South Africa’s cybersecurity sector is facing a growing paradox: demand for cybersecurity professionals continues to rise, yet many graduates are struggling to secure employment.
According to experts from the Institute of Information Technology Professionals South Africa Special Interest Group for Cybersecurity (IITPSA SIGCyber), the issue is not a shortage of jobs, but a widening disconnect between academic preparation and operational readiness.
Industry leaders, educators, and cybersecurity executives agree that organisations are urgently seeking cybersecurity talent, but many entry-level candidates are not yet equipped for the realities of live security environments. Across the sector, employers are prioritising practical capability, adaptability, and real-world experience over theoretical knowledge alone.
“The cybersecurity industry does not lack opportunity,” says Bryan Baxter, Securelytics HOD at BC Technologies. “What organisations need are professionals who can contribute quickly in high-pressure operational environments. Technical capability matters, but passion, teamwork, and a willingness to learn are equally important.”
Baxter explains that employers are increasingly investing in internal development, mentoring, and coaching to build long-term capability. However, identifying candidates with both the right mindset and practical aptitude remains a challenge.
Doctor Mafuwafuwane, executive head of Cybersecurity at Nexio, says the reality within Managed Security Service Providers (MSSPs) is more complex than headlines suggesting “millions of jobs” available globally.
“Specialised cybersecurity roles such as threat hunting, digital forensics, and incident response require more than academic qualifications or entry-level certifications,” he says. “These roles demand analytical maturity, operational resilience, and practical experience in live environments. Many graduates simply have not had sufficient exposure to real-world tools and processes.”
He adds that South African organisations, already operating under resource constraints and increasing cyberthreats, often need professionals who can contribute with minimal ramp-up time. As a result, experienced cybersecurity specialists remain difficult to recruit.
Musa Salmamza, Information Security Manager at NTT Data and chairman of the IITPSA Western Cape Chapter, believes the challenge is structural rather than individual.
“Cybersecurity lacks the coordinated talent pipeline seen in mature professions such as healthcare or finance,” says Salmamza. “There are few standardised pathways into the industry – and entry-level expectations are often inconsistent or unrealistic.”
He argues that many organisations approach hiring as a procurement exercise instead of a development responsibility, limiting opportunities for graduates to gain practical experience.
“To address this, industry, educators, and policymakers must work together to build structured graduate programmes, clearer career pathways, and stronger work-integrated learning opportunities,” he says.
Michael de Jager, lecturer in the School of Computer Science and Information Systems at North-West University, says the cybersecurity skills shortage reflects a deeper issue around how “readiness” is defined.
“Cybersecurity is unusual in claiming a talent shortage while simultaneously making entry difficult,” says De Jager. “Many so-called entry-level roles still require prior experience, certifications, and familiarity with enterprise tools. The industry often confuses exposure with potential.”
He notes that cybersecurity requires judgement, adaptability, and decision-making under pressure – which are all capabilities developed through practice rather than classroom theory alone.
“Universities can increase practical learning, but they cannot fully replicate operational environments,” De Jager adds. “Industry must therefore help bridge the gap by redefining what counts as experience and by recognising potential alongside technical exposure.”
The IITPSA SIGCyber experts agree that solving South Africa’s cybersecurity talent challenge will require closer collaboration between industry, higher education institutions, training providers, and policymakers. Without structured pathways for graduates to gain practical experience, the sector risks leaving critical roles unfilled while a generation of aspiring cybersecurity professionals remains locked out of the industry.
As cyberthreats continue to escalate globally, the body advises that developing sustainable cybersecurity talent pipelines is a national economic and security imperative.