security Workforce Development Programs
Rich Beynon
CareerSource Tampa Bay Vice President of Technology
Dr. Addye Buckley Burnell
University of South Florida Associate Vice President & Executive Director, Center for Career & Professional Development
Dr. Sriram Chellappan
University of South Florida
Professor, Bellini College of Artificial Intelligence, Cybersecurity, and Computing
Dr. Alex A.
Djahankhah Maj. USMCR
Florida SouthWestern State College Professor
Sanae Elmachhour
University of South Florida Undergraduate, Cybersecurity USF CyberHerd & Cyber Florida SOCAP Member
Alex Espinosa
U.S. Department of Defense Network Operations Manager
Drew Fearson
TENEX.ai President of Talent
Eric Foster
TENEX.ai Chief Executive Officer
Adam Hall
ReliaQuest Cybersecurity Lead
Jessica Cassidy
TENEX.ai
Head of Talent, Cyber Workforce Specialist
Dr. Huzefa Kagdi
Florida Gulf Coast University Dean of Engineering
Dr. Natalie Foster Johnson
CyberMINDS Research Institute Executive Director
Information Security
Administrator, Major U.S. Airport Operator
Matt Schwope
Senior Federal Resource Manager & Intelligence Community Cybersecurity Recruiter & Mentor
Dr. Sasha Vanterpool skillrex
Senior Cyber Workforce Consultant
Camille Watson
Saint Leo University
Graduate Student, MSc Cybersecurity
Dr. James Welsh
University of South Florida Director
USF Youth Experiences / Florida Center for Instructional Technology
Executive Summary
Florida’s entry‑level cybersecurity market is full of opportunity, but persistent misalignment among universities, colleges, and non‑credit training providers (including bootcamps), employers, and workforce systems keeps qualified candidates from real entry-level roles. The challenge is not a lack of applicants, but a gap between preparation and the ability to verify applied skills. Job postings often inflate opportunity by combining junior and senior requirements, while traditional credentials like certifications and coursework no longer set candidates apart. Employers now prioritize demonstrated operational capability, but students have limited access to the hands‑on experiences needed to build strong portfolios. As a result, candidates struggle to prove readiness, and employers struggle to hire aligned talent.
Key Findings
• Distorted Entry Level Signals: Employers report that entry level cybersecurity labor market signals are unreliable and misleading.
• Generalist Graduates, Specialist Jobs: Most educational programs produce generalists, but employers overwhelmingly seek specialists.
• Certification Saturation: Certifications and bootcamps no longer set candidates apart in the cyber security hiring process.
• Insufficient Experiential Learning: Opportunities for hands on experience — internships, capstones, apprenticeships, and SOC style labs — are limited and inadequate.
• Weak Operational Preparation: Graduates often lack exposure to real-world cyber workflows, realistic simulations, critical thinking challenges, and high pressure decision making environments.
• Misaligned Education and Hiring: Curriculum design and employer needs remain out of sync, hindering effective talent development and placement.
• Structural Barriers to Hands‑On Learning: Policies around credit hours, funding, and limited internship capacity on campuses restrict students’ access to applied experiences.
• Persistent Professional Readiness Gaps: Soft skills such as communication, critical thinking, mentor ship, networking, adaptability, and workplace confidence remain underdeveloped among graduates.
• AI Disruption: Artificial intelligence is rapidly reshaping entry-level roles, raising employer expectations for analytical and soft skills in early career professionals.
• Late Pipeline Start: The cybersecurity talent pipeline begins too late; exposure must start in middle and high school, not just at the college level.
To strengthen Florida’s cybersecurity pipeline and economic resilience, universities must deliver real world learning while employers partner in curriculum design and experiential training, bridging critical gaps between education, industry, and policy.
Phase Two: Regional Workforce Alignment Action Plan
The CyberBay Working Group proposes a multi level strategy: In the short‑term, programs embed applied skills and employer input into curricula. In the medium‑term, institutions expand experiential learning through industry partnerships, tailored mentorship, and micro internships. In the long‑term, state policy coordinates credit frameworks, funding, work authorization, and K–12 cybersecurity pathways. This road
map connects education with workforce needs and builds scalable, evidence based solutions for Flori da. Effective collaboration among education, industry, and policymakers is essential to secure Florida’s position as a leader in cybersecurity talent and economic resilience.
Introduction
The CyberBay Workforce Development Working Group was convened as part of the broader CyberBay initiative to translate data driven insight into actionable strategy. Commissioned by Bellini Capital, Cyber Florida, and institutional partners, the Working Group serves as an operational bridge between regional research insights and practical implementation.
Building on findings from the CyberBay 2025 Survey, the Workforce Development Group examined persistent challenges across Florida’s cybersecurity talent pipeline. While national discourse emphasizes widespread workforce shortages, stakeholders across the state continue to report friction in entry level hiring, internship access, curriculum alignment, and employer engagement.
In keeping with CyberBay’s mandate to move from thought leadership to practical solutions, this report synthesizes the Working Group’s findings and outlines recommendations to strengthen coordination across education, industry, and public policy. The focus extends beyond diagnosing workforce gaps to identifying scalable strategies that strengthen operational readiness and long term regional competitiveness.
This report represents the Workforce Development Group’s core deliverable leading into the March 2026 CyberBay Summit and is intended to inform institutional leaders, employers, policymakers, and com munity partners advancing Florida’s cybersecurity ecosystem. To guide this analysis and ensure struc tured cross sector synthesis, the Working Group focused on the following research questions:
1. What explains the persistent disconnect between perceived entry level opportunity and actual hiring experiences in Florida?
2. How effectively do current educational, training, and experiential pathways prepare students and early-career professionals for the operational, communication, and workflow demands of cybersecurity roles shaped by automation and AI?
3. What structural and policy factors limit alignment between education, employers, and workforce needs, and what pilot models could strengthen this alignment statewide?
Background & Context
Over the past decade, national cybersecurity workforce discourse has been shaped by large aggregate estimates of unfilled positions and projected talent shortages. Public reports frequently cite hundreds of thousands of open roles across the United States, reinforcing perceptions of widespread opportunity (Hogan et al., 2024; Lightcast, 2024). These figures have influenced institutional planning, funding decisions, and program expansion, contributing to rapid growth in degree offerings, certifications, and short term training pathways.
At the same time, cybersecurity has evolved into a highly specialized and operationally complex profession. Organizations do not hire “cybersecurity” in the abstract (NIST, 2020). They hire for defined functions within specific technical, regulatory, and sectoral environments, including defensive operations, governance and
risk management, vulnerability lifecycle oversight, cloud security, identity management, and compliance. Much of what is described as a generalized labor shortage reflects misalignment between role definition, educational preparation, and operational readiness (ISACA, 2025).
Florida’s economic landscape further intensifies this complexity. Cybersecurity demand spans healthcare systems, financial services, aerospace and defense, energy, advanced manufacturing, public administration, education systems, tourism infrastructure, and community based services. Each sector operates within distinct regulatory frameworks, threat environments, and legacy systems. Workforce readiness in Florida therefore cannot be reduced to graduate volume alone; it requires alignment between educational design and the sector-specific contexts in which professionals operate.
Artificial intelligence is reshaping both cybersecurity practice and workforce preparation (Abugharbia, 2025). Machine learning has long supported intrusion detection, anomaly monitoring, and automated threat analysis. The rapid expansion of generative AI tools has accelerated integration across industries and in creased accessibility of AI-enabled security technologies (Mohamed, 2025; Anand, 2026; World Economic Forum, 2025; CompTIA, 2025). This shift influences how roles are structured, how candidates present qualifications, and how operational competence is evaluated. Two related workforce dynamics are emerging.
• First, AI tools are altering how candidates prepare resumes, complete assignments, and produce technical work. Employers increasingly report difficulty distinguishing surface-level fluency from demonstrat ed operational capability when materials may be AI assisted.
• Second, automation is absorbing many routine tasks that previously defined entry-level cybersecurity work, including first-pass log review, baseline anomaly detection, and basic triage. As AI-enabled systems assume these functions, traditional entry level roles are narrowing. Rather than serving primarily as training grounds, these positions increasingly emphasize oversight of AI generated outputs, validation of automated actions, governance documentation, and cross functional communication.
Early-career professionals are therefore expected to enter the field with stronger critical thinking, systems awareness, and contextual judgment than in prior workforce cycles.
These intersecting trends suggest that the current workforce challenge is not purely numerical. Despite the expansion of degree, certificate, and non-credit training pathways, employers across Florida report difficulty identifying candidates prepared to function effectively in real operational environments.
This tension reflects a structural coordination gap across labor market signaling, curriculum design, ex periential access, employer engagement, and policy constraints.
The CyberBay Workforce Development Working Group was convened within this context. Rather than contesting national vacancy estimates, the group examined how hiring practices, educational structures, technological change, and institutional policies interact within Florida’s cybersecurity ecosystem.
The objective is to interpret how national data translate into lived hiring realities across the state and to identify structural strategies that strengthen alignment moving forward.
