Imagine an entire US state — one with a population similar to Louisiana’s — pulled from the workforce.
That’s the scale of the global cybersecurity talent shortage, which has reached 4.8 million people, according to recent estimates. This shortage isn’t a minor business inconvenience. It’s a growing vulnerability.
Threats are increasing across the digital landscape. In May 2024 alone, Okta blocked 2.38 billion malicious requests, according to its Businesses at Work 2025 report, with threat levels remaining consistently higher than the year prior. And no sector is safe, with cybercriminals targeting every industry, from multinational energy companies to nonprofit organizations.
Artificial intelligence has only compounded the problem. Threat actors are using the tech to scale their attacks, while legitimate businesses, eager for AI-driven productivity gains, are deploying new technologies, such as AI agents, without robust governance or security plans in place. To realize AI's promise and stay secure, businesses need humans — a dedicated workforce of cybersecurity professionals — at the wheel. Yet despite the urgent demand, this Louisiana-sized shortfall stands in the way.
However, this talent gap is solvable. Employers can help close this deficit by looking beyond traditional hiring requirements, such as four-year degrees, and instead tapping into a vast talent pool of individuals who are Skilled Through Alternative Routes (STARs). These working adults, who have a high school diploma but not a bachelor's degree, developed their skills through routes such as community college, apprenticeships, boot camps, and on-the-job experience. In the US, more than 70 million workers are STARs.
To help businesses across industries find and hire this talent, Okta for Good funded a comprehensive study by Opportunity@Work, a nonprofit organization focused on empowering STARs. The research for this study relied on a comprehensive analysis of US labor market data. For its supply analysis, it used data from the US Census Bureau’s American Community Survey to understand the composition of the workforce, including the number of STARs across the country. To analyze labor demand, the study used Lightcast's extensive database of job postings to identify current opportunities and hiring trends in the cybersecurity field.
The findings show that this group isn’t just a potential solution. STARs are already a major part of the workforce and are essential to creating a robust pipeline of security talent.
Here are some key findings from the study:
The current STAR workforce
STARs are a major force: Approximately 1 million workers currently in cybersecurity are STARs, making up 41% of the workforce.
And yet they are underrepresented: STARs account for over 51% of the overall US workforce; however, their 41% share in cybersecurity shows they are underrepresented. This highlights a significant opportunity for growth.
The rising barriers to entry
A decrease in STAR roles: From 2010 to 2024, the percentage of cybersecurity job postings open to STARs decreased from 44% to 41%, even as the total number of cybersecurity jobs increased.
The cybersecurity job market: Over 70% of cybersecurity postings are in the Professional, Scientific and Technical Services, Manufacturing, Finance and Insurance, and Information industries, with the average percentage of postings open to STARs at 39%.
Opportunities are inconsistent: Job opportunities vary greatly by industry and even within the same industry. For instance, in Manufacturing and Real Estate, over 60% of job postings overall are open to STARs, but less than 30% are open to STARs for cyber roles. This presents an opportunity to address the specific hiring practices within these sectors.
The path to career progression
Clear career pathways: The research identified upwardly mobile pathways for STARs to move into cybersecurity roles.
Common feeder roles identified: “Computer Support Specialist” is the most common "feeder" occupation for STARs transitioning into cybersecurity. Other paths include transitions from roles like “Network and Computer Systems Admins.”
The essential skills for transition: The study identifies specific skills that help STARs move into higher-level roles, such as auditing, incident response, risk analysis, and cyber threat intelligence.
Building a pipeline of security talent
With their transferable skills, practical knowledge, and hands-on experience, STARs are poised to be the next generation of cyber talent. It’s now up to businesses to recognize the value this group brings to cybersecurity roles. By adjusting their approach, organizations can not only fill critical roles but also build a more resilient and diverse workforce. Here are some ways companies can tap into this pool of talent:
Rethink the degree requirement
Move beyond the four-year degree as a primary filter. Prioritize a candidate's practical skills, certifications, and hands-on experience gained from bootcamps, technical projects, and previous roles.
Partner with specialized organizations
Collaborate with nonprofits dedicated to training and placing STARs in tech roles, such as NPower and PerScholas. These partnerships provide access to a vetted pipeline of diverse and motivated talent.
Help build clear career pathways
Formalize internal pathways for employees to move into cybersecurity. For example, create a program that helps an IT professional develop the skills needed to become a security analyst, providing a clear path for internal career mobility.
