South Africa’s cyber security sector is facing a growing paradox: demand for cyber security professionals continues to rise, yet many graduates are struggling to secure employment. According to experts from the Institute of Information Technology Professionals South Africa Special Interest Group for Cybersecurity (IITPSA SIGCyber), the issue is not a shortage of jobs, but a widening disconnect between academic preparation and operational readiness.
Industry leaders, educators and cyber security executives agree that organisations are urgently seeking cyber security talent, but many entry-level candidates are not yet equipped for the realities of live security environments. Across the sector, employers are prioritising practical capability, adaptability and real-world experience over theoretical knowledge alone.
“The cyber security industry does not lack opportunity,” says Bryan Baxter, Securelytics HOD at BC Technologies. “What organisations need are professionals who can contribute quickly in high-pressure operational environments. Technical capability matters, but passion, teamwork and a willingness to learn are equally important.”
Baxter explains that employers are increasingly investing in internal development, mentoring and coaching to build long-term capability. However, identifying candidates with both the right mindset and practical aptitude remains a challenge.
Doctor Mafuwafuwane, Executive Head of Cybersecurity at Nexio, says the reality within managed security service providers (MSSPs) is more complex than headlines suggesting “millions of jobs” available globally.
“Specialised cyber security roles such as threat hunting, digital forensics and incident response require more than academic qualifications or entry-level certifications,” he says. “These roles demand analytical maturity, operational resilience and practical experience in live environments. Many graduates simply have not had sufficient exposure to real-world tools and processes.”
He adds that South African organisations, already operating under resource constraints and increasing cyber threats, often need professionals who can contribute with minimal ramp-up time. As a result, experienced cyber security specialists remain difficult to recruit.
Musa Salmamza, Information Security Manager at NTT DATA and Chairman of the IITPSA Western Cape Chapter, believes the challenge is structural rather than individual.
“Cyber security lacks the co-ordinated talent pipeline seen in mature professions such as healthcare or finance,” says Salmamza. “There are few standardised pathways into the industry, and entry-level expectations are often inconsistent or unrealistic.”
He argues that many organisations approach hiring as a procurement exercise instead of a development responsibility, limiting opportunities for graduates to gain practical experience.
“To address this, industry, educators and policymakers must work together to build structured graduate programmes, clearer career pathways and stronger work-integrated learning opportunities,” he says.
Michael de Jager, Lecturer in the School of Computer Science and Information Systems at North-West University, says the cyber security skills shortage reflects a deeper issue around how “readiness” is defined.
“Cyber security is unusual in claiming a talent shortage while simultaneously making entry difficult,” says De Jager. “Many so-called entry-level roles still require prior experience, certifications and familiarity with enterprise tools. The industry often confuses exposure with potential.”
He notes that cyber security requires judgment, adaptability and decision-making under pressure, which are all capabilities developed through practice rather than classroom theory alone.
“Universities can increase practical learning, but they cannot fully replicate operational environments. Industry must therefore help bridge the gap by redefining what counts as experience and by recognising potential alongside technical exposure,” he says.
The IITPSA SIGCyber experts agree that solving South Africa’s cyber security talent challenge will require closer collaboration between industry, higher education institutions, training providers and policymakers. Without structured pathways for graduates to gain practical experience, the sector risks leaving critical roles unfilled while a generation of aspiring cyber security professionals remains locked out of the industry.
As cyber threats continue to escalate globally, the IITPSA SIGCyber advises that developing sustainable cyber security talent pipelines is a national economic and security imperative.
The IITPSA SIG Cyber Committee will further contribute to important industry conversations and initiatives at the ITWeb Security Summit in Johannesburg next week. Bryan Baxter, an IITPSA SIG Cyber Committee member, will chair a session on the evolving cyber security workforce and how AI is impacting skills, staffing and strategic workforce planning.
Mafuwafuwane, also a member of the IITPSA SIG Cyber Committee, will serve as a judge in the 2026 ITWeb Security Summit Hackathon.
The institute is sponsoring the R10 000 second prize for the Hackathon as part of its ongoing commitment to building South Africa’s digital skills pipeline and encouraging emerging talent to pursue careers in ICT and cyber security.
Share
Editorial contacts