Methods
Purpose and Design
This report is based on a structured, multi stakeholder workforce analysis conducted through the CyberBay Workforce Development Working Group. The objective was to examine persistent frictions in Florida’s entry level cybersecurity talent pipelines and identify practical, system level alignment strategies. The design prioritized operational insight, cross sector representation, and actionable recommendations.
Participant Recruitment
Following a public call for participation after the 2025 CyberBay convening, 29 individuals submitted interest forms. From this group, 17 participants were selected to ensure balanced representation across Florida’s cybersecurity ecosystem. To strengthen employer voice and real world hiring insight, additional outreach targeted industry partners, HR leaders, and recruiters whose work centers on screening, hiring, and onboarding cybersecurity professionals. This outreach expanded participation beyond initial sign ups and ensured substantive employer representation. Snowball recruitment was also used, with participants recommending additional stakeholders to strengthen the analysis.
Working Group participants included:
• Employers and industry representatives across multiple sectors
• Government and public sector participants
• Higher education faculty and administrators
• K 12 representatives
• Undergraduate and graduate students
• Nonprofit and community partners
• Recruiters and HR professionals
Selection emphasized role diversity, employer engagement, and inclusion of student experience across degree levels to assess alignment between preparation and hiring practice.
Working Group Structure
The Working Group convened monthly between December 2025 and March 2026 in structured 60- to 90-minute focus group sessions. Three primary meetings were conducted, followed by two sessions dedicated to synthesizing findings and preparing the final CyberBay report and presentation. Each meeting was guided by framing questions developed by the research lead to ensure coherence and depth.
Initial sessions focused on defining core workforce challenges, including hiring signal distortion, certifica tion proliferation, and barriers to entry level access. Subsequent discussions examined curriculum depth, experiential capacity, internship and apprenticeship models, institutional and policy constraints, and the impact of artificial intelligence on hiring practices and early-career expectations. Final sessions centered on theme validation and recommendation development, including design of the proposed Phase Two Regional Alignment Plan.
Data Collection
All sessions were conducted as facilitated focus groups. With participant consent, sessions were recorded and transcribed verbatim. Supplementary inputs included open ended survey responses and interviewer notes captured by the research lead. Individual in depth interviews were conducted with participants who volunteered to provide additional insight. Artifacts produced during and between sessions, including agenda prompts, synthesis summaries, cybersecurity employment and internship data at the national, state, and local levels, and feedback on draft findings, were collected to support triangulation.
Data Analysis
Transcripts, survey responses, and interview notes were reviewed using an iterative, qualitative thematic approach. The analysis proceeded in four steps:
1. Initial open coding to surface recurring ideas and issues across stakeholder groups.
2. Focused coding to consolidate codes into themes and subthemes aligned to the research questions.
3. Cross stakeholder comparison to identify convergences and divergences in perspective.
4. Member validation through circulation of synthesized themes for clarification and prioritization.
This process was designed to ensure that findings reflect collective interpretation rather than individual perspective and to surface structural coordination gaps affecting entry and mid level readiness.
Editorial Transparency Statement
AI assisted tools were used for editorial and visual support only, including language clarity, formatting consistency, and organization of section flow. All qualitative analysis and findings are based on Working Group conversations, transcripts, surveys, interview notes, and participant feedback. All final wording, interpretations, and recommendations were written, reviewed, and approved by the working group team.
Limitations
Although the Working Group included broad representation, expanded employer participation would strengthen future phases. Inclusion of additional private and public sector organizations across industries and company sizes would deepen insight into hiring realities statewide. Participation from HR leaders, recruiters, and resume screening professionals is particularly valuable given their influence over job descriptions and hiring signals.
The insights presented here reflect the perspectives and experiences of the participating informants. While these perspectives provide valuable insight into current workforce dynamics, they are not intended to represent every employer, institution, or professional in the cybersecurity ecosystem. Instead, the findings synthesize the experiences of participants to highlight patterns and issues that merit further attention.
This initiative represents a starting point rather than a conclusion. Continued expansion to include additional universities, employers, government agencies, and workforce intermediaries will strengthen shared understanding and support coordinated statewide alignment. The Working Group is intended to function as an ongoing collaborative platform for diagnosing workforce challenges and refining practical solutions over time.
Findings
Finding 1
When
Big Numbers Mislead: The Reality Behind Cyber Job Postings
The Working Group’s first consistent concern was the dominant labor market narrative that hundreds of thousands of cybersecurity roles remain unfilled nationwide. Participants described that claim as misaligned with lived hiring realities. As one participant stated:
“It has never been real. That whole thing has never been real… there have never been millions and millions of unfilled cyber jobs.”
Participants were not dismissing real demand. One employer explained:
“We have over 100 open positions right now. The issue is not that companies are not hiring. The challenge is finding candidates who truly match the operational requirements... It is ludicrous how many people will apply for positions, especially being wildly unqualified for them.”
The disconnect, participants argued, is that large posting volumes do not translate into accessible entry level opportunity. National estimates often rely on aggregated posting data that mix senior and junior roles, combine specialized and general positions, and leave listings online for extended periods. These counts rarely distinguish true early career roles from positions requiring substantial operational experience, which inflates perceived opportunity for new professionals.
Participants also emphasized that “entry level” is frequently a label rather than a description of readiness. Employers often expect prior SOC experience, familiarity with enterprise tools, troubleshooting fundamentals, several years of hands on operational work, and strong professional soft skills. In these cases, “entry-level” reflects internal HR classification rather than early-career accessibility. A related issue was the prevalence of “ghost jobs.” As one participant explained:
“Most of those jobs are ghost jobs. The reason many remain open is the lack of experience in the specific technologies a company may be employing.”
Participants noted that postings may remain public despite being paused, internally filled, or maintained primarily to build a candidate pipeline. Prior analyses similarly document how aggregated posting data can inflate vacancy estimates through repeated postings, mixed seniority roles, and long-lasting listings that do not reflect true entry-level opportunity (CyberSN, 2025; Lightcast, 2024; CSET, 2024).
At the same time, employers described being inundated with applications. As one hiring leader noted:
“You post a position and you get 10,000 resumes, and it becomes a problem of getting through them.”
Participants reported that AI-polished resumes have further flattened signals, with applications sharing similar phrasing, structure, and keyword patterns. In response, employers increasingly prioritize portfolio evidence and documented practice, including volunteer or community based cybersecurity work, home labs, and other observable outputs that demonstrate capability beyond certification, badges, and bootcamps.
In sum, the challenge is not applicant volume, but demonstrated job ready capability. Aggregated posting statistics are an insufficient indicator of accessible opportunities for early cybersecurity professionals. The relevant question is not how many cybersecurity jobs are posted, but what capabilities they require and whether education and training pathways equip learners to meet real employer expectations.
Finding 2 From Generalists to Specialists: Aligning Cybersecurity Preparation with Real Roles
Across the Working Group, participants identified curricular misalignment as the central workforce challenge: programs produce broadly credentialed graduates, while employers hire for clearly defined operational roles. Although degree programs, certifications, and short term training pathways have expanded rapidly, this growth has not consistently translated into operational readiness. Employers described a large pool of applicants whose preparation remains highly theoretical, with limited hands on exposure and underdeveloped competencies in communication, problem solving, teamwork, and critical thinking.
Bootcamps were described as a particular contributor to this imbalance. Several employers explained that they are “flooded with applicants from short cyber bootcamps” who often lack the technical background, aptitude, or sustained practice required for security operations. Many individuals enter these programs because “they heard cybersecurity pays well,” rather than from demonstrated interest or applied experience, contributing to a growing applicant pool whose preparation does not align with role-specific expectations. Employers repeatedly stressed that organizations do not hire “cybersecurity” in the abstract; they hire specific functions within defined technical and sectoral environments. Hiring managers are generally willing to train internal tools and workflows if candidates demonstrate core capabilities such as networking fundamentals, Linux fluency, a troubleshooting mindset, and evidence of applied practice. However, finding candidates who match specialized requirements, such as experience with a specific Security Information and Event Management (SIEM) or identity platform, remains difficult. This dynamic reinforces the perception of a “skills gap,” even when applicant volume is high.
A recurring theme was the absence of professional identity among early career applicants. Many students identify simply as “cybersecurity professionals,” without articulating a functional direction such as GRC, SOC analysis, vulnerability management, network defense, or digital forensics. As one participant noted:
“We’re creating generalists as opposed to cybersecurity professionals with a specific discipline.”
This lack of specialization weakens candidates’ positioning in hiring conversations and reinforces employer concerns about role misalignment. Prior research supports this pattern. Bertone et al. (2025) similarly find that cybersecurity graduates often enter the workforce as broad generalists with limited hands-on experience, while employers increasingly expect role-specific, operational skills aligned with real tools, workflows, and enterprise environments.
Employers also highlighted persistent gaps in foundational infrastructure knowledge. Core competencies such as TCP/IP, network flows, identity systems, and operating system fundamentals are prerequisites for specialization, yet are often underdeveloped. As one employer explained:
“They don’t understand TCP/IP. If you don’t know that, nothing else in network security is going to make sense.”
Participants also noted that students often lack the competitive mindset required in cybersecurity careers. While many complete classroom labs and controlled exercises, they are not consistently immersed in sustained adversarial simulation environments that mirror real world cyber operations. Cybersecurity work requires strategic thinking, rapid decision making under pressure, teamwork, and the ability
to communicate and respond dynamically to evolving threats. Without repeated exposure to rigorous, high intensity simulation settings, graduates may possess technical knowledge but lack performance readiness in live operational contexts.
Participants also discussed the stigma around beginning careers in Help Desk or technical support roles. Many entry level professionals seek to move directly into cybersecurity positions despite lacking foundational experience, which employers, HRs, and recruiters describe as unrealistic. Employers emphasized that Help Desk and technical support roles provide critical exposure to enterprise systems, troubleshooting practices, and operational pressure. Candidates who bypass this foundation often struggle when transitioning into dedicated cybersecurity roles. As one hiring leader explained:
Participants also discussed the stigma around beginning careers in Help Desk or technical support roles. Many entry level professionals seek to move directly into cybersecurity positions despite lacking foundational experience, which employers, HRs, and recruiters describe as unrealistic.
“If you have that troubleshooting mindset, I can ramp you up quickly. If you don’t, it’s going to be a very slow ramp.”
This dynamic reinforces what the group described as the experience paradox: entry level roles require practical experience, yet students often reach graduation without structured progression from foundational skills to applied cybersecurity practice.
Participants emphasized that students should first master networking, operating systems, and trouble shooting, and then progress into applied cybersecurity roles through sustained hands on labs, adversarial simulations, gamified environments, and structured practice in communication, teamwork, and critical thinking.
Based on participant discussions, employers experiences, and insights gathered during Working Group sessions, the following foundational competencies emerged as the primary indicators of role‑readiness for entry‑level cybersecurity talent. Table 1 synthesizes these expectations by outlining the baseline operational abilities, problem‑solving skills, and technical literacies that employers consistently described as essential. Together, these competencies clarify the readiness standards recruiters now use to distinguish genuinely prepared candidates from those demonstrating only surface-level fluency, and they identify the specific knowledge areas that should be systematically embedded within cybersecurity degree programs to better align graduates with real organizational needs.
Table 1. Foundational Competencies for Role‑Ready Cybersecurity Entry Level Talent
Competency
Networking Fundamentals
Systems & Linux Fluency plus Windows/AD familiarity
Troubleshooting & Analytical Mindset
Vulnerability Management Literacy
Enterprise Workflow Familiarity
Technical Documentation & Reporting
Operational Description
TCP/IP, traffic flows, host-network interac tions
Why It Matters in Hiring
Enables analysts to interpret alerts, identify lateral movement, and understand how attacks traverse systems.
Tool Awareness
Functional Role Clarity
Scripting & Automation Fluency
Cloud Security Fundamentals
Confident navigation of command line inter faces, processes, filesystems, log locations, and system configurations in both Linux and Windows/Active Directory environments.
Ability to perform root‑cause analysis, test hypotheses, isolate variables, and reason through complex problems.
Understanding CVEs, patching cycles, re mediation workflows, asset inventories, and risk‑based prioritization.
Experience with alert triage, ticketing systems, escalation paths, documentation expectations, and reporting structures.
Ability to produce incident notes, investi gation summaries, executive‑level ex planations, and stakeholder‑appropriate communication.
Exposure SIEM, EDR, identity platforms, cloud consoles, log aggregators, and com mon enterprise security tools.
Ability to articulate intended specializa tion (SOC analyst, GRC, network defense, IAM, cloud security) and understand core responsibilities.
Competence with Python, automation frameworks, and AI‑assisted tooling to accelerate workflows, query data, and build repeatable processes.
Familiarity with AWS/Azure identity models, logging, monitoring, least‑privilege princi ples, and cloud native detection.
Reduces onboarding time, aligns with real enterprise environments, and signals opera tional maturity.
Predicts autonomy in SOC and engineering roles and accelerates early‑career perfor mance.
Essential for defender roles and key to maintaining organizational resilience.
Demonstrates readiness for real SOC/GRC environments and reduces the training burden on employers.
Signals communication strength, a top hiring criterion, and supports auditability and knowledge transfer.
Shows practical familiarity with the envi ronments where analysts work and shortens the learning curve.
Improves hiring alignment and reassures employers that candidates understand the role they’re pursuing.
Supports modern SOC operations where automation replaces repetitive tasks and elevates analyst responsibilities.
Prepares candidates for cloud‑native secu rity operations, now standard across most organizations.
Some of these competencies align with recent national employer surveys from ISACA (2025), CompTIA (2025), and SANS (Crowley, 2025), which highlight operational readiness, hands-on experience, communication, problem solving, and critical thinking as primary indicators of early career success.
Rethinking Cybersecurity Curriculum
Participants agreed that cybersecurity programs must transition from broad exposure to clearly defined, role aligned pathways. Many described current curricula as high level and fragmented, giving students “a little piece of cyber” without sufficient depth to perform confidently in any functional area. One specialist explained: “Cybersecurity has so many pieces… I’m a doctor. Are you a foot doctor? Are you a heart doctor?”
Students echoed this concern. Several reported that programs remain heavily oriented toward offensive content, even though most entry level hiring occurs in defensive operations. As one student noted: “The program is like 75% red team, 25% blue team.” Participants identified several priority areas for reform.
Core technical fluency must be modernized. Curricula should integrate scripting, automation, Python, cloud security, and AI assisted SOC operations as required competencies taught through applied labs, simulations, gamification, and practical outputs that reflect enterprise environments. As organizations adopt large language models (LLMs), students must learn not only how to use AI effectively, but how to use it safely, including validation, governance, and data leakage risk management.
Enterprise alignment remains a major gap. Students reported significant Linux coursework but limited required instruction in Windows and Active Directory, despite widespread enterprise reliance on these systems. Employers confirmed that this mismatch slows onboarding and weakens early-career readiness.
Curriculum modernization must be continuous. Participants noted that some institutions still teach outdated technologies, reinforcing the need for regular reviews aligned to the market and employer tool stacks. Enterprise security increasingly requires familiarity with SIEM, EDR, identity platforms, cloud environments, and automation tools.
Capstones are essential. Removing capstones eliminated structured opportunities for students to work on real world problems, collaborate with external partners, and produce portfolio quality outputs. Students described the capstone as “the only opportunity you get to talk to a company,” highlining its role as a bridge to practice.
Faculty industry engagement requires attention. Participants recommended practitioner co teaching, SOC shadowing, ongoing rotations, and structured industry engagement to maintain curricular relevance.
Communication skills must be embedded across technical coursework. Employers consistently reported that while students can complete technical tasks, many struggle to explain their reasoning, articulate business implications, translate complex concepts for non-technical stakeholders, and present findings with clarity. Asynchronous, writing heavy communication courses often fail to build real time articulation skills, directly affecting hiring outcomes and early career success.
Sector-specific preparation is limited. Domains such as healthcare, industrial control systems, pharmaceu tical cybersecurity, manufacturing, finance, public-sector systems, and critical infrastructure represent strong regional demand yet remain underrepresented in academic pathways. Participants stressed the need for interdisciplinary options that combine cybersecurity with domain knowledge. They recommended
that cybersecurity programs partner not only with engineering and technology units, but also with departments such as social sciences, communications, public policy, humanities, anthropology, psychology, education, and healthcare to strengthen contextual understanding and role specific preparation, particularly as cybersecurity increasingly shapes governance, public trust, institutional resilience, and sector-specific risk management. Few professionals are formally trained at these intersections. Hands on experience must be built into degree structures. While internships and external placements remain important, programs should integrate structured applied practice throughout the curriculum to ensure students graduate with demonstrable capability tied to defined roles.
In sum, cybersecurity education must move from broad exposure to role aligned specialization. Graduates need infrastructure fluency, applied technical depth, clear professional identity, and communica tion strength. Without defined pathways tied to real operational functions, credential attainment will continue to outpace hiring alignment. This misalignment also weakens the signaling value of credentials, a dynamic examined in the next finding.
Finding 3
The Saturation and Devaluation of Cybersecurity Certifications
Participants identified a third structural pattern affecting entry-level hiring: as certifications, bootcamps, and micro credentials proliferate, their signaling power has weakened. What a credential represents on paper increasingly diverges from what employers can verify in practice. Across the Working Group, employer representatives consistently emphasized that certifications alone no longer serve as credible indicators of readiness. As one participant noted during the initial convening, certifications have become so widely attainable that they no longer differentiate candidates in meaningful ways. Hiring teams are therefore prioritizing demonstrated performance over badges or acronyms.
Students’ experiences reflected this shift. Several noted that widely held credentials, such as a six-month bootcamp program plus Security+ certification, no longer differentiate their applications. Employers increasingly treat these achievements as baseline exposure rather than proof of operational readiness. One student described completing a well-marketed intensive program and passing Sec+, only to find that it “did not get me anywhere,” prompting a return to a traditional bachelor’s degree and deeper hands on preparation. Employers echoed this assessment: certifications confirm familiarity with terminology, but they do not demonstrate that a candidate can triage alerts, document incidents, troubleshoot systems, or function within enterprise workflows.
This gap is amplified by how certification and bootcamp companies are marketed versus how hiring decisions are made. Programs often promise rapid workforce entry, yet hiring managers consistently encounter graduates whose credentials exceed their applied capability. As one employer summarized:
“We’re flooded with applicants from short cyber bootcamps — three or six months — who just aren’t prepared. They often lack the technical background, aptitude, and attitude…”
In practice, employers described successful candidates as those who present verifiable work rather than compressed credentials.
A newer dynamic is further flattening certification signals. Participants reported that generative AI tools now enable the mass production of highly polished resumes, cover letters, and even synthetic project descriptions. Application materials often appear sophisticated and technically refined, creating an impression of readiness that is not always substantiated during interviews. Employers described a growing disconnect between resume presentation and demonstrated capability, particularly when candidates are asked to explain workflows, justify decisions, or reason through applied scenarios.
This dynamic has increased screening complexity and recruiter fatigue. Hiring teams reported frustration with the volume of polished but difficult-to-verify applications, which lengthens review time, complicates candidate evaluation, and contributes to stress (ISACA, 2025) and hiring burnout. As a result, employers are shifting toward portfolio verification, artifact walkthroughs, and scenario-based interviews rather than relying primarily on credential lists or resume language.
The signal shift is reinforced by changes in role expectations. As automated tools absorb routine tasks, employers place greater emphasis on validated problem-solving and documentation. Certifications, on their own, no longer function as credible indicators of readiness in this environment.
Participants emphasized that many certifications teach knowledge domains but do not provide sustained, contextualized practice. They rarely require candidates to demonstrate applied judgment, enterprise documentation, cross functional communication, or operational accountability. Employers therefore look for observable evidence: documented home labs, competition write ups, incident summaries, ticket notes, code repositories, and employer scoped project outputs.
The result is a clear recalibration of hiring signals. Where certifications once differentiated applicants, they now function primarily as baseline indicators. Observable, role aligned performance has become the more credible currency of employability. The issue is not access to credentials, but credential saturation without validated depth — a structural shift that directly reshapes early career cybersecurity hiring.
Finding 4
Insufficient Experiential Learning Infrastructure: Internship Scarcity, Capstone Loss, and Limited Applied Practice
Participants identified a major gap in hands-on cybersecurity experience for students. Although some students are highly motivated and pursue opportunities like home labs, competitions, volunteer work, and networking, relying on individual effort leads to inconsistent results. This approach cannot replace organized, accessible programs supported by schools and employers. The main problem is not just student motivation, but the lack of structured opportunities and support from institutions and employers.
There are not enough internships, capstone projects, employer mentored projects, or real world lab experiences to meet student demand. As a result, many students finish their courses without enough chances to create real projects that show they are ready for jobs in the field.
Internship Availability as a Structural Bottleneck
In March 2026, data job posting platforms reviewed by the Working Group illustrated the narrowing of entry level and internship opportunities available to students nationally, in Florida, and within the Tampa Bay region, highlighting the limited number of opportunities available to early career cybersecurity professionals.
Handshake reflects roles directly visible to students through university career platforms.
Although posting volumes fluctuate, both sources demonstrate a significant narrowing from national opportunity levels to locally accessible entry level and internship roles. Participants described more than 300 students competing for only a small number of visible cybersecurity internship seats in the Tampa Bay region. These figures illustrate the structural difficulty students face when attempting to secure early applied cybersecurity experience, particularly internships that provide supervised, hands on learning.
In response, the Working Group proposed expanding paid micro internships as a scalable approach to increase hands on access when traditional internships are limited. Participants emphasized the strategic importance of strengthening local university employer partnerships across small, medium, and large organizations, including both rural and urban contexts. Structured project templates, coordinated employer engagement, and lightweight micro-internship models were identified as practical strategies to expand experiential capacity without requiring full scale internship infrastructure.
Table 2. Handshake “Cyber” Postings — March 2026
Table 3. CareerShift “Cyber” Postings — March 2026
Shifting Nature of Early‑Career Work
Participants also observed that the structure of early career cybersecurity work is evolving. As one student explained:
“What someone would have hired me two years ago to do is now done automatically with AI.”
With routine monitoring and triage increasingly automated, internships and junior roles now require analytical interpretation, documentation fluency, and operational judgment earlier in the career trajectory. These competencies are difficult to develop without structured, mentored, and practice-based learning environments.
Program Design Gaps: Loss of Capstones and Insufficient Lab Scale
Required capstones, once a primary bridge between coursework and applied work, have been removed in some bachelor level cybersecurity programs. Students described the capstone as one of the few formal opportunities to engage with external partners, gain hands on experience, and generate portfolio level artifacts demonstrating applied problem solving. As one participant stated:
“That was the only opportunity to talk to a company and solve real-life issues. It’s gone with the new cybersecurity curriculum.”
Clubs and SOC style labs provide authentic experience through simulations, but access remains constrained by funding, staffing, and available infrastructure. Opportunities are therefore concentrated among a limited subset of students rather than embedded systematically across degree programs.
Participants emphasized that scaling SOC style laboratory infrastructure would require sustained institutional investment in staffing, technical infrastructure, and physical or virtual lab environments.
A student participant referenced initiatives such as the Security Operations Center Apprentice Program (SOCAP), developed by Cyber Florida, and USF’s CyberHerd Competition Team as examples of structured simulation environments that expand applied learning opportunities. Participation requires a competitive application process, reflecting strong student demand for intensive experiential training. Students described meeting multiple times per week and participating in competitions designed to approximate real world operational environments.
These examples illustrate the type of sustained, high intensity experiential preparation valued in enterprise cybersecurity environments. However, participation remains limited due to capacity constraints, reinforcing that such experiences currently function as selective enrichment opportunities rather than guaranteed program wide infrastructure.
Structural Experiential Shortfall
The combined effect is a systemic experiential shortfall in cybersecurity workforce preparation. Internship scarcity, removal of capstones in some cybersecurity programs, limited lab capacity, and constrained employer hosting capacity collectively restrict the production of applied learning opportunities at scale.
Even highly motivated students encounter structural barriers when attempting to translate academic learning into demonstrable professional experience. Participants emphasized that the experiential gap described above cannot be addressed solely through curriculum adjustments. Program design, institutional
capacity, and broader structural conditions all influence the scale at which applied learning opportunities can be expanded. These institutional and policy considerations are examined further in the following findings.
Finding 5
Policy and Structural Barriers Limit Hands‑On Learning
Participants emphasized that curricular reform alone cannot fully address experiential learning gaps without considering the broader policy environment. In Florida, several higher education policies are designed to promote institutional efficiency, accountability, and timely degree completion. While these policies support important system-level goals, they also influence the flexibility institutions have when expanding internships, co‑ops, and other applied learning opportunities within degree programs.
Credit Hour Caps and Performance Funding
Florida’s higher education policy framework is structured to reinforce goals such as on‑time graduation, affordability, and institutional accountability. Policies such as the excess credit‑hour surcharge (F.S. §1009.286) and the State University System’s performance-based funding model (F.S. §1001.92) have a meaningful impact on how institutions shape their academic programs.
The excess credit‑hour surcharge incentivizes efficient degree progression by applying additional tuition when students exceed 120 percent of the required credit hours for their program. Likewise, the performance‑based funding framework allocates a portion of state university funding according to metrics including graduation rates, retention, affordability, and post‑graduation employment outcomes. While these structures advance important statewide objectives, they also create practical constraints for programs seeking to expand credit‑bearing experiential learning components. Adding a required internship or co‑op course increases total attempted credits and may push some students closer to surcharge thresholds, while also affecting the metrics monitored through performance funding. As a result, departments often explore ways to integrate applied learning within existing credit limits or through non‑credit alternatives.
Work Authorization and Curriculum Integration
Participants also discussed the intersection between experiential learning and federal work authorization pathways for international students. At many institutions, international students comprise a significant share of enrollment.
Curricular Practical Training (CPT) and Optional Practical Training (OPT) offer established mechanisms for international students to gain professional experience when such opportunities are formally integrated into academic programs. This creates a strong incentive for universities to design experiential components that are academically aligned, well‑structured, and administratively supported.
Participants noted that expanding models such as micro‑internships, project‑based work, and applied research experiences can help ensure students develop hands‑on technical skills while maintaining compliance with CPT and OPT requirements. Such approaches are consistent with recognized high‑impact educational practices shown to improve student engagement, retention, and persistence. These models also create additional pathways for international students to build practical experience and professional portfolios prior to graduation.
Why Programs Cannot Simply Require Internships
Participants emphasized that requiring internships within degree programs involves multiple design and policy considerations. Adding a mandatory internship course may increase total credit hours, potentially triggering the excess credit‑hour surcharge for some students. It may also affect graduation timelines that influence institutional performance funding metrics.
Beyond policy constraints, institutions face practical challenges: employer internship capacity varies by region and industry, and not all programs can secure enough placements to support a universal mandate. For these reasons, departments often attempt to embed hands‑on learning within existing credit structures. While this approach aligns with state policy incentives, it limits the number of formal internship seats that can be scaled across programs.
Participant‑Identified Pathways Within Existing Constraints
Within this policy and institutional context, participants identified several strategies that can expand experiential learning opportunities without requiring immediate statutory changes. These include:
• Short‑duration paid micro‑internships structured to fit within existing credit limits.
• Institution supported funding models that reduce the burden on employers and increase placement availability.
• Regional coordination models to expand vetted project opportunities across institutions. Participants emphasized that these approaches can help universities and employers increase hands‑on learning opportunities while remaining aligned with existing policy, regulatory, and institutional frameworks.
Finding 6
The Missing Human Layer: Soft Skills, Mentorship, and Professional Identity Development
Across the Working Group, participants identified professional readiness (soft and social skills) as a critical gap in cybersecurity preparation. Even when students possess technical knowledge, many struggle to explain their work, articulate business impact, and present themselves effectively to employers. As one employer summarized, hiring is not only about whether candidates have experience, but whether they can “communicate that they’ve got this experience… and how it translates into a real job.” Communication and professional fluency were repeatedly described as core workforce competencies, not supplemental skills.
Students confirmed this gap. Courses labeled as communication or ethics are often asynchronous and writing-heavy, limiting opportunities to practice speaking, briefing, and defending reasoning in real time. Several noted that AI generated text further reduces authentic communication development. Employers echoed that weak communication frequently undermines otherwise qualified candidates during interviews and onboarding.
Participants emphasized that professional readiness extends beyond public speaking. Recruiters high lighted self presentation, initiative, coachability, teamwork, and professional etiquette as decisive hiring factors. One leader explained they would “rather take a weaker person with a good attitude than a stronger
person with a bad attitude,” highlighting that collaboration and interpersonal judgment directly affect operational performance.
Another gap involves hiring literacy. Many students rely exclusively on mass online applications rather than networking, relationship building, and understanding how hiring decisions are made. Recruiters noted that relationship-based engagement significantly increases interview opportunities, yet few programs explicitly teach students how recruitment processes function.
Communication and professional behaviors are also shaped within technical environments such as SOC style labs, competitions, and applied projects. Documentation, escalation clarity, collaboration, and decision making under pressure often determine success. However, these co curricular environments are limited in scale and not consistently integrated into degree requirements, meaning only a subset of students develops these capabilities.
Mentorship Infrastructure Is Underdeveloped
Students described limited access to structured mentorship. As one student stated, “There is no mentorship for cybersecurity students… advising is not mentorship.” While academic advising addresses course sequencing, students lack sustained guidance on role selection, specialization pathways, position ing strategies, and long term trajectory planning. Without mentorship, students struggle to translate coursework into a coherent professional identity.
Communication Gaps Directly Affect Hiring Outcomes
Employers repeatedly cited weaknesses in communication skills, documentation, and translation of technical findings into business terms. Students similarly reported limited opportunities to practice briefings, incident explanations, or live problem articulation. In an AI mediated environment where polished written text is easily generated, verbal explanation and defensible reasoning have become stronger differentiators.
Professional Identity Development Is Fragmented
Although Finding 2 addressed curricular specialization, participants emphasized that students also lack structured opportunities to articulate identity. Many describe themselves simply as “cybersecurity,” without clearly defining a functional direction. Without guided reflection, role exposure, and feedback, students struggle to connect work samples to specific job pathways.
Business Context and Judgment Skills Are Underdeveloped
Cybersecurity work requires translating technical findings into organizational risk decisions. Participants noted that students often lack exposure to enterprise constraints, stakeholder priorities, and risk trade offs. These skills develop through dialogue, reflection, and mentored practice, not technical coursework alone.
AI Elevates the Importance of Human Skills
As AI driven automation absorbs repetitive entry level tasks, early career professionals are increasingly expected to interpret outputs, validate results, stay current with evolving technologies, and think strategically about emerging threats. While AI reduces mechanical workload, it simultaneously raises expectations for analytical judgment, situational awareness, and defensible decision making. Programs
must therefore intentionally cultivate communication skills, critical thinking, continuous learning habits, structured reasoning, and the ability to operate under uncertainty.
While foundational knowledge and specialization pathways remain essential, participants stressed that no student will be workforce ready without the human infrastructure that supports professional growth. Cybersecurity is inherently interdisciplinary and communication intensive. Success depends on articu lating risk, explaining impact, collaborating across teams, and exercising judgment.
In short, strengthening mentorship, communication practice, critical thinking, problem‑solving, profes sional identity development, the ability to work under stress, and hiring literacy represents one of the most actionable opportunities available to universities. This finding is also aligned with current reports such as ISACA (2025b). Embedding these elements across all cybersecurity technical courses, applied labs, capstones, and co-curricular structures would significantly strengthen workforce readiness and address one of the most persistent gaps identified by employers.
Finding 7
AI Is Reshaping Entry‑Level Cybersecurity Roles
Participants described a structural shift in early career cybersecurity work driven by AI enabled automation. Tasks that once served as foundational learning footholds — first-pass log review, baseline anomaly detection, and routine triage — are increasingly performed by automated systems. This compres sion of entry level task scope elevates expectations for analytical oversight, tool governance, and defensible decision making. Survey Participants’ responses converged on a consistent conclusion: AI is not lowering the bar for entry roles; it is raising it.
What Changed: Automation of Junior Tasks
Students reported that roles available even “two years ago” are now partially or fully automated. One student stated:
“What someone would have hired me two years ago to do is now done automatically with AI… It saves [companies] salaries of 10 or 20 analysts.”
Automated flagging and AI-assisted SOC tooling have displaced much of the repetitive monitoring that historically absorbed novice analysts. Practitioners clarified that machine assistance in SOC environments is not new; what has changed is its visibility, accessibility, and scale. In many settings, tool deployment is advancing faster than formal governance frameworks, increasing the demand for validation and oversight at the analyst level.
Consequences for Early‑Career Candidates
With low complexity tasks increasingly automated, employers expect new analysts to interpret outputs, validate anomalies, exercise judgment, and operate within enterprise workflows from the outset. Students summarized the implication bluntly: “There is no entry level… you’re going to have to start in help desk or support.” Hiring processes now privilege verifiable, role-aligned work samples over generic credentials. Evidence has overtaken badges as the primary readiness signal.
Consequences for Employers
Employers face dual pressures. First, they must identify candidates capable of exercising judgment over AI enabled systems — validating outputs, weighing risk, documenting rationale, and escalating appropriately. Second, widespread access to generative tools has flattened traditional resume signals. Highly polished, keyword-dense applications submitted at scale have increased screening noise and reduced confidence in entry-level industry certifications.
In response, hiring teams are shifting toward performance based evaluation methods, including portfolio verification, artifact walkthroughs, simulation exercises, and scenario based interviews that assess reasoning, documentation quality, and governance awareness rather than resume language alone.
Participants also observed that listing completed coursework rarely differentiates candidates. In competitive applicant pools, most applicants have taken similar foundational classes. Employers noted that course titles alone provide limited insight into readiness. Differentiation depends not on what students were taught, but on what they built, tested, documented, and contributed beyond standard curriculum requirements.
Participants emphasized that portfolio development must begin early in academic programs so applied evidence accumulates over time. Observable outputs — including documented lab work, incident write-ups, automation scripts, and reflective analyses — provide more reliable readiness signals than certifications alone.
Employers also reported evaluating initiatives and real world engagement beyond formal coursework. Community based cybersecurity work, volunteer technical support, open source contributions, and service oriented security projects were described as meaningful indicators of professional maturity. Demonstrated impact — such as improving security practices for a nonprofit or documenting remediation steps in a real environment — signals applied judgment, persistence, and accountability.
In this environment, readiness is assessed not only by what students complete in class, but by what they build, test, document, and contribute outside structured requirements. Observable contribution increasingly functions as a credibility signal.
Implications for Curriculum: AI Embedded in Workflow
Participants stressed that AI should be embedded within operational workflows rather than treated as a stand alone elective. Graduates must practice how to:
• Prompt, constrain, and verify model outputs within detection and response context
• Document reasoning, assumptions, and decision boundaries
• Use AI responsibly by protecting sensitive data, checking for errors or bias, documenting decisions, and ensuring a human reviews final actions
• Retain accountability for final decisions
Practitioners warned against superficial AI coursework that emphasizes tool exposure without operational depth. Instruction should focus on real world problem solving, safe use practices, and documented decision making within enterprise contexts. Students should be assessed on how they reason and justify actions, not merely on their ability to operate a tool.
Role Recompositing: The New Shape of Entry‑Level Work
Entry level cybersecurity roles are shifting from manual task execution to guided automation oversight. Core expectations increasingly include:
• Using AI assisted SIEM/SOAR tools to prioritize meaningful alerts
• Validating automated outputs and documenting conclusions
• Writing lightweight scripts to connect alerts to actions
• Translating technical findings into clear, stakeholder-appropriate explanations
In effect, early-career roles now require foundational automation fluency, governance awareness, and strong communication capability. AI has reshaped early career cybersecurity work. It has reduced the number of repetitive tasks that once served as informal training grounds and accelerated the expectation that new analysts exercise judgment, validation, and documentation from the beginning of their careers. In this environment, credentials alone do not demonstrate readiness; observable, AI aware applied work does. Programs must therefore move beyond teaching what AI tools are and instead teach how AI functions inside operational security workflows. Graduates require repeated practice in prompting, validating, documenting, and making defensible decisions under evolving technological conditions.
Finding 8
Starting Too Late: The Pipeline Must Begin in Middle and High School
Today’s teenagers grow up online. Recent surveys show that more than 95 percent of U.S. teens have access to a smartphone, and the average middle or high school student spends more than seven hours per day on digital devices (Faverio & Sidoti, 2024). Despite this constant digital immersion, participants observed that many students reach college without understanding core cybersecurity concepts or basic cyber hygiene practices. Several participants emphasized that cybersecurity is often introduced only at the college level. As one participant explained:
“You get to college and then you learn cybersecurity. That’s too late.”
Early exposure not only builds technical familiarity but also supporting professional identity formation by helping students understand what cybersecurity careers involve and how different roles connect within the field.
Early Exposure Is Missing Even Though K–12 Programs Exist
Practitioners noted that the Florida Department of Education already funds Career and Professional Education (CAPE) industry certification opportunities in middle and high schools, including pathways in CompTIA, Microsoft, Linux, and cybersecurity. However, many schools struggle to implement these programs consistently due to shortages of subject matter experts, limited teacher training, and low visibility into how certification incentives operate.
These cybersecurity courses are electives and are not available in all schools or in all school districts in Florida. Currently, about 12% of high school students are enrolled in CAPE funded cybersecurity courses in Florida.
Although funding follows certification outcomes, schools often lack the instructional capacity needed to deliver the curriculum at scale.
Students Arrive at College Without Technical Foundations
Participants repeatedly described students entering cybersecurity degree programs without exposure to several foundational technical concepts, including:
• command line familiarity
• basic Linux environments
• TCP/IP and networking fundamentals
• troubleshooting and structured problem solving
• cyber hygiene and AI literacy
These gaps mirror national findings. The CYBER.ORG K–12 Cybersecurity Learning Standards (2021) stress that K–12 learners should develop early competencies in computing systems, security, digital citizenship, and networking before progressing to advanced concepts in higher education. Likewise, the NICE K–12 emphasizes the importance of familiarizing students with cybersecurity concepts in early and middle grades to prepare them for deeper technical learning later in the pipeline.
As a result, universities often spend valuable curriculum time reinforcing foundational skills rather than focusing on advanced, role‑aligned cybersecurity training. Table 2, created using the data and expertise shared by the Working Group, illustrates the difference between introductory exposure in high school and the deeper technical development expected in college programs.
Early Hands‑On Practice Improves Readiness
Participants identified middle- and high-school environments such as STEM clubs, robotics programs, coding camps, and cyber literacy initiatives as important opportunities for early engagement. These experiences allow students to explore cybersecurity careers, practice teamwork, critical thinking, and communication, develop troubleshooting habits, and complete small authentic projects.
Early exposure distributes learning across the educational pipeline rather than placing the full burden on higher education to simultaneously build technical skills, professional identity, and workforce readiness.
Accessible Entry Points for Schools
Participants emphasized that schools do not need a fully developed cybersecurity program to begin exposing students to the field. Initial activities can include guest speakers from industry, career exploration sessions, site visits or job shadowing opportunities, and short student presentations that reinforce communication, problem solving, and critical thinking skills. These approaches provide scalable entry points while schools gradually build teacher capacity and technical programming.
In sum, participants emphasized that strengthening the cybersecurity workforce pipeline requires earlier engagement in middle and high school. Exposure to computing concepts, networking fundamentals, cyber hygiene, AI literacy, structured communication, and problem solving can help students enter college programs with stronger preparation and clearer awareness of cybersecurity career pathways, reducing the need for foundational remediation in higher education.
4. Example of What Cyber Foundations Look Like in High School vs. College
Skill Area
Command‑line familiarity
Linux exposure
TCP/IP & networking basics
Troubleshooting & problem‑solving
Digital hygiene
Cyber & AI literacy
High‑School Level (Appropriate & Age‑Friendly)
Navigating folders, running simple com mands, working in a safe environment (PowerShell/macOS/Linux terminal).
Basic OS use in safe environments
Understanding what an IP address is, how routers and ports work, simple ping/traceroute.
Guided problem-solving steps, fixing simple device or connectivity issues.
Passwords, MFA, phishing awareness, privacy concepts, and safe online behavior.
Awareness of AI tools and cyber roles
College Level (Deeper, Technical)
Enables analysts to interpret alerts, identify lateral movement, and understand how attacks traverse systems.
Reduces onboarding time, aligns with real enterprise environments, and signals operational maturity.
Predicts autonomy in SOC and engineering roles and accelerates early‑career performance.
Essential for defender roles and key to maintaining organizational resilience.
Demonstrates readiness for real SOC/GRC environments and reduces the training burden on employers.
Using AI in workflows, validating outputs, safe‑use governance, and applied cyber operations.
Table
Recommendations
The CyberBay Workforce Development Working Group identified structural misalignment across labor market signaling, curriculum design, experiential access, employer engagement, early pipeline development, and enabling policy conditions. The recommendations below focus on practical actions that universities, employers, and policymakers can take to strengthen the cybersecurity workforce pipeline in Florida and the Tampa Bay region. While institutions may implement these recommendations differently, coordinated regional action will be essential to improve alignment between education pathways and labor market demand.
1. Clarify Cybersecurity Roles and Career Pathways
Cybersecurity job titles vary widely across organizations. Similar work may be described using different titles depending on the employer, sector, or internal organizational structure. For this reason, workforce alignment should focus less on job titles and more on the types of work performed and the competencies required to perform them.
Recommendation 1: Develop a Regional Cyber Role Model aligned with NICE and CIS Controls that clearly defines:
• Core functional areas of cybersecurity work present in Florida and the Tampa Bay region
• Key competencies required to perform those functions
• Realistic entry pathways, including foundational IT on ramps
• Skill progression across early, mid, and advanced career stages
Clear role mapping strengthens curriculum alignment, improves hiring transparency, and helps students understand how cybersecurity careers develop over time.
2. Prioritize Demonstrated Competence Over Credentials
Credential proliferation and AI generated application materials have weakened traditional hiring signals. Recommendation 2: Require cybersecurity students to develop professional portfolios beginning in their first semester. Portfolios should include:
• Documented labs and technical exercises
• Incident response write ups
• Log analysis artifacts
• AI-assisted workflow documentation
• Sector-specific case studies
• Capstone, conference, and project deliverables
• Community based cybersecurity service work
• Demonstrated artifacts should function as a primary signal of technical readiness for employers.
3. Rebalance Curriculum Toward Operational Market Demand
Recommendation 3: Cybersecurity programs should move from generalized exposure toward role aligned preparation.
3.1
Strengthen Defensive and Infrastructure Foundations
Core required competencies should include:
• Networking fundamentals
• Linux and Windows/Active Directory fluency
• Incident response
• Vulnerability management
• Security Operations Center workflows
• Cloud security fundamentals
• Defensive security competencies should form a required foundation within cybersecurity programs.
3.2
Integrate Business, Sector, and Communication Context
Students must understand how cybersecurity functions within real organizational environments. Programs should embed exposure to:
• Cybersecurity in healthcare
• Financial services and regulated sectors
• Industrial Control Systems and critical infrastructure
• Governance, risk, and compliance
• Executive level reporting and communication practice
4. Embed Artificial Intelligence Within Cyber Workflows
AI is reshaping entry level roles by automating routine tasks and elevating expectations for oversight and communication.
Recommendation 4: Integrate structured AI competency modules within core cybersecurity courses, including:
• Prompt design for cybersecurity workflows
• Output validation and hallucination detection
• Responsible AI governance and documentation
• AI assisted scripting and automation
• Risk communication and decision justification
AI competencies should be embedded within operational cybersecurity training rather than offered solely as standalone electives.
5. Rebuild Experiential Capacity at Scale
Recommendation 5: Traditional internships alone cannot meet current student demand, and the removal of capstone requirements in some cybersecurity programs has reduced structured applied learning opportunities.
5.1 Reinstate and Strengthen Employer‑Aligned Capstones
Capstones should include:
• Realistic security scenarios
• External partner input when possible
• Executive level written and oral defense
• Artifact based evaluation
5.2 Develop Paid Micro‑Internship Models
Micro internships can expand applied learning opportunities when traditional internships are limited. These experiences should:
• Require 40–50 hours
• Produce defined deliverables
• Be embedded within existing credit structures
• Avoid extending time to degree
• Be compensated whenever possible
5.3 Expand Community Based Cyber Engagement
Students should be encouraged and supported to volunteer their cybersecurity skills with:
• Nonprofit organizations
• Faith based institutions
• Small local businesses
• Community groups
These engagements provide documented applied experience while strengthening community digital resilience.
6. Strengthen Employer and Recruiter Alignment
Recommendation 6: Sustainable workforce alignment requires structured and reciprocal partnerships between universities and industry.
6.1 Establish a Regional Cyber Talent Alignment Initiative
This initiative should include:
• Annual curriculum feedback cycles
• Employer designed applied projects
• Portfolio review sessions
• Early access to role aligned candidates
• Structured pilot participation
6.2 Create a Recruiter and HR Roundtable
Recruiters play a central role in screening and signal interpretation. A recurring roundtable should align:
• Resume expectations
• AI generated application challenges
• Entry level job descriptions
• Screening practices
Students participating in these sessions could produce reflective analyses of hiring expectations for inclusion in their professional portfolios.
6.3 Normalize Foundational IT Roles
Help desk and technical support positions should be recognized as legitimate cybersecurity entry pathways that build essential troubleshooting and infrastructure competencies.
7. Invest in Mentorship and Professional Identity Development
Advising alone does not replace structured professional mentorship.
Recommendation 7: Develop tiered mentorship models that include:
• Practitioner mentors
• Faculty guided role exploration
• Peer Mentorship
• Communication and presentation practice
• Networking strategy instruction
• Interview preparation integrated into coursework
Soft skills, communication, and professional identity formation must be embedded across the curriculum.
8. Build the Pipeline Earlier: Differentiate Middle and High School
Workforce development begins long before students reach college. In Florida, most middle‑ and high‑school cybersecurity courses are electives rather than requirements, and many districts do not offer them at all.
Recommendation 8: To strengthen the talent pipeline, cybersecurity instruction must become more accessible across K 12 school systems. Foundational concepts — such as cyber hygiene and a basic understanding of how cybersecurity works — should be required for all learners, not reserved for students who opt into specialized electives.
8.1 Middle School Focus
Programs should emphasize:
• Cyber hygiene, digital citizenship, and foundational understanding of cybersecurity concepts
• Introductory AI literacy
• Soft Skills: Communication, critical thinking, and problem solving skills
• Creative, artifact‑based projects that allow students to demonstrate what they have learned
Early exposure should be light‑lift and engaging. Examples include guest speakers, mini career‑exploration sessions, and simple annual artifacts that build student identity, curiosity, and confidence in the field.
8.2 High School Focus
High school programs should transition from conceptual awareness to foundational technical competence. Programs should introduce:
• Advanced cyber hygiene, digital citizenship, and deeper understanding of how cybersecurity works
• Introductory networking and Linux exposure
• Small cloud‑ or AI‑based projects
• Annual portfolio artifacts that document skill development
• Beginner‑level cyber competitions to cultivate teamwork, troubleshooting, and applied problem‑solving
• Clear transition pathways into four‑year college programs, workforce opportunities, or advanced training
• Active student participation in hands‑on, authentic learning experiences
• Soft skills: communication, critical thinking, problem‑solving skills, and the ability to adapt and make important decisions when working under stress.
Developmentally differentiated pathways strengthen readiness and reduce remediation at the university level.
9. Align Policy Conditions to Support Applied Learning
State and institutional policy frameworks play an important role in supporting degree efficiency, affordabil ity, and accountability within higher education systems. At the same time, these frameworks influence how universities design experiential learning opportunities such as internships, micro internships, co ops, and applied project courses.
Participants noted that expanding hands-on learning opportunities may benefit from policy environments that provide sufficient flexibility for institutions to integrate applied experiences within degree programs while maintaining timely degree completion.
Recommendation 9: Explore targeted state and institutional policy adjustments that support applied learning opportunities, including:
• Greater flexibility within credit-hour frameworks when experiential coursework is embedded within degree programs
• Support for internship integrated degree models and structured co op pathways
• Funding incentives that encourage applied learning experiences connected to industry needs
• Clear employer guidance regarding CPT and OPT participation processes
• Statewide coordination mechanisms that support micro internship initiatives and project based experiential learning
These approaches support the expansion of experiential learning opportunities while remaining aligned with the broader goals of institutional efficiency, student affordability, and workforce readiness.
PHASE 2: Driving Regional Workforce Alignment
A Multi‑Level Action Plan
The CyberBay Workforce Development Working Group identified a persistent gap between cybersecurity education and employer‑recognized operational capability. Enrollment is rising, yet employers struggle to find candidates with verifiable, role-aligned skills, while students complete programs without sufficient applied experience to translate knowledge into readiness.
This disconnect is not tied to a single institution or sector but reflects a systems-level challenge. Program design, infrastructure, employer participation, and policy frameworks all shape the extent to which education can deliver experiential learning, validate applied skills, and scale workforce‑aligned training.
Some improvements can be made immediately through curriculum alignment, artifact‑based assessment, and deeper employer engagement. Others require institutional coordination — such as building partnership infrastructure and applied training environments — while long‑term progress depends on policy conditions influencing credit structures, funding, work authorization, and K–12 preparation.
Accordingly, Phase Two is structured as a multi‑level regional alignment plan, distinguishing short‑term program actions, medium‑term institutional initiatives, and long‑term policy considerations. By organizing reforms across these levels, Bellini College can strengthen workforce readiness now while generating evidence for scalable improvements across the Tampa Bay region.
Figure 1. Phase 2 — From Cybersecurity Curriculum to Capability (Short, Medium, and Long‑Term Recommendations)
Long‑Term
Policy & System Alignment
Medium‑Term
Experiential Infrastructure
Short‑Term
Applied Capability
• State & Policy Reform
• Academic Credit Flexibility
• Workforce Incentives
• Scalable Micro Internships
• Structured Mentorship Programs
+ Cyber Range & SOC & Industry Collaboration
• Skills Based Curriculum
• Practical Assignments
• Employer Feedback
+ Hands On Labs, Student Portfolios & Employer Engagement
Short‑Term Priority (Program Level):
Curriculum Alignment and Applied Capability
The most immediate opportunity lies within the curriculum itself. Before new infrastructure or policy changes are pursued, each program should conduct a focused alignment review guided by foundational questions:
• How does each course connect to real workforce roles and operational needs?
• Are industry partners providing structured feedback on course outcomes?
• What applied competencies are missing?
• Do assignments produce employer‑recognizable evidence of skill?
Short‑term improvements should prioritize:
Strengthening Applied Skills
University and college programs should identify student gaps in troubleshooting, structured problem solving, Linux and Windows/Active Directory fluency, basic networking (TCP/IP), documentation, and operational workflow practices early in degree programs. Instruction should incorporate:
• Realistic simulations
• Case‑based learning
• Scenario‑driven incident exercises
AI instruction should focus on how AI tools function within operational workflows — prompting, validating, documenting, and making decisions — rather than treating AI as an abstract and isolated topic.
Embedded Employer Engagement
Faculty should incorporate employer input directly into course design by:
• Inviting companies to review course competencies
• Integrating scope and real life simulation project ideas
• Using employer feedback to refine assignments and capstone expectations
Reinforcing Professional Competencies
Communication, business‑impact translation, teamwork, and professional behaviors must be embedded into technical courses. Students should:
• Solve problems and present findings
• Participate in live case discussions
• Produce structured IR documentation
• Receive feedback on clarity and reasoning
• Develop the ability to work effectively under pressure, reflecting the operational realities of cybersecurity roles
Integration of Foundational Mentorship
Cybersecurity programs should adopt a practical, multi‑tiered mentorship model that leverages existing institutional resources while gradually expanding industry participation. Different forms of mentorship address different student needs, and not all require significant time or funding:
• Peer mentorship: Upper-level students support first-year students with course expectations, basic skills, and program navigation. This low‑cost model is easy to launch and strengthens the community.
• Group mentorship: Faculty or visiting practitioners meet with small groups a few times per semester. This format scales efficiently and reduces reliance on one-to-one volunteer time.
• Company‑based mentorship: Employers engage through career panels, portfolio reviews, or short term project coaching. Pairing these engagements with curriculum milestones increases relevance — for example, hosting career panels during the introduction to careers unit or scheduling portfolio reviews after students complete their first cybersecurity project. These activities align naturally with existing employer outreach and recruiting efforts.
• Tailored mentorship: Individualized support for students preparing for internships or pursuing specific roles. Programs can manage this through selective matching, focusing on students with clear goals, capstone needs, or demonstrated readiness.
By combining these layers, programs can provide consistent mentorship without overburdening faculty or requiring large numbers of industry volunteers. As partnerships deepen, institutions can expand the company based and tailored components while keeping peer and group mentorship as the foundation.
To support continuous improvement, programs can implement a simple assessment loop. An end‑of‑se mester student survey can capture engagement, satisfaction, and suggestions, while tracking retention and internship outcomes provides evidence of impact. These low‑burden measures help campus leaders see both the immediate and long‑term value of sustaining the mentorship model.
Required Professional Portfolios
Every student should begin a portfolio in their first semester that includes:
• Lab outputs and scripts
• Troubleshooting narratives
• Incident write‑ups
• Project deliverables
• Professional reflections from conferences or networking events
This ensures all graduates leave with demonstrable, role‑aligned capability. Artifacts should be evaluated using employer informed rubrics to ensure they demonstrate operational relevance rather than academic completion. This requirement ensures graduates leave with employer recognizable, role aligned capability.
Medium‑Term Priority (Institutional Level):
Partnerships and Experiential
Infrastructure
While course‑level improvements establish the foundation, scalable and sustainable alignment requires institutional investment in partnerships and applied learning environments.
Formalized Employer Partnership Council
Bellini College should establish a structured employer council supported by a designated institutional lead. This council should provide:
• Regular curriculum review cycles
• Formal feedback on applied skill gaps
• Co‑designed capstone and project scopes
• Defined pathways for employer engagement across programs
Partnerships must clearly articulate mutual value, not only institutional value. Employers disengage when participation feels extractive or when the benefits are not explicit. To sustain engagement, the council must demonstrate tangible value to companies, such as reduced onboarding time, earlier access to prepared talent, co‑designed projects that meet real operational needs, and streamlined hiring signals.
A guiding question for Bellini College in designing this council is:
What specific, practical value do companies gain by contributing their time, expertise, and insight — and how will we ensure that value is delivered consistently?
Scalable Micro‑Internship Model
Given limited availability of traditional internships, a micro‑internship model is essential. Designed to align with academic semesters, these experiences should include:
• 40–60 hour project scopes per semester
• Clear learning outcomes
• Employer‑validated deliverables
• Required integration into professional portfolios
Grant funding, sponsorships, or workforce development resources may be needed to offset employer participation costs.
Applied SOC Environment
A scalable SOC‑style training environment is critical for expanding access to hands‑on practice. A phased SOC development plan should include:
• Dedicated infrastructure
• Practitioner oversight
• Scenario‑based incident rotations
• Integration across multiple courses
Structured Mentorship Program
As experiential infrastructure expands, Bellini College should develop a structured mentorship program pairing students with industry practitioners aligned to their intended specialization. This initiative requires coordinated staffing, employer council involvement, structured matching processes, and integration with micro internships and SOC rotations.
Structured mentorship provides sustained professional guidance, networking access, and role-specific feedback, elements consistently identified by both students and employers as missing in the current system.
Long‑Term Priority (State & Policy Level): Alignment for Sustainable Workforce Reform
Short and medium term reforms can improve workforce readiness within existing institutional structures. However, long-term sustainability requires consideration of broader policy conditions that influence how institutions design, fund, and scale experiential learning opportunities.
Why Policy Alignment Matters
Participants across universities identified several structural factors that shape program design decisions:
• Credit hour frameworks and excess hour surcharge policies influence how institutions integrate internships, co ops, and applied coursework without increasing student costs or affecting institutional performance metrics.
• Performance based funding models emphasize indicators such as time to degree, retention, and completion rates. While these metrics support system efficiency, they may also influence how programs structure credit bearing experiential components.
• Work authorization frameworks for international students require experiential learning opportunities to be carefully integrated into academic programs so they can also gain more hands on experience
• Strengthen K–12 computing, cybersecurity, and AI literacy pathways through teacher preparation and CAPE alignment
Leadership Responsibilities
Because these constraints exceed faculty authority, they require sustained engagement from:
• University leadership
• State higher‑education system offices
• Policymakers
• Employers and workforce boards
• K–12 leaders and district partners
Phase Two is designed as an action oriented pilot that proposes practical steps to strengthen the connection between cybersecurity education and employer recognizable capability. These recommenda tions focus on curriculum alignment, portfolio based skill validation, mentorship, employer engagement, and expanded experiential learning opportunities such as micro internships and applied projects.
By implementing and evaluating these approaches, Bellini College can generate evidence about which strat egies most effectively improve workforce alignment and inform broader institutional and policy discussions.
Conclusion
The findings of the CyberBay Workforce Development Working Group indicate that Florida’s cybersecurity workforce challenge is not primarily a shortage of interest or educational programs, but a structural misalignment between preparation, opportunity, and hiring signals. Employers report overwhelming applicant volume yet continue to struggle to identify candidates with demonstrable, role‑aligned capability. At the same time, students complete degrees, certifications, and training programs while encountering limited access to meaningful applied experience that translates academic learning into operational readiness.
These dynamics reflect a broader transition in how cybersecurity work is defined and evaluated. As artificial intelligence reshapes early‑career roles and increases expectations for analytical judgment, documentation, and communication, traditional signals such as credentials alone are becoming less reliable indicators of readiness. Preparing students for modern cybersecurity environments therefore requires stronger alignment across curriculum design, experiential learning opportunities, employer engagement, early pipeline development, and enabling policy conditions.
Phase Two translates these findings into action through a Phase Two alignment plan that prioritizes demonstrable capability, structured employer collaboration, and expanded experiential learning opportunities, including micro‑internships, portfolio development, and applied project work. By testing these approaches within a defined institutional context, Bellini College and its regional partners can generate evidence to guide broader institutional and policy conversations about how to prepare cybersecurity talent for an increasingly complex and AI‑enabled security landscape.
References
Abugharbia, A. (2025). SANS 2025 AI Survey. Measuring AI Impact on Security Three Years Later. https://www. sans.org/white-papers/sans-2025-ai-survey-measuring-ai-impact-security-three-years-later
Anand, V. (2026). From Expert Systems to Agentic AI: The Evolution of AI in Cybersecurity. Splunk. https:// www.splunk.com/en_us/blog/artificial-intelligence/evolution-of-ai-in-cybersecurity.html
Bertone, B., Wagner, P., & Pauli, J. (2025). Experiential Learning: Innovative Approaches to Post-Secondary Cybersecurity Education. Journal of Cybersecurity Education, Research and Practice, 2025(1).
COMPTIA (2025). State of Cybersecurity 2025. https://www.comptia.org/en-us/resources/research/ state-of-cybersecurity
COMPTIA (2025). The Future of Cybersecurity: How AI is Transforming the Workforce. https://www.comptia. org/en-us/blog/the-future-of-cybersecurity-how-ai-is-transforming-the-workforce/
Crowley, C. (2025) SANS SOC Survey 2025. SANS Research Program. https://swimlane.com/resources/reports/ sans-soc-survey/
CSET. (2024). Introducing the Cyber Jobs Dataset. https://cset.georgetown.edu/publication/introducing-the-cyber-jobs-dataset/
Cyber.Org. (2021). K-12 Cybersecurity Learning Standards. https://cyber.org/sites/default/files/202110/K-12%20Cybersecurity%20Learning%20Standards_1.0.pdf
CyberSN. (2025). U.S. Cybersecurity Job Posting Data Report 2025. https://cybersn.com/cybersecurity-job-posting-data-report-2025/
Faverio, M; Sidoti, O. (2024). Teens, Social Media and Technology 2024. Pew Research Center. https://www. pewresearch.org/internet/2024/12/12/teens-social-media-and-technology-2024/
Hogan M, Lilienthal K, Bean de Hernandez A, McHugh P, Arbeit CA, Sullivan P; National Center for Science and Engineering Statistics. (2024). Cybersecurity Workforce Data Initiative: Cybersecurity Workforce Supply and Demand Report. National Science Foundation
ISACA. (2025a). State of Cybersecurity 2025. Update on Workforce Efforts, Resources, and Cybersecurity Operations. drerichollis.com/wp-content/uploads/2025/10/State_of_Cybersecurity_2025_by_ISACA_1760231510-1.pdf
ISACA. (2025b). State of Cybersecurity 2025-2026 Global Edition. https://www.isaca.org/-/media/files/ isacadp/project/isaca/resources/infographics/isaca-state-of-cybersecurity-infographic-global-0925.pdf
Lightcast. (2024). Quarterly Cybersecurity Talent Report: Q2 2024. https://lightcast.io/resources/research/ quarterly-cybersecurity-talent-report-june-24
Mohamed, N. (2025). Artificial intelligence and machine learning in cybersecurity: a deep dive into state-ofthe art techniques and future paradigms. Knowledge and Information Systems. 67, 6969–7055. https://doi. org/10.1007/s10115-025-02429-y
NIST (2020). Workforce Framework for Cybersecurity (NICE Framework). https://csrc.nist.rip/pubs/ sp/800/181/r1/final
Online Sunshine. (2025). Excess Credit-Hour Surcharge. F.S. §1009.286 (Online Sunshine): http://www.leg. state.fl.us/statutes/index.cfm?App_mode=Display_Statute&URL=1000-1099/1009/Sections/1009.286.html
Online Sunshine. (2025). Performance-Based Funding — F.S. §1001.92; BOG model: Statute. https://www. leg.state.fl.us/statutes/index.cfm?mode=View%20Statutes&SubMenu=1&App_mode=Display_Statute&Search_ String=Performance%E2%80%91Based+Funding&URL=1000-1099/1001/Sections/1001.92.html
World Economic Forum. (2025). AI is revolutionizing cybersecurity. How should we train the next generation of defenders? https://www.weforum.org/stories/2025/11/cybersecurity-ai-professionals-workers/
UNIVERSITY OF SOUTH FLORIDA / CYBER FLORIDA / BELLINI CAPITAL